[OK] Plus d'icones et de barre de taches sur le bureau xp !

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede richou » 31 Déc 2010, 18:21

Bsr Nickw,

je suis désolé, j'ai été absent 2 jours et là je m'en vais réveillonner.
Donc je n'ai pas fait les manips que tu m'as demandé !
Je fais cela dimanche ou lundi...
Merci encore et meilleurs voeux pour 2011.
A l'année prochaine...
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede richou » 01 Jan 2011, 22:22

Bonjour Nickw,
tout d'abord je voudrais te présenter mes meilleurs voeux de bonheur et de santé pour cette année et encore te remercier de me sortir de mon problème.
Donc j'ai fait tes manips. Je te précise que dans l'étape 3 après avoir répondu yes à la question do you wish to load the remote registry, il m'a demandé : select user profil. J'avais le choix entre local service, networkservice, richard et systemprofile.
La surbrillance était sur local service alors j'ai tapé ok dessus ! J'aurais peut du aller sur richard mais tant pis c'est fait.
Voici donc le résultat :

OTL logfile created on: 1/1/2011 9:53:37 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 781.00 Mb Available Physical Memory | 76.00% Memory free
907.00 Mb Paging File | 838.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.91 Gb Total Space | 30.06 Gb Free Space | 15.34% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 78.97 Gb Free Space | 26.49% Space Free | Partition Type: NTFS
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (Iomega Activity Disk2)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/24 09:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/06/24 09:04:06 | 000,247,088 | R--- | M] () [Auto] -- C:\Program Files\Iomega\QuikProtect\QpMonitor.exe -- (QPCopyEngine)
SRV - [2010/01/09 15:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/12/07 05:29:25 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/05 16:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/20 05:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/04/30 05:23:26 | 000,090,112 | ---- | M] () [Auto] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008/11/03 19:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2005/05/31 08:23:08 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto] -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe -- (btwdins)
SRV - [2002/07/31 08:15:18 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Auto] -- C:\WINDOWS\System32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - File not found [Kernel | Auto] -- C:\WINDOWS\System32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/24 09:04:06 | 000,019,384 | R--- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\QsFsFltr.sys -- (QsFsFltr)
DRV - [2009/08/05 16:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/03/26 19:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2008/09/24 04:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/04/13 05:45:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2006/06/18 17:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/07 17:08:56 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/25 12:28:00 | 001,240,576 | ---- | M] (Philips Consumer Electronics) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camdrv41.sys -- (camvid40)
DRV - [2005/05/31 08:16:06 | 000,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/05/31 08:13:34 | 001,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/05/31 08:11:18 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/05/31 08:10:32 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/05/31 08:07:56 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2002/07/31 08:15:18 | 000,030,258 | ---- | M] (Iomega Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\IomDisk.sys -- (iomdisk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Richard_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\Richard_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/accueil/adsl.html
IE - HKU\Richard_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Richard_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/12/08 08:10:07 | 000,427,463 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14721 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\iBackup.exe (Iomega Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [PhiBtn] C:\WINDOWS\system32\drivers\PhiBtn.exe (Philips)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Richard_ON_C..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\Richard_ON_C..\Run: [Pando] C:\Program Files\Pando Networks\Pando\pando.exe (Pando Networks)
O4 - HKU\Richard_ON_C..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\Richard_ON_C..\Run: [YRgAcfV] C:\WINDOWS\System32\control.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Richard_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Richard_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/10 04:24:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/01/01 21:52:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LocalService\Recent
[2011/01/01 21:52:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\Mes documents
[2010/12/29 06:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\otlpestd
[2010/12/29 04:19:17 | 127,353,979 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Richard\Mes documents\OTLPENet.exe
[2010/12/28 04:58:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Richard\Recent
[2010/12/26 03:46:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/25 06:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\Unzipped
[2010/12/25 06:46:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/25 06:46:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/25 06:42:21 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard\Bureau\OTL.exe
[2010/12/25 04:57:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/12/25 04:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java
[2010/12/25 04:56:21 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/25 04:56:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/25 04:56:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/25 04:56:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/25 04:56:21 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/25 04:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/12/25 04:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\Sun
[2010/12/22 16:41:22 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/12/22 16:41:22 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/12/22 16:41:20 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/12/22 16:41:19 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/12/22 16:41:17 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/12/22 16:41:17 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/12/22 16:41:17 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/12/22 16:41:02 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/12/22 16:41:02 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/12/21 13:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/21 05:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\ETVycyP9te
[2010/12/18 09:34:47 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2010/12/15 13:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\myBabylon_English
[2010/12/15 13:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/12/15 13:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2010/12/15 04:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\Sony Ericsson
[2010/12/15 04:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Sony
[2010/12/15 04:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\My Podcasts
[2010/12/15 04:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Mes documents\Media Go
[2010/12/15 04:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Sony Shared
[2010/12/15 04:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/12/15 04:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Apple
[2010/12/15 04:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Apple
[2010/12/15 04:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/12/15 04:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Apple Computer
[2010/12/15 04:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\Sony Setup
[2010/12/15 04:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\Sony
[2010/12/15 04:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2010/12/15 03:05:22 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 03:02:21 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/14 14:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Local Settings\Application Data\Sony Ericsson
[2010/12/14 13:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson

========== Files - Modified Within 30 Days ==========

[2011/01/01 14:44:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/01 14:39:45 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6c3d22e8f18c.job
[2011/01/01 14:35:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/01 14:03:47 | 000,010,498 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\[avast! heuristique - AVERTISSEMENT].html
[2011/01/01 13:50:42 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\[avast! heuristique - AVERTISSEMENT].eml
[2011/01/01 12:39:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/29 04:19:22 | 127,353,979 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Richard\Mes documents\OTLPENet.exe
[2010/12/28 06:15:28 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/26 03:42:09 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\SystemLook.exe
[2010/12/26 02:57:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/25 06:42:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Bureau\OTL.exe
[2010/12/25 04:56:14 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/25 04:56:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/25 04:56:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/25 04:56:14 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/25 04:56:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/22 16:57:34 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/21 04:41:46 | 002,461,696 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\Real winter.pps
[2010/12/21 04:39:04 | 003,196,416 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\MAXIMES-IL.pps
[2010/12/20 12:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 12:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 09:11:59 | 000,000,199 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\Cable HDMI 1.4 15 mètres Image & Son Calvados - leboncoin.fr.url
[2010/12/19 09:09:13 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/18 09:35:05 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/12/17 14:24:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010/12/15 12:52:28 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Richard\Mes documents\Annonce de bienvenue.doc
[2010/12/15 04:53:14 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/14 10:47:15 | 000,000,199 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\Chaussures.url
[2010/12/13 14:28:23 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Richard\Bureau\Miss France.xls
[2010/12/08 08:10:07 | 000,427,463 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/08 08:09:41 | 000,427,463 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101208-141007.backup
[2010/12/03 05:05:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf

========== Files Created - No Company Name ==========

[2011/01/01 14:03:47 | 000,010,498 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\[avast! heuristique - AVERTISSEMENT].html
[2011/01/01 13:50:42 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\[avast! heuristique - AVERTISSEMENT].eml
[2010/12/26 13:20:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/26 03:42:09 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\SystemLook.exe
[2010/12/25 13:43:03 | 003,196,416 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\MAXIMES-IL.pps
[2010/12/25 13:42:37 | 002,461,696 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\Real winter.pps
[2010/12/15 04:12:15 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/15 03:14:05 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\Cable HDMI 1.4 15 mètres Image & Son Calvados - leboncoin.fr.url
[2010/12/13 14:14:48 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Richard\Bureau\Miss France.xls
[2010/12/03 05:05:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/11/19 11:25:51 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2010/08/17 08:25:17 | 009,594,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/03 05:56:26 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\setup_ldm.iss
[2010/02/12 13:01:56 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\bdfvconp.ini
[2010/01/25 12:56:03 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\fusioncache.dat
[2009/12/07 03:32:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/04 09:05:15 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7I.DLL
[2009/12/04 09:00:57 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/11/25 05:29:40 | 000,308,736 | ---- | C] () -- C:\WINDOWS\System32\fpxlib.dll
[2009/11/25 05:29:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\jpeglib.dll
[2009/11/17 06:41:38 | 000,000,094 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/11/12 14:05:00 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/12 09:40:47 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/11 16:11:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/11/11 15:11:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/11/11 15:11:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2009/08/13 06:05:21 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/31 08:19:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/12/31 05:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\BitTorrent
[2009/11/11 16:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Blitware
[2010/12/14 07:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Canon
[2010/09/16 05:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\CocoonSoftware
[2009/12/08 03:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\com.adobe.ExMan
[2010/11/25 06:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\CVitae
[2010/11/25 05:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\freeCompressor
[2010/09/16 04:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\FreeVideoConverter
[2010/11/21 04:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\IObit
[2010/09/12 08:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Iomega Automatic Backup
[2010/03/03 05:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Leadertech
[2010/12/01 09:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\OfferBox
[2010/12/01 09:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\OpenCandy
[2010/11/26 09:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Opera
[2009/12/04 09:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\ScanSoft
[2010/08/29 05:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Software Informer
[2010/12/15 04:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Sony
[2010/12/15 04:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Sony Setup
[2010/08/14 14:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\TomTom
[2010/08/29 04:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Uniblue
[2010/06/03 06:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Windows Search
[2009/11/11 16:01:38 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 13:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 13:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 05:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 05:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 17:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

<MD5>
[2002/08/29 06:17:04 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 13:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 06:17:04 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/13 13:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 05:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 05:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

<MD5>
[2008/04/13 13:34:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2008/04/13 13:34:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe
[2004/08/19 10:09:52 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=64E41E8FEE655B03E3F19DED21BA5118 -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe

<MD5>
[2004/08/19 10:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 13:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 13:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2004/08/19 10:09:54 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 13:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/13 13:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

<MD5>
[2008/04/13 13:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 13:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/19 10:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

<MD5>
[2004/08/19 10:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 13:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 13:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

<MD5>
[2004/08/19 10:10:04 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 13:34:28 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 13:34:28 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

<MD5>
[2004/08/19 10:10:06 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 13:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 13:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

<systemroot>

<systemroot>
[2006/10/18 14:47:08 | 000,276,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\audiodev.dll
[2008/04/13 13:33:22 | 001,025,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\browseui.dll
[2008/04/13 13:33:22 | 000,102,912 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cscdll.dll
[2008/04/13 13:33:22 | 000,337,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cscui.dll
[2008/04/13 13:33:24 | 000,025,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\davclnt.dll
[2008/06/20 12:47:22 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/13 13:33:24 | 000,014,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drprov.dll
[2010/11/05 19:21:43 | 011,080,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2010/11/05 19:21:44 | 001,991,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 13:33:34 | 000,281,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 13:33:36 | 000,011,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\netrap.dll
[2008/04/13 13:33:36 | 000,083,456 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\netui0.dll
[2008/04/13 13:33:36 | 000,245,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\netui1.dll
[2008/04/13 13:33:38 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2008/04/13 13:33:38 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntlanman.dll
[2006/10/18 14:47:18 | 000,284,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\PortableDeviceApi.dll
[2009/09/25 00:36:34 | 001,510,400 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shdocvw.dll
[2010/07/27 01:30:01 | 008,518,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[2008/04/13 13:33:42 | 000,068,096 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shgina.dll
[2007/10/25 02:28:30 | 000,222,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wmasf.dll
[2010/04/05 21:52:46 | 002,462,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\WMVCore.dll
[2006/10/18 14:47:22 | 002,603,008 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\WpdShext.dll

<systemroot>

========== Files - Unicode (All) ==========
[2010/12/21 07:09:32 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Richard\?????) -- C:\Documents and Settings\Richard\獷楬汢捯污
[2010/12/21 07:09:32 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Richard\?????) -- C:\Documents and Settings\Richard\獷楬汢捯污
<End>


et voici l'autre ::

OTL Extras logfile created on: 1/1/2011 9:53:37 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 781.00 Mb Available Physical Memory | 76.00% Memory free
907.00 Mb Paging File | 838.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.91 Gb Total Space | 30.06 Gb Free Space | 15.34% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 78.97 Gb Free Space | 26.49% Space Free | Partition Type: NTFS
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"58991:TCP" = 58991:TCP:*:Enabled:Pando
"58991:UDP" = 58991:UDP:*:Enabled:Pando

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"E:\Program Files\IncrediMail\bin\IncMail.exe" = E:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"E:\Program Files\IncrediMail\bin\IMApp.exe" = E:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\Pando Networks\Pando\Pando.exe" = C:\Program Files\Pando Networks\Pando\Pando.exe:*:Enabled:Pando -- (Pando Networks)
"C:\Program Files\IncrediMail\bin\ImLc.exe" = C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImPackr.exe" = C:\Program Files\IncrediMail\bin\ImPackr.exe:*:Enabled:IncrediMail -- ()
"E:\Program Files\IncrediMail\bin\ImpCnt.exe" = E:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"F:\HDD (E)\Program Files\IncrediMail\bin\IncMail.exe" = F:\HDD (E)\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"F:\HDD (E)\Program Files\IncrediMail\bin\ImpCnt.exe" = F:\HDD (E)\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B246DA8-309B-4BFD-B2DE-6CB584CCC3EF}" = BitDefender Internet Security 2009
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1439F7FF-6389-4593-8227-76E7BE4730C9}" = MXAir Tutorial
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}" = Philips SPC 900NC PC Camera
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B8-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42ABF3F2-2C5E-43FA-BBFF-58E4295F23CA}" = Iomega Automatic Backup
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89ACA875-BDB9-443C-B7C7-D74D3BDE8FE2}" = Philips VLounge
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3088CD2-612B-11D3-AF43-00C04F443448}" = Microsoft Works 2000
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}" = Pando
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B53FA0E4-739C-435F-9872-E3032F2E08FC}" = Iomega QuikProtect
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}" = Canon MP450
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"Horaires SNCF_is1" = Programme Horaires V4.86, HIVER VH-151010, ETE VE-070910
"ie8" = Windows Internet Explorer 8
"IncrediMail" = IncrediMail
"InstallShield_{42ABF3F2-2C5E-43FA-BBFF-58E4295F23CA}" = Iomega Automatic Backup
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator 2.0" = Canon MP Navigator 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Neuf_TV_PC" = TV sur PC
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"SFR_Kit" = SFR - Kit de connexion
"TomTom HOME" = TomTom HOME 2.7.5.2014
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\Richard_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

<End>
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede nickW » 03 Jan 2011, 22:17

Bonsoir,

Après ce traitement "de choc", le PC me semble en bien meilleur état.
Constates-tu encore des dysfonctionnements?


Peux-tu exécuter MBAM (Malwarebytes' Anti-Malware), analyse seulement:

Étape 1: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image avast5!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Gestion des Agents avast!" et désactiver tous les agents de protection


Étape 2: Malwarebytes' Anti-Malware, recherche
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image

Cliquer sur le bouton "Enregistrer le rapport", valider la sauvegarde, puis cliquer sur le bouton "Quitter"


Étape 3: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 4: Résultats
Envoyer en réponse:
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier %SystemDrive%\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-**-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede richou » 03 Jan 2011, 22:51

Bonsoir Nickw,

effectivement le pc marche mieux ! Je n'ai plus d'alerte matibal d'avast.
Je n'ai pas compris grand chose dans tes manips mais le résultat est là...
Voici donc le nouveau rapport :

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5449

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03/01/2011 22:42:05
mbam-log-2011-01-03 (22-42-05).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 141913
Temps écoulé: 4 minute(s), 5 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Apparemment (pour moi) tout à l'air clair mais si tu voyais des choses à faire ou à virer, n'hésite pas à me le dire...
A bientot
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede nickW » 03 Jan 2011, 23:59

Re-

"batimal" puis "matibal" ... Tu as le tiercé, mais dans le désordre! :D

L'infection se nomme Bamital. :wink:



Si le PC ne présente plus de symptômes d'infection, voici quelques conseils supplémentaires (sécurisation & optimisation) à appliquer:


ImageUn conseil important:
Il faut créer un nouveau point de restauration système.
Après nettoyage du PC, il faut vider les fichiers stockés dans les dossiers de la Restauration système, puis créer un nouveau point de restauration qui sera utilisable en cas de problème.
Méthode:
Désactiver la restauration système, réactiver la restauration système, puis créer un nouveau point de restauration.
Explications détaillées:
http://assiste.com.free.fr/p/comment/co ... ation.html


ImageUn conseil important:
Proscrire l'utilisation de P2P illicite!
cf BitTorrent, Pando


ImageUn conseil:
Désactiver la fonction de lancement automatique ("autorun") sur les lecteurs amovibles.
Voir ce sujet de Gof:
Guide sécurisation Windows face aux menaces infectieuses USB
http://assiste.forum.free.fr/viewtopic.php?t=25228
Le fichier de désactivation est téléchargeable depuis ce lien


ImageUn conseil:
La version gratuite de MBAM (Malwarebytes' Anti-Malware) reste utilisable pour effectuer des analyses à la demande.
Tu peux donc choisir de la laisser installée, et de l'utiliser de temps en temps (pour faire du "nettoyage") en faisant une mise à jour manuelle avant de demander l'examen.


ImageUn conseil:
Erunt permet de faire une sauvegarde du Registre.
Il est intéressant de l'utiliser avant d'installer un nouveau programme (en cas de problème, il permettra de revenir en arrière).


ImageUn conseil:
Incredimail: En as-tu vraiment besoin? Lire cette page


ImageUn conseil:
Image Il est préférable de supprimer OTL (fichier téléchargé OTL.exe et fichiers résultats OTL.Txt et Extras.Txt situés sur le Bureau, ainsi que, s'ils existent, les fichiers de travail fix.txt et scan.txt).
Note: S'il existe, le dossier SystemDrive\_OTL contient des sauvegardes. Après avoir vérifié que tous les logiciels du PC fonctionnent correctement, il sera possible de supprimer ce dossier.
Image Il est préférable de supprimer SystemLook (fichier téléchargé SystemLook.exe et fichier résultat SystemLook.txt[/i] situés sur le Bureau).
Image Vider les quarantaines de l'antivirus et de l'anti-spyware.



Voilì, voilò, voilà.

Salut,

PS:
Si tu considères que ce sujet est clos, peux-tu mettre [OK] devant le titre du premier message. Voir ICI.
Merci.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede richou » 04 Jan 2011, 10:01

Bjr Nickw,
ok je vais suivre tes conseils et merci encore d'avoir bien voulu me dépanner.
A plus tard....
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Précédente

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 40 invités