Demande d'analyse

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Demande d'analyse

Messagede Philigran » 31 Mar 2011, 08:03

Bonjour,
Depuis quelques jours mon PC est extrêmement ralenti avec un distorsion importante dans le son et un affichage des vidéos saccadé.
Le lancement de Windows prend un temps fou et sa fermeture et encore beaucoup plus longue que l'ouverture.
Les applications fonctionnent après une temps de chargement multiplié par deux ou trois.
Vous trouverez ci-dessous le premier rapport OTL (OTL.txt).
Avec mes remerciements pour votre aide
-----------------------------

OTL logfile created on: 30/03/2011 18:35:03 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Pilou\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 1,50 Gb Free Space | 15,37% Space Free | Partition Type: NTFS
Drive E: | 142,90 Gb Total Space | 33,53 Gb Free Space | 23,46% Space Free | Partition Type: NTFS

Computer Name: GROMIT | User Name: Pilou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/30 11:27:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pilou\Bureau\OTL.exe
PRC - [2008/12/16 17:44:28 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
PRC - [2008/10/15 14:31:25 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 14:29:28 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/02/13 14:06:58 | 002,196,240 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/02/13 14:02:46 | 000,564,496 | ---- | M] () -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/02/13 14:02:24 | 000,405,776 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/02/05 19:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/02/05 19:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2006/12/22 11:17:32 | 000,598,016 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC7302\Monitor.exe
PRC - [2004/08/20 01:09:53 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/03/30 11:27:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pilou\Bureau\OTL.exe
MOD - [2008/02/05 19:20:30 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll
MOD - [2006/08/25 17:51:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/05/25 19:21:58 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/05/21 23:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- E:\Program Files\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/10/15 14:31:25 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 14:29:28 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/02/05 19:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/02/05 19:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/05 19:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/10/26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2002/09/20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/01/25 18:54:04 | 006,321,768 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/10/25 11:03:52 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/06/01 19:30:50 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/06/01 19:30:48 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/06/01 19:30:46 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008/05/27 11:41:46 | 000,122,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008/05/27 11:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008/05/27 11:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008/05/27 11:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008/05/27 11:41:46 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008/05/27 11:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/27 11:41:44 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008/05/16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/02/06 04:21:25 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/06 04:20:40 | 000,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/02/06 04:17:37 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/02/06 04:17:26 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/02/05 19:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/05 19:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/11/08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/11/08 10:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/10/17 14:12:00 | 000,030,720 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2007/01/04 13:01:32 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1unic.sys -- (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM)
DRV - [2007/01/04 13:01:24 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1obex.sys -- (sea1obex)
DRV - [2007/01/04 13:01:24 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1nd5.sys -- (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS)
DRV - [2007/01/04 13:01:22 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mgmt.sys -- (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM)
DRV - [2007/01/04 13:01:18 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mdm.sys -- (sea1mdm)
DRV - [2007/01/04 13:01:18 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mdfl.sys -- (sea1mdfl)
DRV - [2007/01/04 13:01:08 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1bus.sys -- (sea1bus) Sony Ericsson Device 0A1 driver (WDM)
DRV - [2006/12/26 14:58:02 | 000,189,312 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2006/12/25 13:16:25 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2006/12/25 13:16:25 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2005/12/30 18:23:48 | 000,137,344 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\litsgt.sys -- (litsgt)
DRV - [2005/12/30 18:23:48 | 000,012,032 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tansgt.sys -- (tansgt)
DRV - [2005/08/31 04:42:36 | 001,333,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/01 13:49:00 | 000,137,344 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hwpsgt.sys -- (hwpsgt)
DRV - [2005/05/01 13:49:00 | 000,009,472 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lemsgt.sys -- (lemsgt)
DRV - [2004/08/13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/10/24 03:07:38 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/10/02 09:57:12 | 000,013,532 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/web?src=ieb&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-299502267-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-299502267-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-299502267-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/11/26 14:38:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 08:43:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 08:43:00 | 000,000,000 | ---D | M]

[2010/11/30 22:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pilou\Application Data\Mozilla\Extensions
[2010/11/30 22:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pilou\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/30 17:26:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pilou\Application Data\Mozilla\Firefox\Profiles\sytwwssv.default\extensions
[2011/01/14 08:27:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Pilou\Application Data\Mozilla\Firefox\Profiles\sytwwssv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/01 14:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/08 22:54:46 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2011/03/08 22:54:46 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/03/08 22:54:46 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2011/03/08 22:54:46 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2011/03/08 22:54:46 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/03/27 19:40:31 | 000,380,288 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 13125 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O3 - HKU\S-1-5-21-299502267-1844237615-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-299502267-1844237615-839522115-1003\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O3 - HKU\S-1-5-21-299502267-1844237615-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe ()
O4 - Startup: C:\Documents and Settings\Pilou\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Pilou\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Pilou\Menu Démarrer\Programmes\Démarrage\Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - E:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/Messenger ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 0200096015 (WUWebControl Class)
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} https://static.impots.gouv.fr/tdir/stat ... DP-2.0.cab (AdVerifierADPCtrl Class)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game07.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Pilou\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pilou\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/26 17:45:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1f9810bc-26f1-11df-8bba-ac8a87251639}\Shell - "" = AutoRun
O33 - MountPoints2\{1f9810bc-26f1-11df-8bba-ac8a87251639}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/03/30 11:35:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/30 11:34:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ERUNT
[2011/03/30 11:34:04 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/30 11:32:15 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Pilou\Bureau\erunt-setup.exe
[2011/03/30 11:29:23 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Pilou\Bureau\mbam-setup.exe
[2011/03/30 11:27:18 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pilou\Bureau\OTL.exe
[2011/03/30 07:48:27 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2011/03/30 07:48:27 | 000,084,584 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2011/03/30 07:48:22 | 001,489,512 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2011/03/30 07:48:22 | 000,891,496 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2011/03/30 07:48:15 | 009,721,960 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2011/03/30 07:48:14 | 006,321,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2011/03/30 07:48:08 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2011/03/30 07:48:08 | 000,055,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll
[2011/03/30 07:47:59 | 001,395,800 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2011/03/30 07:47:58 | 002,180,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2011/03/30 07:47:50 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2011/03/30 07:47:50 | 000,285,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2011/03/30 07:47:48 | 002,815,592 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2011/03/30 07:47:47 | 000,064,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2011/03/30 07:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/03/30 07:47:00 | 001,284,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2011/03/29 17:18:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pilou\Recent
[2011/03/28 19:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CCleaner
[2011/03/28 19:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/03/28 18:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pilou\Local Settings\Application Data\PackageAware
[2011/03/27 09:12:34 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/03/27 09:12:34 | 000,018,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/03/25 18:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pilou\Application Data\Malwarebytes
[2011/03/25 18:52:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/25 18:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2011/03/25 18:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/25 18:52:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/12 14:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Bcgsoft
[2011/03/12 14:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\The Game Creators
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/30 18:06:00 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/30 13:56:10 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/03/30 11:34:09 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Pilou\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2011/03/30 11:34:05 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\Pilou\Bureau\NTREGOPT.lnk
[2011/03/30 11:34:05 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Pilou\Bureau\ERUNT.lnk
[2011/03/30 11:33:04 | 000,005,024 | ---- | M] () -- C:\Documents and Settings\Pilou\Bureau\erunt-loc_fr.zip
[2011/03/30 11:32:16 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Pilou\Bureau\erunt-setup.exe
[2011/03/30 11:30:32 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/03/30 11:29:44 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Pilou\Bureau\mbam-setup.exe
[2011/03/30 11:28:24 | 000,000,395 | ---- | M] () -- C:\Documents and Settings\Pilou\Bureau\scan.zip
[2011/03/30 11:27:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pilou\Bureau\OTL.exe
[2011/03/30 11:02:49 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/30 11:01:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/30 08:12:20 | 000,435,618 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/03/30 08:12:20 | 000,435,212 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/30 08:12:20 | 000,081,642 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/03/30 08:12:20 | 000,067,590 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/30 07:02:12 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2011/03/27 12:40:52 | 000,124,416 | ---- | M] () -- C:\Documents and Settings\Pilou\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/26 10:38:08 | 000,023,696 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/03/26 09:38:08 | 000,000,118 | ---- | M] () -- C:\Documents and Settings\Pilou\Bureau\PC ou ordinateur lent Windows très lent au démarrage.URL
[2011/03/25 08:49:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/22 16:13:48 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/03/18 13:16:36 | 000,142,049 | ---- | M] () -- C:\Documents and Settings\Pilou\Bureau\piscine.jpg
[2011/03/18 13:16:10 | 003,321,732 | ---- | M] () -- C:\Documents and Settings\Pilou\Bureau\piscine.tif
[2011/03/16 09:35:09 | 000,483,650 | ---- | M] () -- C:\Documents and Settings\Pilou\Bureau\SYNC_138422229.pdf
[2011/03/12 20:33:53 | 000,005,536 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/12 14:53:03 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\FPS Creator Demo.lnk
[2011/03/12 11:41:20 | 002,707,395 | ---- | M] () -- C:\Documents and Settings\Pilou\Bureau\Carte_France_region.psd
[2011/03/07 00:03:38 | 000,090,682 | ---- | M] () -- C:\Documents and Settings\Pilou\Bureau\piscine.skp
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/30 11:34:09 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Pilou\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2011/03/30 11:34:05 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\Pilou\Bureau\NTREGOPT.lnk
[2011/03/30 11:34:05 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Pilou\Bureau\ERUNT.lnk
[2011/03/30 11:33:03 | 000,005,024 | ---- | C] () -- C:\Documents and Settings\Pilou\Bureau\erunt-loc_fr.zip
[2011/03/30 11:28:23 | 000,000,395 | ---- | C] () -- C:\Documents and Settings\Pilou\Bureau\scan.zip
[2011/03/26 09:38:08 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Pilou\Bureau\PC ou ordinateur lent Windows très lent au démarrage.URL
[2011/03/25 18:52:54 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/03/18 13:16:32 | 000,142,049 | ---- | C] () -- C:\Documents and Settings\Pilou\Bureau\piscine.jpg
[2011/03/16 09:35:09 | 000,483,650 | ---- | C] () -- C:\Documents and Settings\Pilou\Bureau\SYNC_138422229.pdf
[2011/03/14 16:09:09 | 003,321,732 | ---- | C] () -- C:\Documents and Settings\Pilou\Bureau\piscine.tif
[2011/03/14 16:09:09 | 000,090,682 | ---- | C] () -- C:\Documents and Settings\Pilou\Bureau\piscine.skp
[2011/03/12 14:53:03 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\FPS Creator Demo.lnk
[2011/01/31 11:00:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\libiconv
[2011/01/31 11:00:24 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Action
[2011/01/25 19:33:01 | 000,176,968 | ---- | C] () -- C:\WINDOWS\hpoins44.dat
[2011/01/25 19:33:01 | 000,000,586 | ---- | C] () -- C:\WINDOWS\hpomdl44.dat
[2011/01/25 19:12:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Work - Home
[2011/01/25 19:12:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\filter
[2010/12/27 22:26:54 | 000,645,500 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/27 22:26:54 | 000,645,500 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-299502267-1844237615-839522115-1003-0.dat
[2010/12/27 19:06:51 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/12/27 19:06:50 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/12/27 19:06:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Pilou\Application Data\$_hpcst$.hpc
[2010/09/08 19:50:14 | 000,444,062 | ---- | C] () -- C:\WINDOWS\Enjoy 5e Uninstaller.exe
[2010/07/20 16:50:09 | 000,000,323 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2010/07/20 16:50:05 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2010/07/01 14:22:01 | 000,000,723 | ---- | C] () -- C:\WINDOWS\CLRBRWSR.INI
[2010/06/07 09:15:43 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2010/03/02 23:03:39 | 000,011,617 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/03/02 22:37:06 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2010/03/02 22:34:51 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/11/24 18:49:26 | 000,179,518 | ---- | C] () -- C:\WINDOWS\hpoins44.dat.temp
[2009/11/24 18:49:26 | 000,000,586 | ---- | C] () -- C:\WINDOWS\hpomdl44.dat.temp
[2009/11/18 15:51:19 | 000,005,536 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/23 20:00:26 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Pilou\Application Data\grep
[2009/10/23 20:00:26 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/03/19 08:48:02 | 000,000,153 | ---- | C] () -- C:\WINDOWS\isp.ini
[2009/01/01 11:16:50 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/12/29 21:55:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/10/03 07:46:14 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/07/28 21:41:33 | 000,000,227 | ---- | C] () -- C:\WINDOWS\Kirikou.ini
[2008/05/01 09:37:06 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/02/05 19:20:08 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/02/03 12:35:04 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/14 20:25:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2007/11/09 21:53:33 | 000,001,287 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/17 22:45:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/01/23 18:38:47 | 000,104,373 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/12/25 13:16:25 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2006/12/25 13:16:25 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2006/12/20 14:30:41 | 000,000,042 | ---- | C] () -- C:\WINDOWS\KA.INI
[2006/11/04 14:14:27 | 000,000,820 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2006/03/19 20:43:06 | 000,002,258 | ---- | C] () -- C:\WINDOWS\webstress4.ini
[2005/12/30 18:23:48 | 000,137,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\litsgt.sys
[2005/12/30 18:23:48 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\tansgt.sys
[2005/12/30 18:20:38 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/09/15 09:54:22 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/09/15 09:54:22 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/09/15 09:54:22 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/06/30 08:46:18 | 000,000,764 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2005/05/14 10:25:55 | 000,004,891 | ---- | C] () -- C:\WINDOWS\xnview.ini
[2005/05/01 13:49:00 | 000,137,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\hwpsgt.sys
[2005/05/01 13:49:00 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\lemsgt.sys
[2005/03/09 17:30:24 | 000,001,501 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/02/02 21:50:14 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/02/01 21:38:08 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2005/01/30 12:07:51 | 000,000,011 | ---- | C] () -- C:\WINDOWS\egypte.ini
[2005/01/30 11:50:33 | 000,000,014 | ---- | C] () -- C:\WINDOWS\AKA2.INI
[2005/01/30 11:50:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/01/29 10:20:08 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2005/01/29 10:20:08 | 000,000,048 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/01/28 22:06:36 | 000,001,066 | ---- | C] () -- C:\WINDOWS\PATTONF.INI
[2005/01/28 16:10:17 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/01/28 16:10:17 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005/01/28 16:10:16 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/01/28 12:39:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2005/01/28 12:09:43 | 000,124,416 | ---- | C] () -- C:\Documents and Settings\Pilou\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/27 15:59:00 | 000,023,696 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/26 19:12:44 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/26 18:37:49 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/26 18:01:31 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2005/01/26 17:58:46 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/01/26 17:47:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/26 17:43:13 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/26 17:32:03 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/26 17:31:11 | 001,063,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/20 01:09:27 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2001/08/28 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/28 12:00:00 | 000,435,618 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2001/08/28 12:00:00 | 000,435,212 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/28 12:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2001/08/28 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/28 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/28 12:00:00 | 000,081,642 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2001/08/28 12:00:00 | 000,067,590 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/28 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/28 12:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2001/08/28 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/28 12:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/28 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2009/10/23 20:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/10/31 19:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/01/31 11:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/10/17 19:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quark
[2010/01/01 13:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spamihilator
[2009/02/27 08:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2009/10/23 20:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/01/06 19:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pilou\Application Data\Audacity
[2010/11/05 23:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pilou\Application Data\authorPOINT
[2010/05/07 09:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pilou\Application Data\FileMaker
[2011/03/12 22:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pilou\Application Data\FileZilla
[2007/11/14 20:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pilou\Application Data\InterTrust
[2008/07/24 07:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pilou\Application Data\ItsLabel
[2009/06/25 19:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pilou\Application Data\JAM Software
[2009/01/01 11:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pilou\Application Data\Leadertech
[2010/06/13 22:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pilou\Application Data\MP-Manager
[2011/01/31 16:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pilou\Application Data\Nikon
[2010/04/02 15:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pilou\Application Data\Opera
[2010/12/27 19:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pilou\Application Data\PC Suite
[2011/01/01 15:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pilou\Application Data\PCFix
[2008/10/17 19:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pilou\Application Data\Quark
[2007/12/20 22:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pilou\Application Data\SPAMfighter
[2011/03/30 09:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pilou\Application Data\Spamihilator
[2009/10/24 08:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pilou\Application Data\TeamViewer

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2001/01/10 12:23:58 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE


< MD5 for: AGP440.SYS >
[2008/12/29 23:49:05 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/29 23:49:05 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/12/29 23:49:05 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\sp2.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\agp440.sys
[2004/08/04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\agp440.sys
[2004/08/04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2005/01/26 19:29:35 | 012,109,786 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008/12/29 23:49:05 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2005/01/26 19:29:35 | 012,109,786 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2008/12/29 23:49:05 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/12/29 23:49:05 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\sp2.cab:atapi.sys
[2002/08/29 10:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\atapi.sys
[2004/08/04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\atapi.sys
[2004/08/04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0024\DriverFiles\i386\atapi.sys
[2004/08/04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\i386\atapi.sys

< MD5 for: CTFMON.EXE >
[2002/08/29 20:45:10 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=2C856908EE61424238772508E9FBCBC8 -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\ctfmon.exe
[2004/08/20 01:09:51 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=64E41E8FEE655B03E3F19DED21BA5118 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2004/08/20 01:09:51 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=64E41E8FEE655B03E3F19DED21BA5118 -- C:\WINDOWS\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\ctfmon.exe
[2004/08/20 01:09:51 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=64E41E8FEE655B03E3F19DED21BA5118 -- C:\WINDOWS\system32\ctfmon.exe

< MD5 for: EVENTLOG.DLL >
[2004/08/20 01:09:25 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/20 01:09:25 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\eventlog.dll
[2004/08/20 01:09:25 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\system32\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\eventlog.dll
[2002/08/29 20:44:52 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B1F4DD70AD2DF7B98C8323394D370B2A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004/08/20 01:09:53 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\explorer.exe
[2004/08/20 01:09:53 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/20 01:09:53 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\explorer.exe
[2002/08/29 20:45:10 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=82FE0D400CB1AC937234467B927B867A -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\netlogon.dll
[2002/08/29 20:44:52 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=B05A56408A75A75345D399986751DDB7 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/20 01:09:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/20 01:09:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\netlogon.dll
[2004/08/20 01:09:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2002/08/29 20:44:58 | 000,180,736 | ---- | M] (Microsoft Corporation) MD5=11F7656C69DA4CFB022CEC5445A647E8 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/20 01:09:39 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/20 01:09:39 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\scecli.dll
[2004/08/20 01:09:39 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/20 01:10:03 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/20 01:10:03 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\userinit.exe
[2004/08/20 01:10:03 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\system32\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\userinit.exe
[2002/08/29 20:45:16 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F4127A2A00825C69A870035DA1264AE0 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/20 01:10:04 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/20 01:10:04 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\winlogon.exe
[2004/08/20 01:10:04 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\system32\winlogon.exe
[2002/08/29 20:45:16 | 000,520,704 | ---- | M] (Microsoft Corporation) MD5=71820BC9EE6653C8748922459DFC384D -- C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
[2001/08/28 12:00:00 | 000,434,176 | ---- | M] (Microsoft Corporation) MD5=7486A7D62930D64E83CD847C3C69E7CC -- C:\WINDOWS\$NtUninstallKB841533_RTM$\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\winlogon.exe
[2004/06/17 19:42:13 | 000,487,424 | ---- | M] (Microsoft Corporation) MD5=F5D97F77AC97B244FF33280154186065 -- C:\WINDOWS\$hf_mig$\KB840987\SP1QFE\winlogon.exe
[2004/06/17 02:08:56 | 000,487,424 | ---- | M] (Microsoft Corporation) MD5=F5D97F77AC97B244FF33280154186065 -- C:\WINDOWS\$hf_mig$\KB841533\SP1QFE\winlogon.exe
[2004/06/17 02:08:56 | 000,487,424 | ---- | M] (Microsoft Corporation) MD5=F5D97F77AC97B244FF33280154186065 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/10/16 12:38:27 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2008/10/16 12:38:28 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2008/10/16 12:38:28 | 000,251,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >
Philigran
 
Messages: 5
Inscription: 27 Mar 2011, 09:20

Re: Demande d'analyse

Messagede Philigran » 31 Mar 2011, 08:05

Pour faire suite au rapport, ci-dessous le fichier Extras.txt.

OTL Extras logfile created on: 30/03/2011 18:35:03 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Pilou\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 1,50 Gb Free Space | 15,37% Space Free | Partition Type: NTFS
Drive E: | 142,90 Gb Total Space | 33,53 Gb Free Space | 23,46% Space Free | Partition Type: NTFS

Computer Name: GROMIT | User Name: Pilou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- Reg Error: Key error. File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-299502267-1844237615-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "E:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"E:\Program Files\Digital Imaging\bin\hpqtra08.exe" = E:\Program Files\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"E:\Program Files\Digital Imaging\bin\hpqste08.exe" = E:\Program Files\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"E:\Program Files\Digital Imaging\bin\hposid01.exe" = E:\Program Files\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"E:\Program Files\Digital Imaging\bin\hpqkygrp.exe" = E:\Program Files\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"E:\Program Files\Digital Imaging\bin\hpqcopy2.exe" = E:\Program Files\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe
"E:\Program Files\Digital Imaging\bin\hpfcCopy.exe" = E:\Program Files\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"E:\Program Files\Digital Imaging\bin\hpoews01.exe" = E:\Program Files\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"E:\Program Files\Digital Imaging\bin\hpiscnapp.exe" = E:\Program Files\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"E:\Program Files\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = E:\Program Files\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TeamViewer3\TeamViewer.exe" = C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:Application de pilotage à distance TeamViewer
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Application de pilotage à distance TeamViewer -- (TeamViewer GmbH)
"C:\Program Files\Macromedia\Flash MX\Flash.exe" = C:\Program Files\Macromedia\Flash MX\Flash.exe:*:Enabled:Flash 6.0 r25 -- (Macromedia, Inc.)
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8 -- (Macromedia, Inc.)
"E:\Program Files\VLC\vlc.exe" = E:\Program Files\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"E:\Program Files\Digital Imaging\bin\hpfcCopy.exe" = E:\Program Files\Digital Imaging\bin\hpfcCopy.exe:*:Disabled:hpfccopy.exe -- ()
"E:\Program Files\Digital Imaging\bin\hpiscnapp.exe" = E:\Program Files\Digital Imaging\bin\hpiscnapp.exe:*:Disabled:hpiscnapp.exe -- (Hewlett-Packard)
"E:\Program Files\Digital Imaging\bin\hpoews01.exe" = E:\Program Files\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)
"E:\Program Files\Digital Imaging\bin\hposid01.exe" = E:\Program Files\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)
"E:\Program Files\Digital Imaging\bin\hpqcopy2.exe" = E:\Program Files\Digital Imaging\bin\hpqcopy2.exe:*:Disabled:hpqcopy2.exe
"E:\Program Files\Digital Imaging\bin\hpqkygrp.exe" = E:\Program Files\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe -- (Hewlett-Packard)
"E:\Program Files\Digital Imaging\bin\hpqste08.exe" = E:\Program Files\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe
"E:\Program Files\Digital Imaging\bin\hpqtra08.exe" = E:\Program Files\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Disabled:hpwucli.exe
"E:\Program Files\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = E:\Program Files\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Disabled:smartwebprintexe.exe
"E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"E:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = E:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"E:\Program Files\SimpLite-MSN.exe" = E:\Program Files\SimpLite-MSN.exe:*:Enabled:Simp
"C:\Program Files\Spamihilator\spamihilator.exe" = C:\Program Files\Spamihilator\spamihilator.exe:*:Enabled:Spamihilator -- (Michel Krämer)
"C:\Program Files\Spamihilator\cdcc.exe" = C:\Program Files\Spamihilator\cdcc.exe:*:Enabled:Spamihilator DCC Filter Configuration -- ()
"C:\Program Files\Spamihilator\dccproc.exe" = C:\Program Files\Spamihilator\dccproc.exe:*:Enabled:Spamihilator DCC Filter -- ()
"E:\Program Files\npsasvr.exe" = E:\Program Files\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server
"E:\Program Files\npsvsvr.exe" = E:\Program Files\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{15F52B39-04CB-4EDB-9A8C-496C4A5588E2}" = Rayman 3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-040C-1E257A25E34D}" = Adobe Photoshop CS2
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.005.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B8-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}" = Macromedia Extension Manager
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
"{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime
"{5FD788ED-1A37-4496-9BDD-463F493B27FA}" = Macromedia Dreamweaver 8
"{6444D9D9-CD6C-4464-B970-55C606C944DC}" = Logitech QuickCam
"{678FBA54-2084-4431-829B-4046753578ED}" = Adibou joue à lire et à compter 6-7 ans
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D14916C-EC29-40FC-8FFB-08A66576BE78}" = Spamihilator 0.9.9.53 (32 bit)
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8A367C28-423C-48E2-8C76-EBA1171F932A}" = Adobe Photoshop Album 2.0
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = Listo WBC-674 PC-Camera
"{A8833100-1481-11D4-9731-00C04F8EEB39}" = Macromedia Fireworks 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009-03-17
"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1 - Français
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43421C0-0DCB-4F26-8A3B-BF16155F9879}" = TRENDnet TEW-424UB
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E70E9721-A42A-4D7A-8087-AA69614328A0}" = FPS Creator Demo
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{FF0B0792-F6E7-4627-B820-EA50617E223B}" = QuarkXPress 6.0
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"7-Zip" = 7-Zip 4.65
"ACDSee 32" = ACDSee 32
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-040C-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Applian FLV Player2.0.23" = Applian FLV Player
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"DVD Shrink_is1" = DVD Shrink 3.2
"Enjoy 5e" = Enjoy 5e
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.3.5
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.7.2
"Gif Movie Gear v3" = Gif Movie Gear v3
"Google Updater" = Outil de mise à jour Google
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{C43421C0-0DCB-4F26-8A3B-BF16155F9879}" = TRENDnet TEW-424UB
"lvdrivers_11.70" = Coffret de pilotes Logitech QuickCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"NVIDIA Drivers" = NVIDIA Drivers
"TeamViewer 4" = TeamViewer 4
"TreeSize Free_is1" = TreeSize Free V2.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.7
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/01/2011 13:03:11 | Computer Name = GROMIT | Source = MsiInstaller | ID = 11706
Description = Product: Scan -- Error 1706.No valid source could be found for product
Scan. The Windows Installer cannot continue.

Error - 25/01/2011 13:03:20 | Computer Name = GROMIT | Source = MsiInstaller | ID = 11706
Description = Product: Scan -- Error 1706.No valid source could be found for product
Scan. The Windows Installer cannot continue.

Error - 25/01/2011 13:08:02 | Computer Name = GROMIT | Source = MsiInstaller | ID = 11706
Description = Product: Scan -- Error 1706.No valid source could be found for product
Scan. The Windows Installer cannot continue.

Error - 25/01/2011 13:10:32 | Computer Name = GROMIT | Source = MsiInstaller | ID = 11706
Description = Product: Scan -- Error 1706.No valid source could be found for product
Scan. The Windows Installer cannot continue.

Error - 31/01/2011 10:10:45 | Computer Name = GROMIT | Source = Application Hang | ID = 1002
Description = Application bloquée moviemk.exe, version 2.1.4026.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 01/02/2011 02:06:20 | Computer Name = GROMIT | Source = Application Error | ID = 1000
Description = Application défaillante wlancu.exe, version 2.4.8.321, module défaillant
rtllib.dll, version 402.1190.1003.2006, adresse de défaillance 0x0000cee3.

Error - 06/02/2011 04:52:10 | Computer Name = GROMIT | Source = MsiInstaller | ID = 1013
Description = Produit : Adobe Reader 7.0 - Français -- Le programme d'installation
a détecté qu'un produit plus fiable est déjà installé. Le programme d'installation
va maintenant se fermer.

Error - 27/03/2011 03:32:54 | Computer Name = GROMIT | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 80070005 à partir de la ligne 44
de d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 27/03/2011 03:32:54 | Computer Name = GROMIT | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040206.

Error - 28/03/2011 12:46:56 | Computer Name = GROMIT | Source = Application Error | ID = 1000
Description = Application défaillante registrybooster.exe, version 6.0.0.6, module
défaillant vgx.dll, version 6.0.2900.2180, adresse de défaillance 0x0005c51e.

[ System Events ]
Error - 30/01/2011 13:25:19 | Computer Name = GROMIT | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service hpqcxs08
avec les arguments "" pour démarrer le serveur : {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 30/01/2011 13:27:46 | Computer Name = GROMIT | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service hpqcxs08
avec les arguments "" pour démarrer le serveur : {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 30/01/2011 13:29:28 | Computer Name = GROMIT | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service hpqcxs08
avec les arguments "" pour démarrer le serveur : {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 30/01/2011 13:33:59 | Computer Name = GROMIT | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service hpqcxs08
avec les arguments "" pour démarrer le serveur : {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 30/01/2011 13:38:39 | Computer Name = GROMIT | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service hpqcxs08
avec les arguments "" pour démarrer le serveur : {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 30/01/2011 13:39:15 | Computer Name = GROMIT | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service hpqcxs08
avec les arguments "" pour démarrer le serveur : {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 30/01/2011 13:39:43 | Computer Name = GROMIT | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service hpqcxs08
avec les arguments "" pour démarrer le serveur : {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 30/01/2011 13:40:18 | Computer Name = GROMIT | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service hpqcxs08
avec les arguments "" pour démarrer le serveur : {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 30/01/2011 13:40:50 | Computer Name = GROMIT | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service hpqcxs08
avec les arguments "" pour démarrer le serveur : {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 30/01/2011 13:41:22 | Computer Name = GROMIT | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service hpqcxs08
avec les arguments "" pour démarrer le serveur : {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}


< End of report >
Philigran
 
Messages: 5
Inscription: 27 Mar 2011, 09:20

Re: Demande d'analyse

Messagede nickW » 01 Avr 2011, 00:38

Bonsoir,

Tu as installé un "gros" fichier hosts.

As-tu pensé à désactiver le service Client DNS?


Désactivation du service Client DNS
Ouvrir la console de gestion des services:
Démarrer--->Exécuter
Taper services.msc puis cliquer sur OK

Descendre jusqu'à Client DNS
Faire un clic droit dessus et choisir Propriétés
Vérifier que dans la case "Chemin d'accès des fichiers exécutables" il y a bien C:\WINDOWS\system32\svchost.exe -k NetworkService
Dans Statut du service, cliquer sur Arrêter (s'il n'est pas déjà arrêté)
Cliquer sur Appliquer,
Dans Type de démarrage, choisir Désactivé
Cliquer sur Appliquer, puis sur OK

Faire redémarrer le PC.

Explication:
http://assiste.com.free.fr/p/hosts/host ... hosts.html
http://www.mvps.org/winhelp2002/hosts.htm (en anglais)

Note: cette manip est sans danger, et réversible.


Est-ce moins lent ou plus rapide, au choix?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Demande d'analyse

Messagede Philigran » 01 Avr 2011, 08:11

Bonjour

Après vérification du fichier hosts, effectivement celui-ci contenait une liste apparemment générée par "Spybot - Search & Destroy" a une époque où je l'avais installé, puis désinstallé car il faisait ralentir considérablement mon PC.

Alors j'ai suivi la procédure que tu m'as indiquée mais aucun résultat significatif, ce n'est ni moins lent ni plus rapide... :D juste identique : j'en suis actuellement à un temps total de lancement de windows de 6 minutes 30 environ... :cry:
Philigran
 
Messages: 5
Inscription: 27 Mar 2011, 09:20

Re: Demande d'analyse

Messagede nickW » 03 Avr 2011, 00:46

Bonsoir,

Quand as-tu désinstallé Spybot-S&D?


Avant de désinstaller Spybot-S&D as-tu "Annulé" la Vaccination?


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Demande d'analyse

Messagede Philigran » 03 Avr 2011, 08:56

J'ai désinstallé spybot il y a maintenant plus d'un an (de mémoire) mais je ne pense pas avoir annulé la vaccination avant désinstallation mais à vrai dire je ne m'en souviens pas.

En revanche j'ai oublié de poster ici le rapport de mon Anti malware (une piste peut-être ?)

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Version de la base de données: 6217

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

30/03/2011 18:26:35
mbam-log-2011-03-30 (18-26-24).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 156449
Temps écoulé: 10 minute(s), 36 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Merci de ton aide
Philigran
 
Messages: 5
Inscription: 27 Mar 2011, 09:20


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 7 invités