[OK] Plus d'icones et de barre de taches sur le bureau xp !

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] Plus d'icones et de barre de taches sur le bureau xp !

Messagede richou » 25 Déc 2010, 17:02

Suite à une demande d'entraide dans le forum voici donc les rapports demandés :

OTL Extras logfile created on: 25/12/2010 15:09:31 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Richard\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 571,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195,91 Gb Total Space | 31,88 Gb Free Space | 16,27% Space Free | Partition Type: NTFS

Computer Name: RICHARD | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L ()
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L ()
Drive [find] -- %SystemRoot%\Explorer.exe ()

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"58991:TCP" = 58991:TCP:*:Enabled:Pando
"58991:UDP" = 58991:UDP:*:Enabled:Pando

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"E:\Program Files\IncrediMail\bin\IncMail.exe" = E:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"E:\Program Files\IncrediMail\bin\IMApp.exe" = E:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\Pando Networks\Pando\Pando.exe" = C:\Program Files\Pando Networks\Pando\Pando.exe:*:Enabled:Pando -- (Pando Networks)
"C:\Program Files\IncrediMail\bin\ImLc.exe" = C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImPackr.exe" = C:\Program Files\IncrediMail\bin\ImPackr.exe:*:Enabled:IncrediMail -- ()
"E:\Program Files\IncrediMail\bin\ImpCnt.exe" = E:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"F:\HDD (E)\Program Files\IncrediMail\bin\IncMail.exe" = F:\HDD (E)\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"F:\HDD (E)\Program Files\IncrediMail\bin\ImpCnt.exe" = F:\HDD (E)\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B246DA8-309B-4BFD-B2DE-6CB584CCC3EF}" = BitDefender Internet Security 2009
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1439F7FF-6389-4593-8227-76E7BE4730C9}" = MXAir Tutorial
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}" = Philips SPC 900NC PC Camera
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B8-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42ABF3F2-2C5E-43FA-BBFF-58E4295F23CA}" = Iomega Automatic Backup
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89ACA875-BDB9-443C-B7C7-D74D3BDE8FE2}" = Philips VLounge
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3088CD2-612B-11D3-AF43-00C04F443448}" = Microsoft Works 2000
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}" = Pando
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B53FA0E4-739C-435F-9872-E3032F2E08FC}" = Iomega QuikProtect
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}" = Canon MP450
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"Horaires SNCF_is1" = Programme Horaires V4.86, HIVER VH-151010, ETE VE-070910
"ie8" = Windows Internet Explorer 8
"IncrediMail" = IncrediMail
"InstallShield_{42ABF3F2-2C5E-43FA-BBFF-58E4295F23CA}" = Iomega Automatic Backup
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator 2.0" = Canon MP Navigator 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Neuf_TV_PC" = TV sur PC
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"psvgbucmsqfxehs" = Advanced Performance Platform Cashtitan.
"SFR_Kit" = SFR - Kit de connexion
"TomTom HOME" = TomTom HOME 2.7.5.2014
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

<End>




et voici l'autre :

OTL logfile created on: 25/12/2010 15:09:31 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Richard\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 571,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195,91 Gb Total Space | 31,88 Gb Free Space | 16,27% Space Free | Partition Type: NTFS

Computer Name: RICHARD | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/25 12:42:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Bureau\OTL.exe
PRC - [2010/09/07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/24 15:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/06/24 15:04:06 | 000,247,088 | R--- | M] () -- C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
PRC - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008/04/13 19:34:30 | 000,512,000 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe
PRC - [2005/05/31 14:23:08 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
PRC - [2002/07/31 14:15:18 | 000,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe


========== Modules (SafeList) ==========

MOD - [2010/12/25 12:42:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Bureau\OTL.exe
MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/24 15:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/06/24 15:04:06 | 000,247,088 | R--- | M] () [Auto | Running] -- C:\Program Files\Iomega\QuikProtect\QpMonitor.exe -- (QPCopyEngine)
SRV - [2010/02/14 21:38:32 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/12/07 11:29:25 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2005/05/31 14:23:08 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe -- (btwdins)
SRV - [2002/07/31 14:15:18 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\btserial.sys -- (BTSERIAL)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\bdfndisf.sys -- (Bdfndisf)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2010/12/22 09:13:24 | 000,080,816 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\bdselfpr.sys -- (bdselfpr)
DRV - [2010/09/07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/24 15:04:06 | 000,019,384 | R--- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\QsFsFltr.sys -- (QsFsFltr)
DRV - [2010/05/13 16:02:31 | 000,012,960 | ---- | M] (BITDEFENDER LLC) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\bdrawpr.sys -- (BdRawPr)
DRV - [2010/02/14 21:38:39 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2010/02/14 21:38:32 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/04/13 11:45:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/07 23:08:56 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/25 18:28:00 | 001,240,576 | ---- | M] (Philips Consumer Electronics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrv41.sys -- (camvid40)
DRV - [2005/05/31 14:16:06 | 000,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/05/31 14:13:34 | 001,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/05/31 14:11:18 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/05/31 14:10:32 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/05/31 14:07:56 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2002/07/31 14:15:18 | 000,030,258 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/accueil/adsl.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/11/27 20:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Mozilla\Extensions
[2010/08/14 20:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: ([2010/12/08 14:10:07 | 000,427,463 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14721 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [edzwnnphaajhi] C:\WINDOWS\System32\uhbkafiiojbvg.dll File not found
O4 - HKLM..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\iBackup.exe (Iomega Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [PhiBtn] C:\WINDOWS\system32\drivers\PhiBtn.exe (Philips)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [Pando] C:\Program Files\Pando Networks\Pando\Pando.exe (Pando Networks)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [YRgAcfV] C:\WINDOWS\System32\control.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-F8GF6.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/10 10:24:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f17a94a4-0771-11e0-b1ef-0013d3948aaf}\Shell\AutoRun\command - "" = D:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{f17a94a4-0771-11e0-b1ef-0013d3948aaf}\Shell\menu1\command - "" = D:\pccompanion\Startme.exe -- File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/25 12:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\Unzipped
[2010/12/25 12:46:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/25 12:46:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/25 12:45:55 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Richard\Bureau\mbam-setup.exe
[2010/12/25 12:45:07 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Richard\Bureau\mbam-setup-1.50.1.1100.exe
[2010/12/25 12:42:21 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard\Bureau\OTL.exe
[2010/12/25 10:57:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/12/25 10:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/25 10:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java
[2010/12/25 10:56:21 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/25 10:56:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/25 10:56:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/25 10:56:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/25 10:56:21 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/25 10:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/12/25 10:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\Sun
[2010/12/22 22:49:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Richard\Recent
[2010/12/22 22:41:22 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/12/22 22:41:22 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/12/22 22:41:20 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/12/22 22:41:19 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/12/22 22:41:17 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/12/22 22:41:17 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/12/22 22:41:17 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/12/22 22:41:02 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/12/22 22:41:02 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/12/22 09:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/12/22 09:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\BitDefender
[2010/12/21 19:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/21 19:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/21 13:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\5e1d0000-7bae-4965-bfd0-ddb782ad4eae
[2010/12/21 11:52:20 | 000,012,960 | ---- | C] (BITDEFENDER LLC) -- C:\WINDOWS\System32\drivers\bdrawpr.sys
[2010/12/21 11:50:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/12/21 11:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\ETVycyP9te
[2010/12/18 15:34:47 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2010/12/15 19:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\myBabylon_English
[2010/12/15 19:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/12/15 19:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2010/12/15 10:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\Sony Ericsson
[2010/12/15 10:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/12/15 10:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Sony
[2010/12/15 10:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\My Podcasts
[2010/12/15 10:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\Media Go
[2010/12/15 10:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Sony Shared
[2010/12/15 10:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2010/12/15 10:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/12/15 10:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Apple
[2010/12/15 10:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Apple
[2010/12/15 10:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/12/15 10:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/12/15 10:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Apple Computer
[2010/12/15 10:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\Sony Setup
[2010/12/15 10:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\Sony
[2010/12/15 10:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2010/12/15 09:43:02 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe229.dll
[2010/12/15 09:05:22 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 09:02:21 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/14 20:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Sony Ericsson
[2010/12/14 19:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2010/12/14 19:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2010/12/08 19:11:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B8.TMP
[2010/12/02 04:35:18 | 004,280,320 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010/12/01 15:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\OfferBox
[2010/12/01 15:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\OpenCandy
[2010/12/01 15:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\OpenCandy
[2010/11/27 13:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Mozilla
[2010/11/27 13:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/11/26 15:41:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Opera
[2010/11/26 15:41:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\Opera
[2010/11/26 15:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/25 12:55:03 | 000,005,024 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\erunt-loc_fr.zip
[2010/12/25 12:52:34 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\erunt.zip
[2010/12/25 12:47:47 | 000,709,456 | ---- | M] () -- C:\WINDOWS\is-F8GF6.exe
[2010/12/25 12:47:47 | 000,013,817 | ---- | M] () -- C:\WINDOWS\is-F8GF6.msg
[2010/12/25 12:47:47 | 000,000,399 | ---- | M] () -- C:\WINDOWS\is-F8GF6.lst
[2010/12/25 12:46:36 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/12/25 12:46:08 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Richard\Bureau\mbam-setup.exe
[2010/12/25 12:45:07 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Richard\Bureau\mbam-setup-1.50.1.1100.exe
[2010/12/25 12:42:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Bureau\OTL.exe
[2010/12/25 12:38:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/25 10:56:14 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/25 10:56:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/25 10:56:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/25 10:56:14 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/25 10:56:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/24 21:56:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/22 22:59:39 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/22 22:57:34 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/22 22:41:23 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
[2010/12/22 09:15:00 | 005,423,341 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/12/21 19:34:21 | 000,000,415 | ---- | M] () -- C:\Documents and Settings\Richard\Application Datauser_gensett.xml
[2010/12/21 13:14:46 | 000,000,415 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2010/12/21 11:51:37 | 000,061,215 | ---- | M] () -- C:\WINDOWS\System32\psvgbucmsqfxehs.exe
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 21:26:42 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/19 15:11:59 | 000,000,199 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\Cable HDMI 1.4 15 mètres Image & Son Calvados - leboncoin.fr.url
[2010/12/19 15:09:13 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/18 15:35:05 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/12/17 20:24:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010/12/15 18:52:28 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Richard\Mes documents\Annonce de bienvenue.doc
[2010/12/15 10:53:14 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 10:12:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/15 09:43:02 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe229.dll
[2010/12/14 16:47:15 | 000,000,199 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\Chaussures.url
[2010/12/13 20:28:23 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\Miss France.xls
[2010/12/08 14:10:07 | 000,427,463 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/08 14:09:41 | 000,427,463 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101208-141007.backup
[2010/12/03 11:05:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/12/02 04:35:18 | 004,280,320 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010/12/01 15:09:24 | 000,000,559 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2010/12/01 09:06:42 | 000,172,973 | ---- | M] () -- C:\Documents and Settings\Richard\Mes documents\Tarifs postaux colis.pdf
[2010/12/01 09:04:46 | 000,468,027 | ---- | M] () -- C:\Documents and Settings\Richard\Mes documents\Tarifs postaux.pdf
[2010/11/25 17:10:42 | 000,027,786 | ---- | M] () -- C:\Documents and Settings\Richard\Mes documents\Tarifs Amis Eurostar.pdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/25 12:55:03 | 000,005,024 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\erunt-loc_fr.zip
[2010/12/25 12:52:32 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\erunt.zip
[2010/12/25 12:47:47 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-F8GF6.exe
[2010/12/25 12:47:47 | 000,013,817 | ---- | C] () -- C:\WINDOWS\is-F8GF6.msg
[2010/12/25 12:47:47 | 000,000,399 | ---- | C] () -- C:\WINDOWS\is-F8GF6.lst
[2010/12/25 12:46:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/12/22 22:59:34 | 000,001,943 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/12/22 22:41:23 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
[2010/12/21 19:34:21 | 000,000,415 | ---- | C] () -- C:\Documents and Settings\Richard\Application Datauser_gensett.xml
[2010/12/21 13:14:46 | 000,000,415 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2010/12/21 11:51:40 | 005,423,341 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/12/21 11:50:33 | 000,061,215 | ---- | C] () -- C:\WINDOWS\System32\psvgbucmsqfxehs.exe
[2010/12/15 10:12:15 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/15 09:14:05 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\Cable HDMI 1.4 15 mètres Image & Son Calvados - leboncoin.fr.url
[2010/12/13 20:14:48 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\Miss France.xls
[2010/12/03 11:05:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/12/01 09:06:42 | 000,172,973 | ---- | C] () -- C:\Documents and Settings\Richard\Mes documents\Tarifs postaux colis.pdf
[2010/12/01 09:04:44 | 000,468,027 | ---- | C] () -- C:\Documents and Settings\Richard\Mes documents\Tarifs postaux.pdf
[2010/11/25 17:10:42 | 000,027,786 | ---- | C] () -- C:\Documents and Settings\Richard\Mes documents\Tarifs Amis Eurostar.pdf
[2010/11/19 17:25:51 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2010/10/21 12:06:42 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/17 14:25:17 | 009,594,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/03 11:56:26 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\setup_ldm.iss
[2010/02/12 19:01:56 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\bdfvconp.ini
[2010/01/25 18:56:03 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\fusioncache.dat
[2009/12/07 09:32:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/04 15:05:15 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7I.DLL
[2009/12/04 15:00:57 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/11/25 11:29:40 | 000,308,736 | ---- | C] () -- C:\WINDOWS\System32\fpxlib.dll
[2009/11/25 11:29:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\jpeglib.dll
[2009/11/17 12:41:38 | 000,000,094 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/11/12 20:05:00 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/12 15:40:47 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/11 22:11:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/11/11 21:11:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/11/11 21:11:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2009/08/13 12:05:21 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/31 14:19:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

<MD5>
[2002/08/29 12:17:04 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 12:17:04 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

<MD5>
[2004/08/19 16:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2008/04/13 19:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/19 16:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

<MD5>
[2004/08/19 16:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

<systemroot>

<systemroot>

<systemroot>

========== Files - Unicode (All) ==========
[2010/12/21 13:09:32 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Richard\?????) -- C:\Documents and Settings\Richard\獷楬汢捯污
[2010/12/21 13:09:32 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Richard\?????) -- C:\Documents and Settings\Richard\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DBAC2017

<End>
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede nickW » 26 Déc 2010, 02:10

Bonsoir,

1/ Questions:
As-tu installé puis désinstallé BitDefender 2009?
Peux-tu exécuter MBAM (Malwarebytes' Anti-Malware), analyse seulement?


2/ Vérification de la légitimité d'un fichier:
VirusTotal[/b][/color]
Aller sur le site http://www.virustotal.com/ - Note: Javascript doit être activé ainsi que l'acceptation des cookies du site.

Dans l'onglet Upload a file, cliquer sur le bouton Parcourir
Dans la fenêtre "Envoi du fichier", naviguer jusqu'au dossier C:\WINDOWS\System32, puis sélectionner le fichier control.exe et cliquer sur le bouton Ouvrir

Cliquer sur Send file.

Le fichier est envoyé. Si Virustotal annonce que le fichier a déjà été analysé (affichage de: File already submitted), cliquer sur le bouton Reanalyse

Il est possible que l'analyse soit mise en file d'attente (affichage de: Current status: queued) (si de nombreuses demandes d'analyse sont en cours). Il faut dans ce cas patienter, sans Actualiser la page.

Laisser l'analyse se dérouler (affichage de: Current status: analysing).

Lorsque l'analyse est terminée (affichage de: Current status: finished), cliquer sur Image Compact

Il y a ouverture d'une nouvelle fenêtre du navigateur. Cliquer sur l'onglet BBCode.

Sélectionner toutes les lignes du tableau, faire un clic droit et choisir Copier.

Revenir sur le forum, dans ton sujet, cliquer sur le bouton Répondre, puis faire un clic droit dans la zone de saisie du message et choisir Coller.

Résultats, première partie
Envoyer en réponse:
*- les réponses (2 questions initiales)
*- le résultat de l'analyse de control.exe sur VirusTotal



3/ Premiers nettoyages:

Étape 1: OTL (de OldTimer), préparation de la correction
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Ou via le Gestionnaire de tâches, Fichier ----> Nouvelle tâche (Exécuter), taper notepad.exe puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:otl
O4 - HKLM..\Run: [edzwnnphaajhi] C:\WINDOWS\System32\uhbkafiiojbvg.dll File not found
[2010/12/21 13:09:32 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Richard\?????) -- C:\Documents and Settings\Richard\獷楬汢捯污

:Files
C:\WINDOWS\System32\psvgbucmsqfxehs.exe
C:\WINDOWS\System32\uhbkafiiojbvg.dll

:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: richou.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: SystemLook (de jpshortstuff)
Télécharger SystemLook depuis l'un des deux liens ci-dessous:
http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshor ... emLook.exe
Enregistrer ce fichier sur le Bureau.


Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image avast5!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Gestion des Agents avast!" et désactiver tous les agents de protection


Étape 4: OTL (de OldTimer), correction

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Correction: Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 5: SystemLook (de jpshortstuff)
Faire un double clic sur SystemLook.exe pour lancer l'exécution de l'outil.

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C
Code: Tout sélectionner
:comment

:dir
C:\Program Files\ETVycyP9te /s

:filefind
explorer.exe /md5



Dans la petite fenêtre de SystemLook, faire un clic droit dans la zone blanche et choisir Coller.
Note: les lignes sélectionnées précédemment doivent avoir été recopiées dans la zone blanche de SystemLook - y compris le caractère "deux points" en début de première ligne.

Cliquer sur le bouton Look pour lancer la recherche.

Lorsque l'outil a terminé cette recherche, il y a ouverture d'une fenêtre du Bloc-notes.
Fermer le Bloc-notes.
Fermer SystemLook en cliquant sur le bouton Exit.


Étape 6: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 7: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 8: Résultats, seconde partie
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier %SystemDrive%\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de SystemLook (contenu du fichier SystemLook.txt situé sur le Bureau)

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de tes réponses, il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede richou » 26 Déc 2010, 10:57

Bonjour Nickw,

Merci de bien vouloir m'aider à cette heure !

Ce matin, lorsque j'ai allumé mon pc, toutes les icones et la barre de tache etaient revenues ! alors que je n'ai fait aucune manip comme tu me le demandais.
Je fais quand meme les manips que tu me demandes ce matin et voila le résultat :

oui, j'ai désinstallé bitdefender. En fait, il était périmé depuis le 22 décembre je crois et j'ai voulu en télécharger un (sans payer la licence) et en fait celui que j'ai téléchargé devait etre vérolé alors j'ai tout désinstallé et j'ai mis avast.
Et oui je peux executer mbam.

Là, je suis un peu pommé dans les résultats, je ne retrouve plus le résultat de virus total (à cause du redémarrage).

Voici le résultat de correction otl :
All processes killed
Error: Unable to interpret <rien> in the current context!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\edzwnnphaajhi deleted successfully.
File C:\Documents and Settings\Richard\????? not found.
========== FILES ==========
C:\WINDOWS\System32\psvgbucmsqfxehs.exe moved successfully.
File\Folder C:\WINDOWS\System32\uhbkafiiojbvg.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33438 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 51688 bytes

User: Richard
->Temp folder emptied: 118363027 bytes
->Temporary Internet Files folder emptied: 38871454 bytes
->Java cache emptied: 128080 bytes
->Google Chrome cache emptied: 819568 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3003 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1809317 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 26776952 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 55036 bytes
RecycleBin emptied: 14552217 bytes

Total Files Cleaned = 192,00 mb


OTL by OldTimer - Version 3.2.18.0 log created on 12262010_094605

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\RLVCIBAQ\en+cadre+photo+num%C3%A9rique;seg=NOT-1236864790919;seg=ID-1236864804055;tcat=32653;items=27;sz=728x90;ord=1261305043035;tile=2;um=7;us=11;eb_trk=115554;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\RLVCIBAQ\hoto+num%C3%A9rique;seg=NOT-1236865345251;seg=ID-1236865357188;tcat=32653;items=5;sz=160x600;ord=1261305109777;dcopt=ist;tile=1;um=7;us=11;eb_trk=115567;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\RLVCIBAQ\ken+cadre+photo+num%C3%A9rique;seg=NOT-1236864790919;seg=ID-1236864804055;tcat=32653;items=5;sz=728x90;ord=1261305109777;tile=2;um=7;us=11;eb_trk=115554;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\RLVCIBAQ\oto+num%C3%A9rique;seg=NOT-1236865345251;seg=ID-1236865357188;tcat=32653;items=27;sz=160x600;ord=1261305043035;dcopt=ist;tile=1;um=7;us=11;eb_trk=115567;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\LH0TVQHZ\eywords;kw=sony+d72;seg=NOT-1236865345251;seg=ID-1236865357188;tcat=32653;items=4;sz=160x600;ord=1261305722784;dcopt=ist;tile=1;um=7;us=11;eb_trk=115567;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\LH0TVQHZ\eywords;kw=telefunken+dpf+9331;seg=NOT-1236865345251;seg=ID-1236865357188;items=0;sz=160x600;ord=1261308150580;dcopt=ist;tile=1;um=7;us=11;eb_trk=115567;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\LH0TVQHZ\oto+num%C3%A9rique+telefunken;seg=NOT-1236864790919;seg=ID-1236864804055;tcat=32653;items=27;sz=728x90;ord=1261305803198;tile=2;um=7;us=11;eb_trk=115554;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\LH0TVQHZ\telefunken+dpf+9321;seg=NOT-1236865345251;seg=ID-1236865357188;tcat=32653;items=1;sz=160x600;ord=1261308094121;dcopt=ist;tile=1;um=7;us=11;eb_trk=115567;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\LH0TVQHZ\w=cadre+photo+num%C3%A9rique+telefunken;seg=rtmusersegment-1250870270253;tcat=32653;items=27;sz=728x90;ord=1261305803198;tile=2;um=7;us=11;eb_trk=129344;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\L1E20JVQ\kw=telefunken+cadre+photo+num%C3%A9rique;seg=rtmusersegment-1250870270253;tcat=32653;items=5;sz=728x90;ord=1261305109777;tile=2;um=7;us=11;eb_trk=129344;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\EHV36EIC\eywords;kw=telefunken+dpf+9321;seg=NOT-1236864790919;seg=ID-1236864804055;tcat=32653;items=1;sz=728x90;ord=1261308094121;tile=2;um=7;us=11;eb_trk=115554;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\EHV36EIC\eywords;kw=telefunken+dpf+9321;seg=NOT-1236864790919;seg=ID-1236864804055;tcat=32653;items=2;sz=728x90;ord=1261308158503;tile=2;um=7;us=11;eb_trk=115554;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\EHV36EIC\eywords;kw=telefunken+dpf+9331;seg=NOT-1236865345251;seg=ID-1236865357188;items=0;sz=160x600;ord=1261308138272;dcopt=ist;tile=1;um=7;us=11;eb_trk=115567;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\EHV36EIC\telefunken+dpf+9321;seg=NOT-1236865345251;seg=ID-1236865357188;tcat=32653;items=2;sz=160x600;ord=1261308158503;dcopt=ist;tile=1;um=7;us=11;eb_trk=115567;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\CCNTOF98\egment-1239873697655;seg=rtmusersegment-1240238448647;seg=Alllisters-1255094855718;sz=728x90;ord=1261304589916;dcopt=ist;tile=1;um=7;us=11;eb_trk=114504;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\CCNTOF98\ywords;kw=telefunken+9321cpn84;seg=NOT-1236865345251;seg=ID-1236865357188;items=0;sz=160x600;ord=1261305028519;dcopt=ist;tile=1;um=7;us=11;eb_trk=115567;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\5DBRI6K4\keywords;kw=telefunken+9321cpn84;seg=NOT-1236864790919;seg=ID-1236864804055;items=0;sz=728x90;ord=1261305028519;tile=2;um=7;us=11;eb_trk=115554;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\0LH29H64\keywords;kw=sony+d82;seg=NOT-1236865345251;seg=ID-1236865357188;items=0;sz=160x600;ord=1261305716523;dcopt=ist;tile=1;um=7;us=11;eb_trk=115567;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\0LH29H64\keywords;kw=telefunken+dpf+9331;seg=NOT-1236864790919;seg=ID-1236864804055;items=0;sz=728x90;ord=1261308150580;tile=2;um=7;us=11;eb_trk=115554;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\0LH29H64\oto+num%C3%A9rique+telefunken;seg=NOT-1236864790919;seg=ID-1236864804055;tcat=32653;items=21;sz=728x90;ord=1261305863959;tile=2;um=7;us=11;eb_trk=115554;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\0LH29H64\rique+telefunken;seg=NOT-1236865345251;seg=ID-1236865357188;tcat=32653;items=21;sz=160x600;ord=1261305863959;dcopt=ist;tile=1;um=7;us=11;eb_trk=115567;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\0LH29H64\rique+telefunken;seg=NOT-1236865345251;seg=ID-1236865357188;tcat=32653;items=27;sz=160x600;ord=1261305803198;dcopt=ist;tile=1;um=7;us=11;eb_trk=115567;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\0IF9JKPL\eywords;kw=sony+d72;seg=NOT-1236865345251;seg=ID-1236865357188;tcat=32653;items=4;sz=160x600;ord=1261305699534;dcopt=ist;tile=1;um=7;us=11;eb_trk=115567;pr=22;xp=32;np=22[1].htm not found!
File\Folder C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\0IF9JKPL\keywords;kw=telefunken+dpf+9331;seg=NOT-1236864790919;seg=ID-1236864804055;items=0;sz=728x90;ord=1261308138272;tile=2;um=7;us=11;eb_trk=115554;pr=22;xp=32;np=22[1].htm not found!

Registry entries deleted on Reboot...
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede richou » 26 Déc 2010, 11:08

Et voila la suite :
le rapport otl :
OTL logfile created on: 26/12/2010 10:28:11 - Run 3
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Richard\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 563,00 Mb Available Physical Memory | 55,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195,91 Gb Total Space | 32,10 Gb Free Space | 16,39% Space Free | Partition Type: NTFS

Computer Name: RICHARD | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/25 12:42:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Bureau\OTL.exe
PRC - [2010/09/07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/24 15:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/06/24 15:04:06 | 000,247,088 | R--- | M] () -- C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
PRC - [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2009/11/20 10:17:12 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009/07/20 11:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 11:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008/11/12 19:55:54 | 000,189,824 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
PRC - [2008/04/13 19:34:30 | 000,512,000 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008/04/13 19:34:04 | 001,037,824 | ---- | M] () -- C:\WINDOWS\explorer.exe
PRC - [2007/04/16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/08/25 19:41:44 | 000,155,648 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\PhiBtn.exe
PRC - [2005/05/31 14:23:08 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
PRC - [2002/07/31 14:15:18 | 000,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe


========== Modules (SafeList) ==========

MOD - [2010/12/25 12:42:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Bureau\OTL.exe
MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/20 11:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/12/10 07:38:14 | 000,138,216 | ---- | M] (Babylon Ltd.) -- C:\Program Files\IncrediMail\bin\B4ImApp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/24 15:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/06/24 15:04:06 | 000,247,088 | R--- | M] () [Auto | Running] -- C:\Program Files\Iomega\QuikProtect\QpMonitor.exe -- (QPCopyEngine)
SRV - [2010/02/14 21:38:32 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/12/07 11:29:25 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2005/05/31 14:23:08 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe -- (btwdins)
SRV - [2002/07/31 14:15:18 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\btserial.sys -- (BTSERIAL)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\bdfndisf.sys -- (Bdfndisf)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2010/12/22 09:13:24 | 000,080,816 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\bdselfpr.sys -- (bdselfpr)
DRV - [2010/09/07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/24 15:04:06 | 000,019,384 | R--- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\QsFsFltr.sys -- (QsFsFltr)
DRV - [2010/05/13 16:02:31 | 000,012,960 | ---- | M] (BITDEFENDER LLC) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\bdrawpr.sys -- (BdRawPr)
DRV - [2010/02/14 21:38:39 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2010/02/14 21:38:32 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/04/13 11:45:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/07 23:08:56 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/25 18:28:00 | 001,240,576 | ---- | M] (Philips Consumer Electronics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrv41.sys -- (camvid40)
DRV - [2005/05/31 14:16:06 | 000,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/05/31 14:13:34 | 001,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/05/31 14:11:18 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/05/31 14:10:32 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/05/31 14:07:56 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2002/07/31 14:15:18 | 000,030,258 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/accueil/adsl.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/11/27 20:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Mozilla\Extensions
[2010/08/14 20:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: ([2010/12/08 14:10:07 | 000,427,463 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14721 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\iBackup.exe (Iomega Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [PhiBtn] C:\WINDOWS\system32\drivers\PhiBtn.exe (Philips)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [Pando] C:\Program Files\Pando Networks\Pando\Pando.exe (Pando Networks)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [YRgAcfV] C:\WINDOWS\System32\control.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/10 10:24:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f17a94a4-0771-11e0-b1ef-0013d3948aaf}\Shell\AutoRun\command - "" = D:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{f17a94a4-0771-11e0-b1ef-0013d3948aaf}\Shell\menu1\command - "" = D:\pccompanion\Startme.exe -- File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/26 09:46:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/25 12:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\Unzipped
[2010/12/25 12:46:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/25 12:46:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/25 12:45:55 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Richard\Bureau\mbam-setup.exe
[2010/12/25 12:45:07 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Richard\Bureau\mbam-setup-1.50.1.1100.exe
[2010/12/25 12:42:21 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard\Bureau\OTL.exe
[2010/12/25 10:57:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/12/25 10:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/25 10:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java
[2010/12/25 10:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/12/25 10:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\Sun
[2010/12/22 22:49:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Richard\Recent
[2010/12/22 22:41:22 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/12/22 22:41:22 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/12/22 22:41:20 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/12/22 22:41:19 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/12/22 22:41:17 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/12/22 22:41:17 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/12/22 22:41:17 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/12/22 22:41:02 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/12/22 22:41:02 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/12/22 09:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/12/22 09:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\BitDefender
[2010/12/21 19:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/21 19:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/21 13:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\5e1d0000-7bae-4965-bfd0-ddb782ad4eae
[2010/12/21 11:52:20 | 000,012,960 | ---- | C] (BITDEFENDER LLC) -- C:\WINDOWS\System32\drivers\bdrawpr.sys
[2010/12/21 11:50:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/12/21 11:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\ETVycyP9te
[2010/12/15 19:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\myBabylon_English
[2010/12/15 19:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/12/15 19:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2010/12/15 10:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\Sony Ericsson
[2010/12/15 10:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/12/15 10:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Sony
[2010/12/15 10:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\My Podcasts
[2010/12/15 10:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\Media Go
[2010/12/15 10:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Sony Shared
[2010/12/15 10:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2010/12/15 10:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/12/15 10:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Apple
[2010/12/15 10:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Apple
[2010/12/15 10:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/12/15 10:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/12/15 10:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Apple Computer
[2010/12/15 10:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\Sony Setup
[2010/12/15 10:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\Sony
[2010/12/15 10:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2010/12/15 09:43:02 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe229.dll
[2010/12/14 20:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Sony Ericsson
[2010/12/14 19:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2010/12/14 19:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2010/12/01 15:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\OfferBox
[2010/12/01 15:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\OpenCandy
[2010/12/01 15:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\OpenCandy
[2010/11/27 13:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Mozilla
[2010/11/27 13:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/11/26 15:41:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Opera
[2010/11/26 15:41:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\Opera
[2010/11/26 15:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Opera

========== Files - Modified Within 30 Days ==========

[2010/12/26 09:51:00 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6c3d22e8f18c.job
[2010/12/26 09:47:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/26 09:42:09 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\SystemLook.exe
[2010/12/26 08:57:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/25 12:55:03 | 000,005,024 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\erunt-loc_fr.zip
[2010/12/25 12:52:34 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\erunt.zip
[2010/12/25 12:46:36 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/12/25 12:46:08 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Richard\Bureau\mbam-setup.exe
[2010/12/25 12:45:07 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Richard\Bureau\mbam-setup-1.50.1.1100.exe
[2010/12/25 12:42:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Bureau\OTL.exe
[2010/12/24 21:56:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/22 22:59:39 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/22 22:57:34 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/22 22:41:23 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
[2010/12/22 09:15:00 | 005,423,341 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/12/21 19:34:21 | 000,000,415 | ---- | M] () -- C:\Documents and Settings\Richard\Application Datauser_gensett.xml
[2010/12/21 13:14:46 | 000,000,415 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2010/12/21 10:41:46 | 002,461,696 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\Real winter.pps
[2010/12/21 10:39:04 | 003,196,416 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\MAXIMES-IL.pps
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 21:26:42 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/19 15:11:59 | 000,000,199 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\Cable HDMI 1.4 15 mètres Image & Son Calvados - leboncoin.fr.url
[2010/12/19 15:09:13 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/18 15:35:05 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/12/17 20:24:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010/12/15 18:52:28 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Richard\Mes documents\Annonce de bienvenue.doc
[2010/12/15 10:53:14 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 09:43:02 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe229.dll
[2010/12/14 16:47:15 | 000,000,199 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\Chaussures.url
[2010/12/13 20:28:23 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\Miss France.xls
[2010/12/08 14:10:07 | 000,427,463 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/08 14:09:41 | 000,427,463 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101208-141007.backup
[2010/12/03 11:05:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/12/01 15:09:24 | 000,000,559 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2010/12/01 09:06:42 | 000,172,973 | ---- | M] () -- C:\Documents and Settings\Richard\Mes documents\Tarifs postaux colis.pdf
[2010/12/01 09:04:46 | 000,468,027 | ---- | M] () -- C:\Documents and Settings\Richard\Mes documents\Tarifs postaux.pdf

========== Files Created - No Company Name ==========

[2010/12/26 09:42:09 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\SystemLook.exe
[2010/12/25 19:43:03 | 003,196,416 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\MAXIMES-IL.pps
[2010/12/25 19:42:37 | 002,461,696 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\Real winter.pps
[2010/12/25 12:55:03 | 000,005,024 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\erunt-loc_fr.zip
[2010/12/25 12:52:32 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\erunt.zip
[2010/12/25 12:46:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/12/22 22:59:34 | 000,001,943 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/12/22 22:41:23 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
[2010/12/21 19:34:21 | 000,000,415 | ---- | C] () -- C:\Documents and Settings\Richard\Application Datauser_gensett.xml
[2010/12/21 13:14:46 | 000,000,415 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2010/12/21 11:51:40 | 005,423,341 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/12/15 10:12:15 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/15 09:14:05 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\Cable HDMI 1.4 15 mètres Image & Son Calvados - leboncoin.fr.url
[2010/12/13 20:14:48 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\Miss France.xls
[2010/12/03 11:05:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/12/01 09:06:42 | 000,172,973 | ---- | C] () -- C:\Documents and Settings\Richard\Mes documents\Tarifs postaux colis.pdf
[2010/12/01 09:04:44 | 000,468,027 | ---- | C] () -- C:\Documents and Settings\Richard\Mes documents\Tarifs postaux.pdf
[2010/11/19 17:25:51 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2010/10/21 12:06:42 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/17 14:25:17 | 009,594,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/03 11:56:26 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\setup_ldm.iss
[2010/02/12 19:01:56 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\bdfvconp.ini
[2010/01/25 18:56:03 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\fusioncache.dat
[2009/12/07 09:32:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/04 15:05:15 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7I.DLL
[2009/12/04 15:00:57 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/11/25 11:29:40 | 000,308,736 | ---- | C] () -- C:\WINDOWS\System32\fpxlib.dll
[2009/11/25 11:29:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\jpeglib.dll
[2009/11/17 12:41:38 | 000,000,094 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/11/12 20:05:00 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/12 15:40:47 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/11 22:11:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/11/11 21:11:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/11/11 21:11:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2009/08/13 12:05:21 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/31 14:19:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/12/21 13:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5e1d0000-7bae-4965-bfd0-ddb782ad4eae
[2010/12/21 19:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/22 09:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/12/15 10:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/12/04 15:05:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/11/11 11:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/11/11 11:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010/11/11 19:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/11/14 12:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/09/16 11:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickMediaConverter
[2010/08/31 14:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2010/09/12 10:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/10/21 12:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2010/09/12 10:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/09/12 10:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2009/11/27 09:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/14 21:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/11/23 18:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/22 09:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\BitDefender
[2010/12/22 22:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\BitTorrent
[2009/11/11 22:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Blitware
[2010/12/14 13:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Canon
[2010/09/16 11:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\CocoonSoftware
[2009/12/08 09:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\com.adobe.ExMan
[2010/11/25 12:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\CVitae
[2010/11/25 11:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\freeCompressor
[2010/09/16 10:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\FreeVideoConverter
[2010/11/21 10:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\IObit
[2010/09/12 14:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Iomega Automatic Backup
[2010/03/03 11:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Leadertech
[2010/12/01 15:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\OfferBox
[2010/12/01 15:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\OpenCandy
[2010/11/26 15:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Opera
[2009/12/04 15:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\ScanSoft
[2010/08/29 11:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Software Informer
[2010/12/15 10:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Sony
[2010/12/15 10:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Sony Setup
[2010/08/14 20:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\TomTom
[2010/08/29 10:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Uniblue
[2010/06/03 12:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Windows Search
[2009/11/11 22:01:38 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/12/21 13:09:32 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Richard\?????) -- C:\Documents and Settings\Richard\獷楬汢捯污
[2010/12/21 13:09:32 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Richard\?????) -- C:\Documents and Settings\Richard\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DBAC2017

<End>


voila tu as tout sauf le fameux rapport de virus total que je ne retrouve pas mais tout c'est bien passé dans les manips
A moins que ce soit ca :

SystemLook 04.09.10 by jpshortstuff
Log created at 10:26 on 26/12/2010 by Richard
Administrator - Elevation successful

========== dir ==========

C:\Program Files\ETVycyP9te - Parameters: "/s "

---Files---
None found.

No folders found.

========== filefind ==========

Searching for "explorer.exe /md5 "
No files found.

Searching for " "
No files found.

-= EOF =-

voila je suis désolé, fais de ton mieux et merci.
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede nickW » 27 Déc 2010, 01:57

Bonsoir,

je ne retrouve plus le résultat de virus total (à cause du redémarrage).

C'est bien pour cela que j'avais créé une rubrique Résultats, première partie.
J'aurais dû préciser: à envoyer tout de suite.



Suppression de tous les résidus de BitDefender et nouvelle analyse:

Étape 1: OTL (de OldTimer), préparation de la correction

Supprimer le fichier fix.txt créé précédemment.

Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien
:Processes
explorer.exe
iexplore.exe

:otl
SRV - File not found [Auto | Stopped] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2010/02/14 21:38:32 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\bdfndisf.sys -- (Bdfndisf)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2010/12/22 09:13:24 | 000,080,816 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\bdselfpr.sys -- (bdselfpr)
DRV - [2010/05/13 16:02:31 | 000,012,960 | ---- | M] (BITDEFENDER LLC) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\bdrawpr.sys -- (BdRawPr)
DRV - [2010/02/14 21:38:39 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2010/02/14 21:38:32 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

:Files
C:\Documents and Settings\All Users\Application Data\BitDefender
C:\Documents and Settings\Richard\Application Data\BitDefender
C:\Program Files\Fichiers communs\BitDefender
C:\Program Files\BitDefender
C:\Documents and Settings\Richard\Application Datauser_gensett.xml
C:\WINDOWS\System32\user_gensett.xml

:Commands
[start explorer]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: richou.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: OTL (de OldTimer), préparation de l'analyse

S'il existe, supprimer le fichier scan.txt téléchargé précédemment.

Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
/md5start
control.exe
/md5stop


Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom scan.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.


Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image avast5!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Gestion des Agents avast!" et désactiver tous les agents de protection


Étape 4: OTL (de OldTimer), correction

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Correction: Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction: Image

Note: Un redémarrage est parfois nécessaire. S'il est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 5: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 6: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Tous les utilisateurs: Image

Faire un double clic dans la zone blanche située sous Personnalisation Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier scan.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier scan.txt est ainsi inséré dans le panneau "Personnalisation" Image

Puis cliquer sur le bouton Analyse: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier %SystemDrive%\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede richou » 27 Déc 2010, 10:29

Bjr Nickw,

l'ordinateur fonctionne normalement : il y a la barre des taches et les icones mais avast m'envoie un rappel réguliérement qu'il a bloqué "batimal".
A part ça, j'ai fait tes manips et voici le 1er résultat demandé par contre il y a 2 rapports de corrections otl dont voici (il y en a peut etre deux parce que l'ordinateur n'a pas redémarré alors j'ai relancé otl :

Error: Unable to interpret <rien> in the current context!
========== PROCESSES ==========
Process explorer.exe killed successfully!
No active process named iexplore.exe was found!
========== OTL ==========
Service VSSERV stopped successfully!
Service VSSERV deleted successfully!
File C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe not found.
Service LIVESRV stopped successfully!
Service LIVESRV deleted successfully!
File C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe not found.
Service scan stopped successfully!
Service scan deleted successfully!
C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll moved successfully.
Service BDVEDISK stopped successfully!
Service BDVEDISK deleted successfully!
File C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys not found.
Service bdftdif stopped successfully!
Service bdftdif deleted successfully!
File C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys not found.
Service bdfsfltr stopped successfully!
Service bdfsfltr deleted successfully!
File C:\WINDOWS\System32\drivers\bdfsfltr.sys not found.
Service Bdfndisf stopped successfully!
Service Bdfndisf deleted successfully!
File C:\WINDOWS\System32\DRIVERS\bdfndisf.sys not found.
Service bdfm stopped successfully!
Service bdfm deleted successfully!
File C:\WINDOWS\System32\drivers\bdfm.sys not found.
Service bdselfpr stopped successfully!
Service bdselfpr deleted successfully!
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\bdselfpr.sys moved successfully.
Service BdRawPr stopped successfully!
Service BdRawPr deleted successfully!
C:\WINDOWS\system32\drivers\bdrawpr.sys moved successfully.
Service Trufos stopped successfully!
Service Trufos deleted successfully!
C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys moved successfully.
Service Profos stopped successfully!
Service Profos deleted successfully!
C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{381FFDE8-2394-4f90-B10D-FC6124A40F8C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{381FFDE8-2394-4f90-B10D-FC6124A40F8C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BitDefender folder moved successfully.
C:\Documents and Settings\Richard\Application Data\BitDefender\Desktop\Profiles folder moved successfully.
C:\Documents and Settings\Richard\Application Data\BitDefender\Desktop folder moved successfully.
C:\Documents and Settings\Richard\Application Data\BitDefender folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\UI folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\ThreatScanner\avengine\plugins folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\ThreatScanner\avengine folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\ThreatScanner folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\images\wizards folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\images\miscelaneous folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\images\intermediate folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\images\expert folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\images\common folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\images\basic folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\images folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\fonts folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\default\images\wizard folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\default\images\uiscan_log folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\default\images\tabs folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\default\images\slider folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\default\images\security folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\default\images\no_services folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\default\images\network_map folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\default\images\issues folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\default\images\icons folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\default\images\checkbox folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\default\images\buttons\icons folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\default\images\buttons folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\default\images folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin\default folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\skin folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\settings folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\extern folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\dependencies folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9} folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\SetupInformation folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\Setup Information\{0B246DA8-309B-4BFD-B2DE-6CB584CCC3EF} folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\Setup Information folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner(2)\Antivirus_NewTemp(3)\Plugins folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner(2)\Antivirus_NewTemp(3) folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner(2)\Antivirus_NewTemp(2)\Plugins folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner(2)\Antivirus_NewTemp(2) folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner(2) folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\av32bit_21851\Plugins folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\av32bit_21851 folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\av32bit_21850\Plugins folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\av32bit_21850 folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall folder moved successfully.
C:\Program Files\Fichiers communs\BitDefender folder moved successfully.
File\Folder C:\Program Files\BitDefender not found.
C:\Documents and Settings\Richard\Application Datauser_gensett.xml moved successfully.
C:\WINDOWS\System32\user_gensett.xml moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.18.0 log created on 12272010_100454


et voici l'autre :

Error: Unable to interpret <rien> in the current context!
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
========== OTL ==========
Error: No service named VSSERV was found to stop!
Service\Driver key VSSERV not found.
File C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe not found.
Error: No service named LIVESRV was found to stop!
Service\Driver key LIVESRV not found.
File C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe not found.
Error: No service named scan was found to stop!
Service\Driver key scan not found.
File C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll not found.
Error: No service named BDVEDISK was found to stop!
Service\Driver key BDVEDISK not found.
File C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys not found.
Error: No service named bdftdif was found to stop!
Service\Driver key bdftdif not found.
File C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys not found.
Error: No service named bdfsfltr was found to stop!
Service\Driver key bdfsfltr not found.
File C:\WINDOWS\System32\drivers\bdfsfltr.sys not found.
Error: No service named Bdfndisf was found to stop!
Service\Driver key Bdfndisf not found.
File C:\WINDOWS\System32\DRIVERS\bdfndisf.sys not found.
Error: No service named bdfm was found to stop!
Service\Driver key bdfm not found.
File C:\WINDOWS\System32\drivers\bdfm.sys not found.
Error: No service named bdselfpr was found to stop!
Service\Driver key bdselfpr not found.
File C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\bdselfpr.sys not found.
Error: No service named BdRawPr was found to stop!
Service\Driver key BdRawPr not found.
File C:\WINDOWS\system32\drivers\bdrawpr.sys not found.
Error: No service named Trufos was found to stop!
Service\Driver key Trufos not found.
File C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys not found.
Error: No service named Profos was found to stop!
Service\Driver key Profos not found.
File C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{381FFDE8-2394-4f90-B10D-FC6124A40F8C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{381FFDE8-2394-4f90-B10D-FC6124A40F8C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Application Data\BitDefender not found.
File\Folder C:\Documents and Settings\Richard\Application Data\BitDefender not found.
File\Folder C:\Program Files\Fichiers communs\BitDefender not found.
File\Folder C:\Program Files\BitDefender not found.
File\Folder C:\Documents and Settings\Richard\Application Datauser_gensett.xml not found.
File\Folder C:\WINDOWS\System32\user_gensett.xml not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.18.0 log created on 12272010_100626


La suite... (dans un instant)
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede richou » 27 Déc 2010, 10:34

Et voici la suite...

C'est à dire le rapport principal otl :

OTL logfile created on: 27/12/2010 10:11:45 - Run 4
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Richard\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 559,00 Mb Available Physical Memory | 55,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195,91 Gb Total Space | 31,92 Gb Free Space | 16,29% Space Free | Partition Type: NTFS

Computer Name: RICHARD | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/25 12:42:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Bureau\OTL.exe
PRC - [2010/09/07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/24 15:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/06/24 15:04:06 | 000,247,088 | R--- | M] () -- C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
PRC - [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2009/11/20 10:17:12 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009/07/20 11:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 11:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008/11/12 19:55:54 | 000,189,824 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
PRC - [2008/04/13 19:34:30 | 000,512,000 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008/04/13 19:34:04 | 001,037,824 | ---- | M] () -- C:\WINDOWS\explorer.exe
PRC - [2007/04/16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/08/25 19:41:44 | 000,155,648 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\PhiBtn.exe
PRC - [2005/05/31 14:23:08 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
PRC - [2002/07/31 14:15:18 | 000,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe


========== Modules (SafeList) ==========

MOD - [2010/12/25 12:42:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Bureau\OTL.exe
MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/20 11:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/12/10 07:38:14 | 000,138,216 | ---- | M] (Babylon Ltd.) -- C:\Program Files\IncrediMail\bin\B4ImApp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/24 15:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/06/24 15:04:06 | 000,247,088 | R--- | M] () [Auto | Running] -- C:\Program Files\Iomega\QuikProtect\QpMonitor.exe -- (QPCopyEngine)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/12/07 11:29:25 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2005/05/31 14:23:08 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe -- (btwdins)
SRV - [2002/07/31 14:15:18 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2010/09/07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/24 15:04:06 | 000,019,384 | R--- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\QsFsFltr.sys -- (QsFsFltr)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/04/13 11:45:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/07 23:08:56 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/25 18:28:00 | 001,240,576 | ---- | M] (Philips Consumer Electronics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrv41.sys -- (camvid40)
DRV - [2005/05/31 14:16:06 | 000,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/05/31 14:13:34 | 001,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/05/31 14:11:18 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/05/31 14:10:32 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/05/31 14:07:56 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2002/07/31 14:15:18 | 000,030,258 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1801674531-73586283-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-1801674531-73586283-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/accueil/adsl.html
IE - HKU\S-1-5-21-1801674531-73586283-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1801674531-73586283-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/11/27 20:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Mozilla\Extensions
[2010/08/14 20:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: ([2010/12/08 14:10:07 | 000,427,463 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14721 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\iBackup.exe (Iomega Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [PhiBtn] C:\WINDOWS\system32\drivers\PhiBtn.exe (Philips)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1801674531-73586283-839522115-1003..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-1801674531-73586283-839522115-1003..\Run: [Pando] C:\Program Files\Pando Networks\Pando\Pando.exe (Pando Networks)
O4 - HKU\S-1-5-21-1801674531-73586283-839522115-1003..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-1801674531-73586283-839522115-1003..\Run: [YRgAcfV] C:\WINDOWS\System32\control.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/10 10:24:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f17a94a4-0771-11e0-b1ef-0013d3948aaf}\Shell\AutoRun\command - "" = D:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{f17a94a4-0771-11e0-b1ef-0013d3948aaf}\Shell\menu1\command - "" = D:\pccompanion\Startme.exe -- File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/26 09:46:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/25 12:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\Unzipped
[2010/12/25 12:46:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/25 12:46:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/25 12:42:21 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard\Bureau\OTL.exe
[2010/12/25 10:57:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/12/25 10:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/25 10:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java
[2010/12/25 10:56:21 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/25 10:56:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/25 10:56:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/25 10:56:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/25 10:56:21 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/25 10:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/12/25 10:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\Sun
[2010/12/22 22:49:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Richard\Recent
[2010/12/22 22:41:22 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/12/22 22:41:22 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/12/22 22:41:20 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/12/22 22:41:19 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/12/22 22:41:17 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/12/22 22:41:17 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/12/22 22:41:17 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/12/22 22:41:02 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/12/22 22:41:02 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/12/21 19:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/21 19:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/21 13:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\5e1d0000-7bae-4965-bfd0-ddb782ad4eae
[2010/12/21 11:50:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/12/21 11:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\ETVycyP9te
[2010/12/18 15:34:47 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2010/12/15 19:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\myBabylon_English
[2010/12/15 19:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/12/15 19:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2010/12/15 10:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\Sony Ericsson
[2010/12/15 10:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/12/15 10:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Sony
[2010/12/15 10:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\My Podcasts
[2010/12/15 10:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\Media Go
[2010/12/15 10:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Sony Shared
[2010/12/15 10:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2010/12/15 10:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/12/15 10:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Apple
[2010/12/15 10:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Apple
[2010/12/15 10:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/12/15 10:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/12/15 10:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Apple Computer
[2010/12/15 10:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\Sony Setup
[2010/12/15 10:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\Sony
[2010/12/15 10:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2010/12/15 09:43:02 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe229.dll
[2010/12/15 09:05:22 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 09:02:21 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/14 20:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Sony Ericsson
[2010/12/14 19:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2010/12/14 19:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2010/12/02 04:35:18 | 004,280,320 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010/12/01 15:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\OfferBox
[2010/12/01 15:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\OpenCandy
[2010/12/01 15:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\OpenCandy
[2010/11/27 13:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Mozilla
[2010/11/27 13:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2010/12/27 10:08:33 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6c3d22e8f18c.job
[2010/12/27 10:08:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/26 19:20:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/26 09:42:09 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\SystemLook.exe
[2010/12/26 08:57:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/25 12:46:36 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/12/25 12:42:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Bureau\OTL.exe
[2010/12/25 10:56:14 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/25 10:56:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/25 10:56:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/25 10:56:14 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/25 10:56:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/24 21:56:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/22 22:59:39 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/22 22:57:34 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/22 09:15:00 | 005,423,341 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/12/21 10:41:46 | 002,461,696 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\Real winter.pps
[2010/12/21 10:39:04 | 003,196,416 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\MAXIMES-IL.pps
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 21:26:42 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/19 15:11:59 | 000,000,199 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\Cable HDMI 1.4 15 mètres Image & Son Calvados - leboncoin.fr.url
[2010/12/19 15:09:13 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/18 15:35:05 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/12/17 20:24:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010/12/15 18:52:28 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Richard\Mes documents\Annonce de bienvenue.doc
[2010/12/15 10:53:14 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 09:43:02 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe229.dll
[2010/12/14 16:47:15 | 000,000,199 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\Chaussures.url
[2010/12/13 20:28:23 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\Miss France.xls
[2010/12/08 14:10:07 | 000,427,463 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/08 14:09:41 | 000,427,463 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101208-141007.backup
[2010/12/03 11:05:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/12/02 04:35:18 | 004,280,320 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010/12/01 15:09:24 | 000,000,559 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2010/12/01 09:06:42 | 000,172,973 | ---- | M] () -- C:\Documents and Settings\Richard\Mes documents\Tarifs postaux colis.pdf
[2010/12/01 09:04:46 | 000,468,027 | ---- | M] () -- C:\Documents and Settings\Richard\Mes documents\Tarifs postaux.pdf

========== Files Created - No Company Name ==========

[2010/12/26 19:20:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/26 09:42:09 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\SystemLook.exe
[2010/12/25 19:43:03 | 003,196,416 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\MAXIMES-IL.pps
[2010/12/25 19:42:37 | 002,461,696 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\Real winter.pps
[2010/12/25 12:46:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/12/22 22:59:34 | 000,001,943 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/12/21 11:51:40 | 005,423,341 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/12/15 10:12:15 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/15 09:14:05 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\Cable HDMI 1.4 15 mètres Image & Son Calvados - leboncoin.fr.url
[2010/12/13 20:14:48 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\Miss France.xls
[2010/12/03 11:05:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/12/01 09:06:42 | 000,172,973 | ---- | C] () -- C:\Documents and Settings\Richard\Mes documents\Tarifs postaux colis.pdf
[2010/12/01 09:04:44 | 000,468,027 | ---- | C] () -- C:\Documents and Settings\Richard\Mes documents\Tarifs postaux.pdf
[2010/11/19 17:25:51 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2010/10/21 12:06:42 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/17 14:25:17 | 009,594,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/03 11:56:26 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\setup_ldm.iss
[2010/02/12 19:01:56 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\bdfvconp.ini
[2010/01/25 18:56:03 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\fusioncache.dat
[2009/12/07 09:32:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/04 15:05:15 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7I.DLL
[2009/12/04 15:00:57 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/11/25 11:29:40 | 000,308,736 | ---- | C] () -- C:\WINDOWS\System32\fpxlib.dll
[2009/11/25 11:29:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\jpeglib.dll
[2009/11/17 12:41:38 | 000,000,094 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/11/12 20:05:00 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/12 15:40:47 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/11 22:11:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/11/11 21:11:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/11/11 21:11:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2009/08/13 12:05:21 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/31 14:19:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< >


<MD5>
[2001/09/28 13:00:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=36D62802C95BD7995D904ED9AC18CA77 -- C:\WINDOWS\system32\control.exe
[2001/09/28 13:00:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=36D62802C95BD7995D904ED9AC18CA77 -- C:\WINDOWS\system32\dllcache\control.exe

[color=#A23BEC]</color> C:\Documents and Settings\All Users\Application Data\TEMP:DBAC2017

<End>


A bientot
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede nickW » 28 Déc 2010, 01:58

Bonsoir,

Nouvelle analyse, plus ciblée:


Étape 1: OTL (de OldTimer), préparation de l'analyse

Supprimer le fichier scan.txt créé précédemment.

Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
/md5start
winlogon.exe
explorer.exe
ctfmon.exe
wininit.exe
userinit.exe
winlogon.dat
explorer.dat
ctfmon.dat
wininit.dat
userinit.dat
hlp.dat
kb.dll
/md5stop


Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom scan.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.


Étape 2: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Faire un double clic dans la zone blanche située sous Personnalisation Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier scan.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier scan.txt est ainsi inséré dans le panneau "Personnalisation" Image

Puis cliquer sur le bouton Analyse rapide: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 3: Résultats
Envoyer en réponse:
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede richou » 28 Déc 2010, 09:59

Bjr Nickw,

voici donc le nouveau rapport principal otl :


OTL logfile created on: 28/12/2010 09:46:18 - Run 5
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Richard\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 514,00 Mb Available Physical Memory | 50,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195,91 Gb Total Space | 31,90 Gb Free Space | 16,28% Space Free | Partition Type: NTFS

Computer Name: RICHARD | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/25 12:42:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Bureau\OTL.exe
PRC - [2010/09/07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/24 15:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/06/24 15:04:06 | 000,247,088 | R--- | M] () -- C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
PRC - [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2009/11/20 10:17:12 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009/07/20 11:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 11:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008/11/12 19:55:54 | 000,189,824 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
PRC - [2008/04/13 19:34:30 | 000,512,000 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008/04/13 19:34:04 | 001,037,824 | ---- | M] () -- C:\WINDOWS\explorer.exe
PRC - [2007/04/16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/08/25 19:41:44 | 000,155,648 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\PhiBtn.exe
PRC - [2005/05/31 14:23:08 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
PRC - [2002/07/31 14:15:18 | 000,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe


========== Modules (SafeList) ==========

MOD - [2010/12/25 12:42:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Bureau\OTL.exe
MOD - [2010/09/22 17:12:42 | 000,378,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.dll
MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/20 11:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/02/27 16:37:16 | 000,311,296 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA
MOD - [2008/12/10 07:38:14 | 000,138,216 | ---- | M] (Babylon Ltd.) -- C:\Program Files\IncrediMail\bin\B4ImApp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/24 15:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/06/24 15:04:06 | 000,247,088 | R--- | M] () [Auto | Running] -- C:\Program Files\Iomega\QuikProtect\QpMonitor.exe -- (QPCopyEngine)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/12/07 11:29:25 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2005/05/31 14:23:08 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe -- (btwdins)
SRV - [2002/07/31 14:15:18 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2010/09/07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/24 15:04:06 | 000,019,384 | R--- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\QsFsFltr.sys -- (QsFsFltr)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/04/13 11:45:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/07 23:08:56 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/25 18:28:00 | 001,240,576 | ---- | M] (Philips Consumer Electronics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrv41.sys -- (camvid40)
DRV - [2005/05/31 14:16:06 | 000,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/05/31 14:13:34 | 001,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/05/31 14:11:18 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/05/31 14:10:32 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/05/31 14:07:56 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2002/07/31 14:15:18 | 000,030,258 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/accueil/adsl.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/11/27 20:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Mozilla\Extensions
[2010/08/14 20:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: ([2010/12/08 14:10:07 | 000,427,463 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14721 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\iBackup.exe (Iomega Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [PhiBtn] C:\WINDOWS\system32\drivers\PhiBtn.exe (Philips)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [Pando] C:\Program Files\Pando Networks\Pando\Pando.exe (Pando Networks)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [YRgAcfV] C:\WINDOWS\System32\control.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/10 10:24:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f17a94a4-0771-11e0-b1ef-0013d3948aaf}\Shell\AutoRun\command - "" = D:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{f17a94a4-0771-11e0-b1ef-0013d3948aaf}\Shell\menu1\command - "" = D:\pccompanion\Startme.exe -- File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/26 09:46:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/25 12:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\Unzipped
[2010/12/25 12:46:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/25 12:46:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/25 12:42:21 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard\Bureau\OTL.exe
[2010/12/25 10:57:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/12/25 10:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/25 10:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java
[2010/12/25 10:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/12/25 10:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\Sun
[2010/12/22 22:49:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Richard\Recent
[2010/12/22 22:41:22 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/12/22 22:41:22 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/12/22 22:41:20 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/12/22 22:41:19 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/12/22 22:41:17 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/12/22 22:41:17 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/12/22 22:41:17 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/12/22 22:41:02 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/12/22 22:41:02 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/12/21 19:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/21 19:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/21 13:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\5e1d0000-7bae-4965-bfd0-ddb782ad4eae
[2010/12/21 11:50:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/12/21 11:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\ETVycyP9te
[2010/12/15 19:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\myBabylon_English
[2010/12/15 19:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/12/15 19:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2010/12/15 10:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\Sony Ericsson
[2010/12/15 10:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/12/15 10:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Sony
[2010/12/15 10:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\My Podcasts
[2010/12/15 10:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\Media Go
[2010/12/15 10:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Sony Shared
[2010/12/15 10:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2010/12/15 10:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/12/15 10:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Apple
[2010/12/15 10:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Apple
[2010/12/15 10:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/12/15 10:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/12/15 10:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Apple Computer
[2010/12/15 10:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\Sony Setup
[2010/12/15 10:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\Sony
[2010/12/15 10:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2010/12/15 09:43:02 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe229.dll
[2010/12/14 20:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Sony Ericsson
[2010/12/14 19:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2010/12/14 19:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2010/12/01 15:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\OfferBox
[2010/12/01 15:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\OpenCandy
[2010/12/01 15:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\OpenCandy

========== Files - Modified Within 30 Days ==========

[2010/12/27 10:08:33 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6c3d22e8f18c.job
[2010/12/27 10:08:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/26 19:20:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/26 09:42:09 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\SystemLook.exe
[2010/12/26 08:57:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/25 12:46:36 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/12/25 12:42:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Bureau\OTL.exe
[2010/12/24 21:56:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/22 22:59:39 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/22 22:57:34 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/22 09:15:00 | 005,423,341 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/12/21 10:41:46 | 002,461,696 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\Real winter.pps
[2010/12/21 10:39:04 | 003,196,416 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\MAXIMES-IL.pps
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 21:26:42 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/19 15:11:59 | 000,000,199 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\Cable HDMI 1.4 15 mètres Image & Son Calvados - leboncoin.fr.url
[2010/12/19 15:09:13 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/18 15:35:05 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/12/17 20:24:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010/12/15 18:52:28 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Richard\Mes documents\Annonce de bienvenue.doc
[2010/12/15 10:53:14 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 09:43:02 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe229.dll
[2010/12/14 16:47:15 | 000,000,199 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\Chaussures.url
[2010/12/13 20:28:23 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\Miss France.xls
[2010/12/08 14:10:07 | 000,427,463 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/08 14:09:41 | 000,427,463 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101208-141007.backup
[2010/12/03 11:05:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/12/01 15:09:24 | 000,000,559 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2010/12/01 09:06:42 | 000,172,973 | ---- | M] () -- C:\Documents and Settings\Richard\Mes documents\Tarifs postaux colis.pdf
[2010/12/01 09:04:46 | 000,468,027 | ---- | M] () -- C:\Documents and Settings\Richard\Mes documents\Tarifs postaux.pdf

========== Files Created - No Company Name ==========

[2010/12/26 19:20:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/26 09:42:09 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\SystemLook.exe
[2010/12/25 19:43:03 | 003,196,416 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\MAXIMES-IL.pps
[2010/12/25 19:42:37 | 002,461,696 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\Real winter.pps
[2010/12/25 12:46:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/12/22 22:59:34 | 000,001,943 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/12/21 11:51:40 | 005,423,341 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/12/15 10:12:15 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/15 09:14:05 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\Cable HDMI 1.4 15 mètres Image & Son Calvados - leboncoin.fr.url
[2010/12/13 20:14:48 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\Miss France.xls
[2010/12/03 11:05:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/12/01 09:06:42 | 000,172,973 | ---- | C] () -- C:\Documents and Settings\Richard\Mes documents\Tarifs postaux colis.pdf
[2010/12/01 09:04:44 | 000,468,027 | ---- | C] () -- C:\Documents and Settings\Richard\Mes documents\Tarifs postaux.pdf
[2010/11/19 17:25:51 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2010/10/21 12:06:42 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/17 14:25:17 | 009,594,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/03 11:56:26 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\setup_ldm.iss
[2010/02/12 19:01:56 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\bdfvconp.ini
[2010/01/25 18:56:03 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\fusioncache.dat
[2009/12/07 09:32:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/04 15:05:15 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7I.DLL
[2009/12/04 15:00:57 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/11/25 11:29:40 | 000,308,736 | ---- | C] () -- C:\WINDOWS\System32\fpxlib.dll
[2009/11/25 11:29:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\jpeglib.dll
[2009/11/17 12:41:38 | 000,000,094 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/11/12 20:05:00 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/12 15:40:47 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/11 22:11:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/11/11 21:11:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/11/11 21:11:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2009/08/13 12:05:21 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/31 14:19:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/12/21 13:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5e1d0000-7bae-4965-bfd0-ddb782ad4eae
[2010/12/21 19:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/15 10:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/12/04 15:05:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/11/11 11:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/11/11 11:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010/11/11 19:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/11/14 12:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/09/16 11:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickMediaConverter
[2010/08/31 14:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2010/09/12 10:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/10/21 12:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2010/09/12 10:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/09/12 10:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2009/11/27 09:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/14 21:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/11/23 18:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/22 22:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\BitTorrent
[2009/11/11 22:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Blitware
[2010/12/14 13:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Canon
[2010/09/16 11:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\CocoonSoftware
[2009/12/08 09:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\com.adobe.ExMan
[2010/11/25 12:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\CVitae
[2010/11/25 11:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\freeCompressor
[2010/09/16 10:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\FreeVideoConverter
[2010/11/21 10:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\IObit
[2010/09/12 14:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Iomega Automatic Backup
[2010/03/03 11:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Leadertech
[2010/12/01 15:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\OfferBox
[2010/12/01 15:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\OpenCandy
[2010/11/26 15:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Opera
[2009/12/04 15:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\ScanSoft
[2010/08/29 11:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Software Informer
[2010/12/15 10:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Sony
[2010/12/15 10:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Sony Setup
[2010/08/14 20:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\TomTom
[2010/08/29 10:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Uniblue
[2010/06/03 12:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Windows Search
[2009/11/11 22:01:38 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

========== Purity Check ==========



========== Custom Scans ==========


< >


<MD5>
[2008/04/13 19:34:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2008/04/13 19:34:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe
[2004/08/19 16:09:52 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=64E41E8FEE655B03E3F19DED21BA5118 -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe

<MD5>
[2004/08/19 16:09:54 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:34:04 | 001,037,824 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\explorer.exe

<MD5>
[2008/04/13 19:33:50 | 000,036,740 | ---- | M] () Unable to obtain MD5 -- C:\Documents and Settings\All Users\Documents\Server\hlp.dat

<MD5>
[2004/08/19 16:10:04 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:34:28 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:34:28 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

<MD5>
[2004/08/19 16:10:06 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:34:30 | 000,512,000 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]</color> C:\Documents and Settings\All Users\Application Data\TEMP:DBAC2017

<End>


a toi de jouer....
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede nickW » 28 Déc 2010, 19:15

Bonsoir,

Il y a bien une infection Bamital.
Celle-ci a modifié ("patché") des fichiers système, et il n'est pas possible de les récupérer tant que le Windows du PC est actif.

Solution: créer un CD amorçable ("bootable") contenant des outils qui vont nous permettre de copier des fichiers non-modifiés pour remplacer ceux qui ont été modifiés.



Étape 1: OTLPE (de OldTimer), téléchargement et création du CD d'amorce

Cette étape doit être réalisée sur un PC qui peut démarrer, télécharger, créer un CD et écrire sur une clé USB, tout ceci sans difficultés.

Télécharger OTLPENet.exe depuis ce lien: http://oldtimer.geekstogo.com/OTLPENet.exe (taille du fichier supérieure à 120 Mo)
Taille du fichier:
Octets - 127 353 979
Mo - 121,4
MD5 - c2629b6d6fa189ea92ff6fd1ffa2a81d <---- il faut absolument vérifier ceci avant de brûler le CD (voir note ci-dessous)

Placer un CD vierge dans le graveur de CD, puis faire un double clic sur le fichier téléchargé pour lancer la création du CD.


Note à propos du contrôle MD5:
Ce qu'est la somme de contrôle MD5 d'un fichier: http://fr.wikipedia.org/wiki/MD5

Pour calculer la somme de contrôle MD5 d'un fichier, il existe des tas de programmes.

Par exemple: MD5Check - Version 2.1 de Angus Johnson.

Téléchargement: http://angusj.com/delphi/md5check.zip

Décompresser l'archive téléchargée (clic droit, Extraire tout), faire un double clic sur Md5Check.exe, cliquer sur le bouton Browse ..., naviguer jusqu'au fichier OTLPEStd.exe, le sélectionner par un double clic puis cliquer sur le bouton Calculate MD5 Checksum.
Note à propos de la vérification des sommes MD5:
La casse n'est pas significative - les lettres peuvent être en minuscules ou en majuscules, cela n'a pas d'importance.



Étape 2: Préparation des fichiers
Vérifier que ton PC affiche bien tous les fichiers et dossiers:
http://assiste.com.free.fr/p/comment/co ... aches.html
Brancher une clé USB.
Dans l'Explorateur, ouvrir le dossier C:\WINDOWS\ServicePackFiles\i386
Depuis ce dossier, copier les fichiers explorer.exe et winlogon.exe directement sur la clé USB.

Télécharger le fichier scan.zip depuis ce lien.
Extraire de cette archive le fichier scan.txt et placer ce fichier sur la clé USB.

Retirer ("en toute sécurité") la clé USB.


Étape 3: Copie des fichiers, puis OTLPE (de OldTimer), analyse

Modifier le BIOS du PC afin que le démarrage s'effectue à partir du CD avant le disque dur. Voir: ici (en anglais) ou ici (en français)

Faire redémarrer le PC, qui doit démarrer depuis le CD-Rom et afficher un Bureau REATOGO-X-PE (c'est plus long qu'un démarrage depuis le disque dur).

Brancher la clé USB sur laquelle ont été copiés les fichiers explorer.exe et winlogon.exe, et scan.txt

Cliquer (en haut) sur l'icône "My Computer" (c'est l'équivalent du "Poste de travail").
Copier depuis la clé USB:
le fichier explorer.exe dans le dossier C:\WINDOWS
le fichier winlogon.exe dans le dossier C:\WINDOWS\system32


Faire un double clic sur l'icône OTLPE
A la demande "Do you wish to load the remote registry", répondre Yes
A la demande "Do you wish to load remote user profile(s) for scanning", répondre Yes
Vérifier que la case "Automatically Load All Remaining Users" est cochée, puis cliquer sur OK

L'écran principal de OTLPE s'affiche:
Image

Vérifier que les paramètres sont identiques à ceux de l'image ci-dessus.

Faire un double clic dans la zone blanche située en bas et nommée "Custom Scans/fixes": Image

Il y a ouverture d'une petite fenêtre "Information":
Image

Cliquer sur le bouton Yes.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'à l'emplacement de sauvegarde du fichier scan.txt (c'est-à-dire la clé USB), puis cliquer sur le bouton Ouvrir.

Le contenu du fichier scan.txt est ainsi inséré dans le panneau "Custom Scans/fixes" Image

Puis cliquer sur le bouton Run Scan:
Image

Laisser l'outil travailler sans l'interrompre.

Les fichiers rapports sont sauvegardés dans C:\OTL.Txt et C:\Extras.Txt

Les copier sur la clé USB.

Fermer OTLPE, arrêter l'environnement REATOGO-X-PE, éjecter le CD et faire redémarrer le PC.


Étape 4: Résultats
Envoyer en réponse:
*- les deux rapports de OTL (contenu des fichiers OTL.Txt et Extras.Txt situés sur la clé USB).

Les rapports envoyés sur le forum doivent se terminer par une ligne contenant <End>. Si ce n'est pas le cas, ils sont incomplets, et doivent alors être découpés en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 30 invités

cron