Assiste.Forums

de **phil973** » 03 Mai 2010, 20:50

Bonjour, depuis quelques temps, j'ai un fichier intitulé "launch fr" qui se créé tout seul sur le bureau. Il est vide, il est possible de le supprimer mais il revient sans cesse. Impossible de comprendre qui ou quoi créé ce fichier. J'ai scanné avec Anivir qui ne détecte rien de suspect. Pas mieux avec Malwarebytes, ni SpyBot. J'y comprend rien. Mon PC ne semble souffrir d'aucun symptôme particulier si ce n'est la disparition occasionnelle dans la barre des taches de l'icone "sur courant alternatif" et de l'icone "volume".

Comme demandé dans la démarche, voici le log Malware Bytes que j'ai obtenu :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

02/05/2010 20:19:55
mbam-log-2010-05-02 (20-19-55).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 117303
Temps écoulé: 6 minute(s), 35 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

de **phil973** » 03 Mai 2010, 21:25

Bon j'essaie encore une fois ! Impossible de poster les logs OTL et EXTRAS, j'ai un message "mode du sujet non spécifié".
On va bien voir si celui-ci s'affiche...

de **phil973** » 03 Mai 2010, 21:27

OTL logfile created on: 02/05/2010 20:29:30 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\Philippe\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

445,00 Mb Total Physical Memory | 176,00 Mb Available Physical Memory | 39,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16,43 Gb Total Space | 4,68 Gb Free Space | 28,49% Space Free | Partition Type: FAT32
Drive D: | 16,91 Gb Total Space | 7,82 Gb Free Space | 46,24% Space Free | Partition Type: FAT32
Drive E: | 207,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-79F6FF2248
Current User Name: Philippe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/02 19:34:50 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\OTL.exe
PRC - [2009/07/21 13:34:00 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:47:42 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:12 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/07/09 09:05:20 | 000,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/07/09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2008/04/13 23:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/22 05:53:14 | 000,053,248 | ---- | M] (Alcor Micro, Corp.) -- C:\WINDOWS\system32\DrvMon.exe
PRC - [2004/08/05 05:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe

========== Modules (SafeList) ==========

MOD - [2010/05/02 19:34:50 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\OTL.exe
MOD - [2009/12/15 18:05:36 | 000,397,824 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
MOD - [2009/10/08 00:17:14 | 000,597,504 | ---- | M] (STLport Consulting, Inc.) -- C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll
MOD - [2009/08/13 10:56:14 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2008/07/29 08:05:08 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
MOD - [2008/04/13 23:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/13 15:36:46 | 002,986,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NMSAccessU)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2009/07/21 13:34:00 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:47:42 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/07/09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZONELABS\vsmon.exe -- (vsmon)
SRV - [2008/04/13 23:33:38 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 23:33:28 | 000,036,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/08/09 04:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/08/05 05:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2010/02/11 09:02:16 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/25 11:19:04 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:11:54 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:32:48 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/15 16:36:32 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/02/13 11:34:34 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/07/09 09:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/06/21 04:54:54 | 000,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/02/27 03:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/07/19 15:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2006/08/18 11:10:24 | 000,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320bus.sys -- (K320bus) Sony Ericsson K320 driver (WDM)
DRV - [2006/08/18 11:10:22 | 000,097,056 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mdm.sys -- (K320mdm)
DRV - [2006/08/18 11:10:22 | 000,009,328 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mdfl.sys -- (K320mdfl)
DRV - [2006/08/18 11:10:20 | 000,088,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mgmt.sys -- (K320mgmt) Sony Ericsson K320 USB WMC Device Management Drivers (WDM)
DRV - [2006/08/18 11:10:18 | 000,086,368 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320obex.sys -- (K320obex)
DRV - [2005/08/06 20:34:06 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2005/04/07 18:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/03/01 09:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/02/25 04:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/02/23 23:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/01/10 00:47:14 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/21 10:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/12/15 00:18:34 | 000,200,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWSIS.sys -- (HSFHWSIS)
DRV - [2004/12/15 00:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 00:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/11/05 01:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2004/10/07 23:33:46 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/07/19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2003/12/05 03:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/17 18:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/03/27 14:38:44 | 000,127,145 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2003/03/25 18:02:12 | 000,046,455 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2002/09/20 15:15:42 | 000,472,396 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.gdark.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.gdark.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://fr.gdark.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.gdark.com
IE - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.gdark.com
IE - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Gdark
IE - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://fr.gdark.com/search.php?cx=partn ... e=UTF-8&q={searchTerms}
IE - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.gdark.com
IE - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://fr.gdark.com
IE - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Gdark"
FF - prefs.js..browser.search.defaulturl: "http://fr.gdark.com/search.php?cx=partner-pub-7902900401080901%3Ae94ctf-nqmg&cof=FORID%3A10&ie=UTF-8&q="
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://news.google.fr/"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: {9CCE52B0-5079-4177-9586-1BF6575E62DE}:1.0.0.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.1
FF - prefs.js..keyword.URL: "http://fr.gdark.com/search.php?cx=partner-pub-7902900401080901%3Ae94ctf-nqmg&cof=FORID%3A10&ie=UTF-8&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/09/05 11:00:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/09/05 11:00:42 | 000,000,000 | ---D | M]

[2008/09/05 11:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Extensions
[2008/09/05 11:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\9wued4zz.default\extensions
[2010/01/24 10:27:14 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\9wued4zz.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/02/17 14:14:36 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\9wued4zz.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2009/05/15 22:03:24 | 000,000,000 | ---D | M] (Plugin CanalPlay) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\9wued4zz.default\extensions\{9CCE52B0-5079-4177-9586-1BF6575E62DE}
[2010/02/14 14:13:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\9wued4zz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/11 13:49:24 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\9wued4zz.default\searchplugins\ixquick---francais.xml
[2008/09/05 11:00:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/09/10 08:35:08 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/01/24 10:08:26 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/24 10:08:26 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/24 10:08:26 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/24 10:08:26 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/23 21:27:24 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/04/18 14:32:42 | 000,393,590 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13593 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\..\Toolbar\WebBrowser: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe (Alcor Micro, Corp.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Philippe\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O8 - Extra context menu item: &Point&&Go - C:\Program Files\Fichiers communs\Expert System\PGPlatform\PGPlatform.htm ()
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: canalplay.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: canalplusactive.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\..Trusted Domains: microsoft.com ([dowload.windowsupdate] http in Sites de confiance)
O15 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\..Trusted Domains: microsoft.com ([update] http in Sites de confiance)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 5834755835 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 7498084437 (MUWebControl Class)
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} https://static.impots.gouv.fr/tdir/stat ... DP-1.0.cab (AdVerifierADPCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} https://static.impots.gouv.fr/tdir/stat ... DP-1.1.cab (AdSignerLCContrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.10.246.2 80.10.246.129
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/06 20:34:30 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [1998/02/15 11:18:52 | 000,048,864 | R--- | M] (Developed by Glenn M. Picher, Dirigo Multimedia, 50 Market St., Suite 1A-338, South Portland, ME USA 04106, http://www.maine.com/shops/gpicher, gpicher@maine.com, voice 207-767-8015, fax 207-767-1018) - E:\AutoRun.Exe -- [ CDFS ]
O32 - AutoRun File - [1999/04/20 15:09:40 | 000,000,029 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [1999/08/11 13:47:04 | 000,008,279 | R--- | M] () - E:\AutoRun.INI -- [ CDFS ]
O33 - MountPoints2\{13410599-881f-11dd-8a29-0016ce72a720}\Shell\AutoRun\command - "" = G:\WD_Windows_Tools\Setup.exe -- File not found
O33 - MountPoints2\{2a4f046c-8008-11dc-889e-00163651adce}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{2a4f046c-8008-11dc-889e-00163651adce}\Shell\Shell00\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{2a4f046c-8008-11dc-889e-00163651adce}\Shell\Shell01\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{2a4f046c-8008-11dc-889e-00163651adce}\Shell\Shell02\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{3f7bbe96-d64d-11de-8c1a-00163651adce}\Shell\AutoRun\command - "" = G:\0qw6vege.exe -- File not found
O33 - MountPoints2\{3f7bbe96-d64d-11de-8c1a-00163651adce}\Shell\open\Command - "" = G:\0qw6vege.exe -- File not found
O33 - MountPoints2\{44b32116-5b5f-11dd-89f1-00163651adce}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{67e0b60c-6e90-11db-872f-0016ce72a720}\Shell - "" = AutoRun
O33 - MountPoints2\{67e0b60c-6e90-11db-872f-0016ce72a720}\Shell\AutoRun\command - "" = G:\loader.exe -- File not found
O33 - MountPoints2\{800d504a-dad6-11de-8c21-00163651adce}\Shell\AutoRun\command - "" = F:\q93fi6kf.exe -- File not found
O33 - MountPoints2\{800d504a-dad6-11de-8c21-00163651adce}\Shell\open\Command - "" = F:\q93fi6kf.exe -- File not found
O33 - MountPoints2\{882b5760-04bf-11de-8b04-00163651adce}\Shell\AutoRun\command - "" = F:\wx8o0bt1.com -- File not found
O33 - MountPoints2\{882b5760-04bf-11de-8b04-00163651adce}\Shell\open\Command - "" = F:\wx8o0bt1.com -- File not found
O33 - MountPoints2\{d31f277a-2512-11dd-899c-00163651adce}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O33 - MountPoints2\{fc683cda-b009-11dc-88e2-00163651adce}\Shell\AutoRun\command - "" = WD_Windows_Tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/06 19:57:24 | 000,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/02 19:59:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/02 19:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/02 19:34:42 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\OTL.exe
[2010/05/02 08:25:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Philippe\Recent
[2010/05/01 17:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Bureau\launch fr
[2010/05/01 15:27:39 | 000,000,000 | ---D | C] -- D:\Mes documents\TropMocheHebdo
[2010/05/01 15:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/05/01 14:29:27 | 000,000,000 | ---D | C] -- D:\Mes documents\Téléchargements
[2010/04/29 11:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/04/20 19:47:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/04/18 00:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/15 18:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Akakliké 2
[2010/04/15 18:23:14 | 000,304,128 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\unin040c.exe
[2010/04/15 14:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Application Data\AdobeUM
[2010/04/14 13:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/04/14 12:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2010/04/13 18:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/04/07 21:07:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/04/07 21:05:51 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/04/07 21:05:51 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/04/07 21:05:51 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/04/07 21:05:44 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/04/07 20:57:33 | 000,472,396 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvcm.sys
[2010/04/07 20:57:33 | 000,114,688 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2.dll
[2010/04/07 20:57:33 | 000,090,112 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVComS.exe
[2010/04/07 20:57:33 | 000,081,920 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2RC.dll
[2010/04/07 20:57:33 | 000,069,632 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvcoinst.dll
[2010/04/07 20:57:33 | 000,057,344 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVComC.dll
[2010/04/07 20:57:33 | 000,012,112 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2010/04/07 20:57:32 | 000,172,032 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvcodec2.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/02 20:25:30 | 000,358,382 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/02 19:57:18 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\Philippe\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/05/02 19:56:44 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\NTREGOPT.lnk
[2010/05/02 19:56:44 | 000,000,500 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\ERUNT.lnk
[2010/05/02 19:34:50 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\OTL.exe
[2010/05/02 19:23:22 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\HiJackThis.lnk
[2010/05/02 12:43:56 | 000,023,552 | ---- | M] () -- D:\Mes documents\MascFem.xls
[2010/05/02 08:30:24 | 000,077,440 | ---- | M] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/02 08:15:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/02 08:15:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/02 08:15:12 | 000,310,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/02 00:48:00 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/05/02 00:48:00 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/05/02 00:47:26 | 011,010,048 | ---- | M] () -- C:\Documents and Settings\Philippe\ntuser.dat
[2010/05/02 00:47:26 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Philippe\ntuser.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 13:11:22 | 000,000,204 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[2010/04/27 19:03:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/27 17:44:38 | 000,000,500 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Opera.lnk
[2010/04/24 13:13:18 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\Microsoft Office Word 2003.lnk
[2010/04/20 19:47:40 | 000,409,036 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/04/20 19:47:38 | 000,347,346 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/20 19:47:38 | 000,067,314 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/04/20 19:47:38 | 000,054,748 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/20 19:21:22 | 001,068,688 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/18 00:20:48 | 000,007,357 | ---- | M] () -- D:\Mes documents\hijackthis1
[2010/04/16 16:42:06 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/16 13:46:16 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\Revo Uninstaller.lnk
[2010/04/15 18:23:46 | 000,000,047 | ---- | M] () -- C:\WINDOWS\AKA2.INI
[2010/04/15 18:23:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PROTOCOL.INI
[2010/04/14 12:30:32 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Wise Registry Cleaner.lnk
[2010/04/12 18:23:02 | 000,449,169 | ---- | M] () -- D:\Mes documents\img001.jpg
[2010/04/08 09:56:54 | 000,000,810 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/08 09:56:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/08 09:56:54 | 000,000,215 | -HS- | M] () -- C:\boot.ini
[2010/04/07 21:09:28 | 000,000,241 | ---- | M] () -- C:\WINDOWS\QSync.INI
[2010/04/07 20:58:22 | 000,000,816 | ---- | M] () -- C:\WINDOWS\_delis32.ini
[2010/04/06 19:26:44 | 000,013,824 | ---- | M] () -- D:\Mes documents\Cours Sébastien.xls
[2010/04/03 17:39:12 | 000,001,538 | ---- | M] () -- C:\WINDOWS\CORDIAL.INI
[2010/04/03 15:48:04 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\CCleaner.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/02 19:57:17 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\Philippe\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/05/02 19:56:42 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\NTREGOPT.lnk
[2010/05/02 19:56:42 | 000,000,500 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\ERUNT.lnk
[2010/05/02 12:43:54 | 000,023,552 | ---- | C] () -- D:\Mes documents\MascFem.xls
[2010/04/18 00:16:49 | 000,007,357 | ---- | C] () -- D:\Mes documents\hijackthis1
[2010/04/18 00:00:36 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\HiJackThis.lnk
[2010/04/16 13:47:41 | 011,010,048 | ---- | C] () -- C:\Documents and Settings\Philippe\ntuser.dat
[2010/04/15 18:23:44 | 000,000,047 | ---- | C] () -- C:\WINDOWS\AKA2.INI
[2010/04/15 18:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2010/04/14 13:53:49 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\Revo Uninstaller.lnk
[2010/04/14 12:30:31 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Wise Registry Cleaner.lnk
[2010/04/12 18:23:01 | 000,449,169 | ---- | C] () -- D:\Mes documents\img001.jpg
[2010/04/07 20:57:33 | 000,010,628 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/04/07 20:56:25 | 000,000,816 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/04/06 19:26:43 | 000,013,824 | ---- | C] () -- D:\Mes documents\Cours Sébastien.xls
[2010/01/20 19:42:02 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/03/15 16:20:38 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/01/10 19:25:51 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc040c.dll
[2009/01/10 19:25:51 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc040c.dll
[2009/01/10 19:25:13 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/12/10 22:57:51 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/12/04 15:40:59 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2008/05/29 18:33:13 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/05/29 18:33:13 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/05/29 18:33:13 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/02/21 16:17:56 | 000,000,673 | ---- | C] () -- C:\WINDOWS\ChkMail.Ini
[2008/01/24 16:50:57 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/11/28 14:28:47 | 000,000,036 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2007/07/04 15:58:00 | 000,001,675 | ---- | C] () -- C:\WINDOWS\MPW.INI
[2007/02/24 09:28:29 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/12/24 13:38:53 | 000,000,091 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/11 23:08:16 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/17 21:52:13 | 000,000,068 | ---- | C] () -- C:\WINDOWS\FenetreCordialDsWord.INI
[2006/10/02 22:15:47 | 000,001,538 | ---- | C] () -- C:\WINDOWS\CORDIAL.INI
[2006/10/02 22:14:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HOOKMOD.DLL
[2006/10/02 22:14:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\KAPKEY.DLL
[2006/09/11 14:09:59 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/09/07 21:19:24 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/03 10:52:54 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/27 04:19:11 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2006/08/27 02:34:29 | 000,009,117 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2006/08/27 00:10:32 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2006/08/27 00:10:32 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2006/08/27 00:10:27 | 000,000,342 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2006/08/27 00:10:26 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2006/08/27 00:10:25 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2006/08/14 03:25:44 | 000,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/07/12 22:06:33 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2006/05/31 19:48:01 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2005/12/01 00:24:56 | 000,037,754 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/09 08:54:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/09 08:51:42 | 000,000,319 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2005/08/09 08:51:42 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/08/06 20:34:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/08/06 20:34:08 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/08/06 20:34:08 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/08/06 20:34:08 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/08/06 20:34:08 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/08/06 20:16:04 | 000,100,873 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/03/28 00:45:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2005/03/03 23:51:52 | 000,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/09/06 23:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/07/07 03:00:00 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[2001/07/05 09:19:12 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2006/08/15 17:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
[2009/01/10 19:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/11/10 11:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Power Soft
[2009/11/10 17:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cadsoft
[2009/12/14 20:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/12/14 20:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/01/20 19:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/01/20 19:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2006/08/18 00:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\MSNInstaller
[2006/09/11 14:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\EPSON
[2007/02/26 18:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Image Zone Express
[2007/12/21 14:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\LaCie
[2007/12/30 12:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\.purple
[2008/01/29 19:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\DeepBurner
[2008/07/27 00:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\M-Audio
[2009/01/26 21:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\OpenOffice.org
[2009/03/15 16:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Samsung
[2009/11/10 11:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\BOM
[2010/01/03 13:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Opera

========== Purity Check ==========

========== Custom Scans ==========

<SYSTEMDRIVE>

<MD5>
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2008/05/13 14:49:30 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/05/13 14:49:30 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 15:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 15:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

<MD5>
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2008/05/13 14:49:30 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/05/13 14:49:30 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

<MD5>
[2008/04/13 23:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 23:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2008/04/13 23:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 23:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

<MD5>
[2008/04/13 23:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 23:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

<systemroot>

<systemroot>
[2008/04/13 23:33:22 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

<systemroot>
<End>

de **phil973** » 03 Mai 2010, 21:28

OTL Extras logfile created on: 02/05/2010 20:29:30 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\Philippe\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

445,00 Mb Total Physical Memory | 176,00 Mb Available Physical Memory | 39,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16,43 Gb Total Space | 4,68 Gb Free Space | 28,49% Space Free | Partition Type: FAT32
Drive D: | 16,91 Gb Total Space | 7,82 Gb Free Space | 46,24% Space Free | Partition Type: FAT32
Drive E: | 207,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-79F6FF2248
Current User Name: Philippe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hta [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1992943972-660427693-1025384643-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Groupement homologue Windows
"3540:UDP" = 3540:UDP:*:Enabled:Protocole PNRP (Peer Name Resolution Protocol)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3587:TCP" = 3587:TCP:*:Enabled:Groupement homologue Windows
"3540:UDP" = 3540:UDP:*:Enabled:Protocole PNRP (Peer Name Resolution Protocol)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0B1C0E32-0589-49BE-AFEE-6888ED4A4FF4}" = Analyseur XML Microsoft
"{0FC65BD2-FB46-4E89-AEB9-C5CB53E4BC1F}_is1" = JkDefrag 3.26 Fr
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27555031-A116-4EC6-9991-7B400142A936}" = HP PSC & OfficeJet 6.1.A
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{4D8E6D94-7E0A-4314-8D32-EF79431F1C7C}" = Synapse Update
"{4EE2EF4B-25D3-4D44-8384-A2B96F811F55}" = OpenOffice.org 3.2
"{563B0284-EAB1-459e-93E0-6BAEBC9AB74C}_is1" = Expert System Point&Go Platform
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{98AD61BF-A229-411A-8723-B5E7F72D725C}" = Opera 10.52
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A9F7E72D-16D3-40ED-B7D4-886CDCEFC225}" = Synapse Développement - Diagnostic 11 pour Cordial
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Akakliké 2" = Akakliké 2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CNXT_MODEM_PCI_VEN_1039&DEV_7013&SUBSYS_00821025" = SoftV90 Data Fax Modem with SmartCP
"Cordial11" = Cordial 2005, correcteur et analyseur de la langue française
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"GoogleVideoPlayer" = Google Video Player
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"jv16 PowerTools_is1" = jv16 PowerTools 1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"myHouse v9" = myHouse v9
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PrestoNotes" = PrestoNotes
"QuicktimeAlt_is1" = QuickTime Alternative 1.74
"Revo Uninstaller" = Revo Uninstaller 1.87
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.21
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/04/2010 05:06:15 | Computer Name = ACER-79F6FF2248 | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.

Error - 30/04/2010 05:06:33 | Computer Name = ACER-79F6FF2248 | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.

Error - 01/05/2010 06:03:00 | Computer Name = ACER-79F6FF2248 | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.

Error - 02/05/2010 07:15:56 | Computer Name = ACER-79F6FF2248 | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.

Error - 02/05/2010 19:03:55 | Computer Name = ACER-79F6FF2248 | Source = MsiInstaller | ID = 11706
Description = Product: Scan -- Error 1706.No valid source could be found for product
Scan. The Windows Installer cannot continue.

Error - 02/05/2010 19:03:59 | Computer Name = ACER-79F6FF2248 | Source = MsiInstaller | ID = 11706
Description = Product: Scan -- Error 1706.No valid source could be found for product
Scan. The Windows Installer cannot continue.

Error - 02/05/2010 19:12:01 | Computer Name = ACER-79F6FF2248 | Source = MsiInstaller | ID = 11706
Description = Product: Scan -- Error 1706.No valid source could be found for product
Scan. The Windows Installer cannot continue.

Error - 02/05/2010 19:12:06 | Computer Name = ACER-79F6FF2248 | Source = MsiInstaller | ID = 11303
Description = Product: Scan -- Error 1303.The installer has insufficient privileges
to access this directory: C:\Program Files\Hewlett-Packard. The installation cannot
continue. Log on as an administrator or contact your system administrator.

Error - 02/05/2010 19:13:00 | Computer Name = ACER-79F6FF2248 | Source = MsiInstaller | ID = 11303
Description = Product: Scan -- Error 1303.The installer has insufficient privileges
to access this directory: C:\Program Files\Hewlett-Packard. The installation cannot
continue. Log on as an administrator or contact your system administrator.

Error - 02/05/2010 19:13:05 | Computer Name = ACER-79F6FF2248 | Source = MsiInstaller | ID = 11303
Description = Product: Scan -- Error 1303.The installer has insufficient privileges
to access this directory: C:\Program Files\Hewlett-Packard. The installation cannot
continue. Log on as an administrator or contact your system administrator.

[ System Events ]
Error - 02/05/2010 19:37:36 | Computer Name = ACER-79F6FF2248 | Source = Service Control Manager | ID = 7001
Description = Le service Gestionnaire de connexions d'accès distant dépend du service
Téléphonie qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 02/05/2010 19:38:16 | Computer Name = ACER-79F6FF2248 | Source = Service Control Manager | ID = 7001
Description = Le service Gestionnaire de connexions d'accès distant dépend du service
Téléphonie qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 02/05/2010 19:38:56 | Computer Name = ACER-79F6FF2248 | Source = Service Control Manager | ID = 7001
Description = Le service Gestionnaire de connexions d'accès distant dépend du service
Téléphonie qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 02/05/2010 19:39:36 | Computer Name = ACER-79F6FF2248 | Source = Service Control Manager | ID = 7001
Description = Le service Gestionnaire de connexions d'accès distant dépend du service
Téléphonie qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 02/05/2010 19:40:16 | Computer Name = ACER-79F6FF2248 | Source = Service Control Manager | ID = 7001
Description = Le service Gestionnaire de connexions d'accès distant dépend du service
Téléphonie qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 02/05/2010 19:40:56 | Computer Name = ACER-79F6FF2248 | Source = Service Control Manager | ID = 7001
Description = Le service Gestionnaire de connexions d'accès distant dépend du service
Téléphonie qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 02/05/2010 19:41:36 | Computer Name = ACER-79F6FF2248 | Source = Service Control Manager | ID = 7001
Description = Le service Gestionnaire de connexions d'accès distant dépend du service
Téléphonie qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 02/05/2010 19:42:16 | Computer Name = ACER-79F6FF2248 | Source = Service Control Manager | ID = 7001
Description = Le service Gestionnaire de connexions d'accès distant dépend du service
Téléphonie qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 02/05/2010 19:42:56 | Computer Name = ACER-79F6FF2248 | Source = Service Control Manager | ID = 7001
Description = Le service Gestionnaire de connexions d'accès distant dépend du service
Téléphonie qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 02/05/2010 19:43:36 | Computer Name = ACER-79F6FF2248 | Source = Service Control Manager | ID = 7001
Description = Le service Gestionnaire de connexions d'accès distant dépend du service
Téléphonie qui n'a pas pu démarrer en raison de l'erreur : %%1058

<End>

de **phil973** » 08 Mai 2010, 14:07

Alors, personne pour me dire de quoi il peut s'agir ???

de **nickW** » 08 Mai 2010, 23:05

Bonsoir,

Primo
A propos de ta signature:
Peux-tu ouvrir un nouveau sujet nommé phil973 dans le sous-forum Mes configs
Y recopier ce qui se trouve en ce moment dans ta signature.
Je corrigerai le reste.

Secundo
Deux pistes à étudier:

1/ L'Observateur d'événements fait part de problèmes d'installation d'un logiciel HP (Product: Scan).

2/ Il y a une trace de Kaspersky qui est active (klif.sys)

Tertio
Pourrais-tu mettre le "Type de démarrage" du service "Gestionnaire de connexions d'accès distant" sur "Manuel"?

Quarto
Nettoyage des points de montage:

Étape 1: OTL (de OldTimer), préparation de la correction
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner: rien :otl O33 - MountPoints2\{13410599-881f-11dd-8a29-0016ce72a720}\Shell\AutoRun\command - "" = G:\WD_Windows_Tools\Setup.exe -- File not found O33 - MountPoints2\{2a4f046c-8008-11dc-889e-00163651adce}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{2a4f046c-8008-11dc-889e-00163651adce}\Shell\Shell00\Command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{2a4f046c-8008-11dc-889e-00163651adce}\Shell\Shell01\Command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{2a4f046c-8008-11dc-889e-00163651adce}\Shell\Shell02\Command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{3f7bbe96-d64d-11de-8c1a-00163651adce}\Shell\AutoRun\command - "" = G:\0qw6vege.exe -- File not found O33 - MountPoints2\{3f7bbe96-d64d-11de-8c1a-00163651adce}\Shell\open\Command - "" = G:\0qw6vege.exe -- File not found O33 - MountPoints2\{44b32116-5b5f-11dd-89f1-00163651adce}\Shell\Auto\command - "" = AdobeR.exe e O33 - MountPoints2\{67e0b60c-6e90-11db-872f-0016ce72a720}\Shell - "" = AutoRun O33 - MountPoints2\{67e0b60c-6e90-11db-872f-0016ce72a720}\Shell\AutoRun\command - "" = G:\loader.exe -- File not found O33 - MountPoints2\{800d504a-dad6-11de-8c21-00163651adce}\Shell\AutoRun\command - "" = F:\q93fi6kf.exe -- File not found O33 - MountPoints2\{800d504a-dad6-11de-8c21-00163651adce}\Shell\open\Command - "" = F:\q93fi6kf.exe -- File not found O33 - MountPoints2\{882b5760-04bf-11de-8b04-00163651adce}\Shell\AutoRun\command - "" = F:\wx8o0bt1.com -- File not found O33 - MountPoints2\{882b5760-04bf-11de-8b04-00163651adce}\Shell\open\Command - "" = F:\wx8o0bt1.com -- File not found :Commands [emptytemp]

Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: phil973.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.

Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.

Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"

Étape 3: OTL (de OldTimer), correction

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:

Cliquer sur le bouton Correction:

Il y a ouverture d'une petite fenêtre "OTL":

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation"

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction:

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.

Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.

Étape 5: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:

Cliquer sur le bouton Analyse rapide:

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.

Étape 6: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"

pour continuer dans ce fil de discussion.

A suivre,

de **phil973** » 19 Mai 2010, 17:49

All processes killed
Error: Unable to interpret <rien> in the current context!
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13410599-881f-11dd-8a29-0016ce72a720}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13410599-881f-11dd-8a29-0016ce72a720}\ not found.
File G:\WD_Windows_Tools\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4f046c-8008-11dc-889e-00163651adce}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4f046c-8008-11dc-889e-00163651adce}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4f046c-8008-11dc-889e-00163651adce}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4f046c-8008-11dc-889e-00163651adce}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4f046c-8008-11dc-889e-00163651adce}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4f046c-8008-11dc-889e-00163651adce}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4f046c-8008-11dc-889e-00163651adce}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4f046c-8008-11dc-889e-00163651adce}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f7bbe96-d64d-11de-8c1a-00163651adce}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f7bbe96-d64d-11de-8c1a-00163651adce}\ not found.
File G:\0qw6vege.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f7bbe96-d64d-11de-8c1a-00163651adce}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f7bbe96-d64d-11de-8c1a-00163651adce}\ not found.
File G:\0qw6vege.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44b32116-5b5f-11dd-89f1-00163651adce}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44b32116-5b5f-11dd-89f1-00163651adce}\ not found.
File AdobeR.exe e not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67e0b60c-6e90-11db-872f-0016ce72a720}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67e0b60c-6e90-11db-872f-0016ce72a720}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67e0b60c-6e90-11db-872f-0016ce72a720}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67e0b60c-6e90-11db-872f-0016ce72a720}\ not found.
File G:\loader.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{800d504a-dad6-11de-8c21-00163651adce}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{800d504a-dad6-11de-8c21-00163651adce}\ not found.
File F:\q93fi6kf.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{800d504a-dad6-11de-8c21-00163651adce}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{800d504a-dad6-11de-8c21-00163651adce}\ not found.
File F:\q93fi6kf.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{882b5760-04bf-11de-8b04-00163651adce}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{882b5760-04bf-11de-8b04-00163651adce}\ not found.
File F:\wx8o0bt1.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{882b5760-04bf-11de-8b04-00163651adce}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{882b5760-04bf-11de-8b04-00163651adce}\ not found.
File F:\wx8o0bt1.com not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->Java cache emptied: 13425519 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: LocalService
->Temp folder emptied: 547 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: Philippe
->Temp folder emptied: 147284 bytes
->Temporary Internet Files folder emptied: 106213 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29900148 bytes
->Flash cache emptied: 1886493 bytes

User: Administrateur
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 11528559 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 767 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23928172 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 402 bytes
RecycleBin emptied: 87182 bytes

Total Files Cleaned = 77,00 mb

OTL by OldTimer - Version 3.2.4.1 log created on 05192010_131141

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\ZLT06df8.TMP not found!
File\Folder C:\WINDOWS\temp\ZLT06dfc.TMP not found!

Registry entries deleted on Reboot...

de **phil973** » 19 Mai 2010, 17:59

OTL logfile created on: 19/05/2010 13:20:08 - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Philippe\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

445,00 Mb Total Physical Memory | 234,00 Mb Available Physical Memory | 53,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16,43 Gb Total Space | 4,46 Gb Free Space | 27,15% Space Free | Partition Type: FAT32
Drive D: | 16,91 Gb Total Space | 7,74 Gb Free Space | 45,77% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-79F6FF2248
Current User Name: Philippe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/19 12:52:10 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\OTL.exe
PRC - [2009/07/21 13:34:00 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:47:42 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:12 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/07/09 09:05:20 | 000,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/07/09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2008/04/13 23:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 04:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/09/22 05:53:14 | 000,053,248 | ---- | M] (Alcor Micro, Corp.) -- C:\WINDOWS\system32\DrvMon.exe
PRC - [2004/08/05 05:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe

========== Modules (SafeList) ==========

MOD - [2010/05/19 12:52:10 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\OTL.exe
MOD - [2008/04/13 23:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NMSAccessU)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2009/07/21 13:34:00 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:47:42 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/07/09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZONELABS\vsmon.exe -- (vsmon)
SRV - [2008/04/13 23:33:38 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 23:33:28 | 000,036,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/08/09 04:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/08/05 05:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2010/02/11 09:02:16 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/25 11:19:04 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:11:54 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:32:48 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/15 16:36:32 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/02/13 11:34:34 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/07/09 09:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/06/21 04:54:54 | 000,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/02/27 03:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/07/19 15:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2006/08/18 11:10:24 | 000,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320bus.sys -- (K320bus) Sony Ericsson K320 driver (WDM)
DRV - [2006/08/18 11:10:22 | 000,097,056 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mdm.sys -- (K320mdm)
DRV - [2006/08/18 11:10:22 | 000,009,328 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mdfl.sys -- (K320mdfl)
DRV - [2006/08/18 11:10:20 | 000,088,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mgmt.sys -- (K320mgmt) Sony Ericsson K320 USB WMC Device Management Drivers (WDM)
DRV - [2006/08/18 11:10:18 | 000,086,368 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320obex.sys -- (K320obex)
DRV - [2005/08/06 20:34:06 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2005/04/07 18:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/03/01 09:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/02/25 04:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/02/23 23:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/01/10 00:47:14 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/21 10:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/12/15 00:18:34 | 000,200,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWSIS.sys -- (HSFHWSIS)
DRV - [2004/12/15 00:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 00:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/11/05 01:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2004/10/07 23:33:46 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/07/19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2003/12/05 03:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/17 18:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/03/27 14:38:44 | 000,127,145 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2003/03/25 18:02:12 | 000,046,455 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2002/09/20 15:15:42 | 000,472,396 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.gdark.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.gdark.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://fr.gdark.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.gdark.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.gdark.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Gdark
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://fr.gdark.com/search.php?cx=partn ... e=UTF-8&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.gdark.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://fr.gdark.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Gdark"
FF - prefs.js..browser.search.defaulturl: "http://fr.gdark.com/search.php?cx=partner-pub-7902900401080901%3Ae94ctf-nqmg&cof=FORID%3A10&ie=UTF-8&q="
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://news.google.fr/"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: {9CCE52B0-5079-4177-9586-1BF6575E62DE}:1.0.0.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.1
FF - prefs.js..keyword.URL: "http://fr.gdark.com/search.php?cx=partner-pub-7902900401080901%3Ae94ctf-nqmg&cof=FORID%3A10&ie=UTF-8&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/09/05 11:00:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/09/05 11:00:42 | 000,000,000 | ---D | M]

[2008/09/05 11:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Extensions
[2008/09/05 11:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\9wued4zz.default\extensions
[2010/01/24 10:27:14 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\9wued4zz.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/02/17 14:14:36 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\9wued4zz.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2009/05/15 22:03:24 | 000,000,000 | ---D | M] (Plugin CanalPlay) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\9wued4zz.default\extensions\{9CCE52B0-5079-4177-9586-1BF6575E62DE}
[2010/02/14 14:13:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\9wued4zz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/11 13:49:24 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\9wued4zz.default\searchplugins\ixquick---francais.xml
[2008/09/05 11:00:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/09/10 08:35:08 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/01/24 10:08:26 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/24 10:08:26 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/24 10:08:26 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/24 10:08:26 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/23 21:27:24 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/04/18 14:32:42 | 000,393,590 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13593 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe (Alcor Micro, Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O8 - Extra context menu item: &Point&&Go - C:\Program Files\Fichiers communs\Expert System\PGPlatform\PGPlatform.htm ()
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: canalplay.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: canalplusactive.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([dowload.windowsupdate] http in Sites de confiance)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Sites de confiance)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 5834755835 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 7498084437 (MUWebControl Class)
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} https://static.impots.gouv.fr/tdir/stat ... DP-1.0.cab (AdVerifierADPCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} https://static.impots.gouv.fr/tdir/stat ... DP-1.1.cab (AdSignerLCContrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.10.246.2 80.10.246.129
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/06 20:34:30 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{d31f277a-2512-11dd-899c-00163651adce}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O33 - MountPoints2\{fc683cda-b009-11dc-88e2-00163651adce}\Shell\AutoRun\command - "" = WD_Windows_Tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/19 13:11:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/19 12:52:01 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\OTL.exe
[2010/05/19 08:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Bureau\launch fr
[2010/05/17 00:23:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Philippe\Recent
[2010/05/10 18:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mindscape
[2010/05/02 19:59:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/01 15:27:39 | 000,000,000 | ---D | C] -- D:\Mes documents\TropMocheHebdo
[2010/05/01 15:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/04/29 11:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/04/20 19:47:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/04/18 00:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/15 18:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Akakliké 2
[2010/04/15 18:23:14 | 000,304,128 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\unin040c.exe
[2010/04/15 14:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Application Data\AdobeUM
[2010/04/14 13:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/04/14 12:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2010/04/13 18:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/03/29 23:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Application Data\Help
[2010/03/29 22:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/03/29 22:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/20 15:10:58 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2010/03/20 13:06:38 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[2010/03/10 13:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2010/03/04 11:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Local Settings\Application Data\Temp
[2010/02/21 19:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Bureau\photos helene
[2010/02/19 00:05:06 | 000,000,000 | ---D | C] -- D:\Mes documents\Billet Maman

========== Files - Modified Within 90 Days ==========

[2010/05/19 13:15:06 | 000,358,382 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/19 13:14:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/19 13:14:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/19 13:12:42 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/05/19 13:12:42 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/05/19 13:12:14 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\Philippe\ntuser.dat
[2010/05/19 13:12:14 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Philippe\ntuser.ini
[2010/05/19 12:52:10 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\OTL.exe
[2010/05/17 23:10:06 | 004,793,900 | -H-- | M] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\IconCache.db
[2010/05/11 16:33:28 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\HiJackThis.lnk
[2010/05/10 18:45:16 | 000,001,088 | ---- | M] () -- C:\WINDOWS\_delis32.ini
[2010/05/10 18:44:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SETUP32.INI
[2010/05/07 06:51:04 | 000,887,668 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/07 06:51:04 | 000,409,274 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/05/07 06:51:04 | 000,347,544 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/07 06:51:04 | 000,067,512 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/05/07 06:51:04 | 000,054,946 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/02 08:30:24 | 000,077,440 | ---- | M] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/02 08:15:12 | 000,310,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 13:11:22 | 000,000,204 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[2010/04/27 19:03:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/27 17:44:38 | 000,000,500 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Opera.lnk
[2010/04/24 13:13:18 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\Microsoft Office Word 2003.lnk
[2010/04/18 00:20:48 | 000,007,357 | ---- | M] () -- D:\Mes documents\hijackthis1
[2010/04/16 16:42:06 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/16 13:46:16 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\Revo Uninstaller.lnk
[2010/04/15 18:23:46 | 000,000,047 | ---- | M] () -- C:\WINDOWS\AKA2.INI
[2010/04/15 18:23:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PROTOCOL.INI
[2010/04/14 12:30:32 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Wise Registry Cleaner.lnk
[2010/04/08 09:56:54 | 000,000,810 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/08 09:56:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/08 09:56:54 | 000,000,215 | -HS- | M] () -- C:\boot.ini
[2010/04/07 21:09:28 | 000,000,241 | ---- | M] () -- C:\WINDOWS\QSync.INI
[2010/04/06 19:26:44 | 000,013,824 | ---- | M] () -- D:\Mes documents\Cours Sébastien.xls
[2010/04/03 17:39:12 | 000,001,538 | ---- | M] () -- C:\WINDOWS\CORDIAL.INI
[2010/04/03 15:48:04 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\CCleaner.lnk
[2010/03/29 23:45:52 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1992943972-660427693-1025384643-1005Core1cac7706fe3af1c.job
[2010/03/29 23:42:16 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/29 22:59:32 | 000,000,095 | ---- | M] () -- C:\Documents and Settings\Philippe\default.pls
[2010/03/29 22:37:54 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.2.lnk
[2010/03/10 15:33:04 | 000,000,573 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\EPSON Scan.lnk
[2010/03/10 13:20:40 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\EPSON File Manager.lnk

========== Files Created - No Company Name ==========

[2010/05/10 18:45:48 | 000,190,976 | ---- | C] () -- C:\WINDOWS\RRKW.POL
[2010/05/10 18:44:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/04/18 00:16:49 | 000,007,357 | ---- | C] () -- D:\Mes documents\hijackthis1
[2010/04/18 00:00:36 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\HiJackThis.lnk
[2010/04/16 13:47:41 | 011,272,192 | ---- | C] () -- C:\Documents and Settings\Philippe\ntuser.dat
[2010/04/15 18:23:44 | 000,000,047 | ---- | C] () -- C:\WINDOWS\AKA2.INI
[2010/04/15 18:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2010/04/14 13:53:49 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\Revo Uninstaller.lnk
[2010/04/14 12:30:31 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Wise Registry Cleaner.lnk
[2010/04/07 20:57:33 | 000,010,628 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/04/07 20:56:25 | 000,001,088 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/04/06 19:26:43 | 000,013,824 | ---- | C] () -- D:\Mes documents\Cours Sébastien.xls
[2010/03/29 22:37:52 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.2.lnk
[2010/03/19 11:28:26 | 000,001,106 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1992943972-660427693-1025384643-1005Core1cac7706fe3af1c.job
[2010/03/10 15:33:02 | 000,000,573 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\EPSON Scan.lnk
[2010/03/10 13:20:39 | 000,001,815 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\EPSON File Manager.lnk
[2010/01/20 19:42:02 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/03/15 16:20:38 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/01/10 19:25:51 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc040c.dll
[2009/01/10 19:25:51 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc040c.dll
[2009/01/10 19:25:13 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/12/10 22:57:51 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/12/04 15:40:59 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2008/05/29 18:33:13 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/05/29 18:33:13 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/05/29 18:33:13 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/02/21 16:17:56 | 000,000,673 | ---- | C] () -- C:\WINDOWS\ChkMail.Ini
[2008/01/24 16:50:57 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/11/28 14:28:47 | 000,000,036 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2007/07/04 15:58:00 | 000,001,675 | ---- | C] () -- C:\WINDOWS\MPW.INI
[2007/02/24 09:28:29 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/12/24 13:38:53 | 000,000,091 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/11 23:08:16 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/17 21:52:13 | 000,000,068 | ---- | C] () -- C:\WINDOWS\FenetreCordialDsWord.INI
[2006/10/02 22:15:47 | 000,001,538 | ---- | C] () -- C:\WINDOWS\CORDIAL.INI
[2006/10/02 22:14:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HOOKMOD.DLL
[2006/10/02 22:14:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\KAPKEY.DLL
[2006/09/11 14:09:59 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/09/07 21:19:24 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/03 10:52:54 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/27 04:19:11 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2006/08/27 02:34:29 | 000,009,117 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2006/08/27 00:10:32 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2006/08/27 00:10:32 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2006/08/27 00:10:27 | 000,000,342 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2006/08/27 00:10:26 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2006/08/27 00:10:25 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2006/08/14 03:25:44 | 000,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/07/12 22:06:33 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2006/05/31 19:48:01 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2005/12/01 00:24:56 | 000,037,754 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/09 08:54:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/09 08:51:42 | 000,000,319 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2005/08/09 08:51:42 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/08/06 20:34:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/08/06 20:34:08 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/08/06 20:34:08 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/08/06 20:34:08 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/08/06 20:34:08 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/08/06 20:16:04 | 000,100,873 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/03/28 00:45:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2005/03/03 23:51:52 | 000,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/09/06 23:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/07/07 03:00:00 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[2001/07/05 09:19:12 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2006/08/15 17:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
[2009/01/10 19:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/11/10 11:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Power Soft
[2009/11/10 17:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cadsoft
[2009/12/14 20:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/12/14 20:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/01/20 19:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/01/20 19:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2006/08/18 00:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\MSNInstaller
[2006/09/11 14:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\EPSON
[2007/02/26 18:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Image Zone Express
[2007/12/21 14:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\LaCie
[2007/12/30 12:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\.purple
[2008/01/29 19:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\DeepBurner
[2008/07/27 00:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\M-Audio
[2009/01/26 21:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\OpenOffice.org
[2009/03/15 16:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Samsung
[2009/11/10 11:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\BOM
[2010/01/03 13:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Opera

========== Purity Check ==========

<End>

de **phil973** » 19 Mai 2010, 18:09

Un petit mot plus perso que ces pavés auxquels je ne comprends rien : merci nickW pour toute cette matière grise dépensée. Moi, quand j'essaie de lire ces logs, c'est irrésistible, j'ai les paupières qui deviennent lourdes...
J'ai fait comme tu m'as dit, j'attends de lire ce que tu en penses.
PS : à la suite de la procédure, s'affiche toujours sur le bureau le dossier vide "launch fr", et un petit nouveau "%USERPROFILE%" apparemment vide lui aussi...

MàJ : je corrige : j'ai supprimé le dossier "launch fr" du bureau et il semble ne pas vouloir revenir, mais j'attends parce qu'il met parfois du temps pour réapparaitre. Quant au dossier "%userprofile%", il a disparu tout seul.

MàJ BIS !!! Paf ! revoilou "launch fr" sur mon bureau ! L'est fidèle çuilà !

de **phil973** » 23 Mai 2010, 02:09

Bonsoir nickW,

j'avais rien de spécial à faire alors j'ai imprimé les rapports dont tu t'es servi pour me proposer quelques corrections (que j'ai suivi à la lettre, of course) et j'ai tout lu !! Tranquillement, courageusement, ligne après ligne... Quel boulot !! Bravo pour ta patience et ton dévouement !
Du coup, profane que je suis, j'ai surligné au stabylo des trucs que je reconnaissais vaguement et pour lesquels je me suis posé des questions (si ça se trouve, ton protocole de correction à déjà pris en compte mes questions, mais comme j'y comprends rien, tant pis, je préfère passer pour un c*n et signaler quand même)

j'ai relevé ceci :

Dans le rapport OTL

rubrique Driver Services (SafeList)

DRV - [2008/06/21 04:54:54 | 000,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL) je n'ai plus cet antivirus
DRV - [2007/07/19 15:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) ça, je crois que je l'ai vu dans ton protocole
DRV - [2006/08/18 11:10:24 | 000,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320bus.sys -- (K320bus) Sony Ericsson K320 driver (WDM) je n'ai plus ce téléphone portable

rubrique Firefox

01 - Hosts: 127.0.0.1 www.007guard.com
01 - Hosts: 127.0.0.1 007guard.com
01 - Hosts: 127.0.0.1 008i.com
01 - Hosts: 127.0.0.1 www.008k.com
01 - Hosts: 127.0.0.1 008k.com
01 - Hosts: 127.0.0.1 www.00hq.com
01 - Hosts: 127.0.0.1 00hq.com
01 - Hosts: 127.0.0.1 010402.com
01 - Hosts: 127.0.0.1 www.032439.com
01 - Hosts: 127.0.0.1 032439.com
01 - Hosts: 127.0.0.1 www.100888290cs.com
01 - Hosts: 127.0.0.1 100888290cs.com
01 - Hosts: 127.0.0.1 www.100sexlinks.com
01 - Hosts: 127.0.0.1 100sexlinks.com
01 - Hosts: 127.0.0.1 www.10sek.com
01 - Hosts: 127.0.0.1 10sek.com
01 - Hosts: 127.0.0.1 www.123topsearch.com
01 - Hosts: 127.0.0.1 123topsearch.com
01 - Hosts: 127.0.0.1 www.132.com
01 - Hosts: 127.0.0.1 132.com
01 - Hosts: 127.0.0.1 www.136136.net
01 - Hosts: 127.0.0.1 136136.net
01 - Hosts: 127.0.0.1 www.163ns.com
01 - Hosts: 127.0.0.1 163ns.com je ne sais pas quels sont ces sites, mais j'y ai jamais mis les pieds

03 - HKU\S-1-5-21-1992943972-660427693-1025384643-1005\--\Toolbar\WebBrowser: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program FIles\Yahoo\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) J'ai pas la barre d'outil Yahoo, j'en veux pas, j'aime pas

032 - AutoRun File - [1998/02/15 11:18:52 | 000,048,864 | R--- | M] (Developed by Glenn M. Picher, Dirigo Multimedia, 50 Market St., Suite 1A-338, South Portland, ME USA 04106, http://www.maine.com/shops/gpicher, gpicher@maine.com, voice 207-767-8015, fax 207-767-1018) - E:\AutoRun.Exe -- [CDFS] c'est quoi ce truc ????????????

Voila, y a d'autres petites choses mais c'est trop ch***t à taper, et comme je ne sais pas me servir des boutons Quote, i, u, etc, j'arrête là.

Si c'est un mauvais jour, mes questions vont mal tomber, j'en conviens, j'espère alors que ce sera un bon jour...

@bientôt

Assiste.Forums

[OK] Un fichier vide se créé tout seul sur le bureau

[OK] Un fichier vide se créé tout seul sur le bureau

Qui est en ligne