bouton "REPONSE"

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

bouton "REPONSE"

Messagede huggie » 11 Avr 2011, 12:48

Bonjour,

j'ai une demande de Logs à vous faire parvenir, mais je ne trouve pas le bouton "REPONSE"
pour les deux fichiers OTL.
Merci
huggie
 
Messages: 23
Inscription: 24 Déc 2005, 19:18

Re: bouton "REPONSE"

Messagede nickW » 11 Avr 2011, 16:13

Bonjour,

Il s'agit de l'un des deux boutons "Répondre":

Image

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

demnde de log

Messagede huggie » 11 Avr 2011, 19:12

Bonjour,

Je dépannage un ami.
XP SP3, AMD SEMPRON 3000+, 1Go RAM
Objet: plus de connexion internet.
J'ai passé CCLEANER et MBAM sans succès.
Son antivirus et parefeu ne sont plus à jour.

Malwarebytes' Anti-Malware 1.20
Version de la base de données: 930
Windows 5.1.2600 Service Pack 2

13:14:40 22/07/2008
mbam-log-7-22-2008 (13-14-40).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 94057
Temps écoulé: 20 minute(s), 5 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 57

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internetgamebox (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\InternetGameBox.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2 (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\dynamic toolbar\batch.bat (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\unins000.dat (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\unins000.exe (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\InternetGameBox.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\InternetGameBox.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\NoS2F.bin (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\Conforama\Bureau\InternetGameBox.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
huggie
 
Messages: 23
Inscription: 24 Déc 2005, 19:18

Re: bouton "REPONSE"

Messagede nickW » 12 Avr 2011, 14:18

Bonjour,

Es-tu bien sûr qu'il s'agit d'un rapport de MBAM récent: mbam-log-7-22-2008 (13-14-40).txt


Où sont les deux rapports d'analyse de OTL?

Note:
Il faut les envoyer dans deux messages distincts, en utilisant toujours le nouton "Répondre" Image, en vérifiant qu'ils sont complets (ils doivent se terminer par une ligne contenant <End of report>). Si ce n'est pas le cas, ils doivent être découpés en plusieurs parties.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: bouton "REPONSE"

Messagede huggie » 12 Avr 2011, 14:53

Le PC que j'essaie de remettre a jour n'a plus de connexion internet.
Par contre le mien fonctionne, j'ai téléchargé la dernière version de la base mbam,
ou se trouve le chemin pour la copier sur le PC infecté ?

J'ai bien fait "REPONDRE" pour copier les fichiers OTL.

Salut
huggie
 
Messages: 23
Inscription: 24 Déc 2005, 19:18

Re: bouton "REPONSE"

Messagede nickW » 12 Avr 2011, 15:56

Re-

Il faut télécharger l'installeur complet (version 1.50.1) en plus des mises à jour "hors ligne" (ici, mais cela date du 18/03/2011).



J'ai bien fait "REPONDRE" pour copier les fichiers OTL.

Peut-être, mais tu as dû utiliser de l'encre invisible!
Peux-tu recommencer?


Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: bouton "REPONSE"

Messagede huggie » 12 Avr 2011, 18:41

Voici le complément de mbam :

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6092

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/04/2011 19:06:21
mbam-log-2011-04-12 (19-06-21).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 213707
Temps écoulé: 36 minute(s), 47 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Je poste 2 autres messages pour les fichiers OTL.
huggie
 
Messages: 23
Inscription: 24 Déc 2005, 19:18

bouton "REPONSE" OTL 1/2

Messagede huggie » 12 Avr 2011, 18:43

OTL Extras logfile created on: 10/04/2011 22:29:09 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Conforama\Mes documents\ACER
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

895,00 Mb Total Physical Memory | 599,00 Mb Available Physical Memory | 67,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70,51 Gb Total Space | 44,14 Gb Free Space | 62,60% Space Free | Partition Type: NTFS
Drive E: | 1,92 Gb Total Space | 0,38 Gb Free Space | 19,96% Space Free | Partition Type: FAT

Computer Name: SNNECCI | User Name: Conforama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1609197471-2031097339-961219911-1006\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\AOL 9.0\aol.exe" = %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL -- (America Online, Inc.)
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe" = %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe" = %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA
"C:\APPS\Inventime\my.exe" = C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME -- (Inventime)
"C:\Program Files\Shareaza\Shareaza.exe" = C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza -- (Shareaza Development Team)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{16976C6C-F8D5-4317-9DE8-1F6352B66725}" = RAW Image Task
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BD68BBD-329B-46CC-9DDD-65F2F65DACA1}" = JS Star
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Internet Library
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9E67D1-4037-11D8-9690-0020182C22CD}" = Portable USB Storage Device
"{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}" = MP3 Player Utilities
"{64D114CE-4234-45C2-B60A-2B07D5A48F72}" = Microsoft Works 7.0
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Les Sims 2
"{6F08069F-FB2C-42F4-91B1-4003E07B03F8}" = Jeune Styliste 2
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{77F09242-A107-4CB6-A295-D8656C2C3795}" = Samsung USB Driver (MCCI 4.24)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{821DC151-4691-4E26-AE7E-522921D0FD54}" = RemoteCapture Task
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9084040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{AC76BA86-7AD7-1036-7B44-000000000001}" = Adobe Reader 6.0 - Français
"{B123EBD8-89B7-4834-B06D-F758815E1036}" = Nero 7 Premium
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}" = Canon MP450
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{E22885AB-B503-46E2-8437-73BBC6BC5487}" = Windows Live Messenger
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = ICatch (VI) PC Camera
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"6273b5a2c962d830ec3ac19663871c2c187731047" = Mon Encyclopédie d'Histoire
"Advanced WMA MP3 Converter_is1" = Advanced WMA MP3 Converter version 1.2
"CCleaner" = CCleaner
"Clean Ram_is1" = Clean Ram 1.20 - Free
"DIVXCodec" = DivX Codec 3.1alpha release
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"eMule" = eMule
"ffdshow" = ffdshow (remove only)
"FSX_Screensaver" = FSX_Screensaver
"GENEUIDE" = USB Storage Driver
"HijackThis" = HijackThis 2.0.2
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{16976C6C-F8D5-4317-9DE8-1F6352B66725}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{77F09242-A107-4CB6-A295-D8656C2C3795}" = Samsung USB Driver (MCCI 4.24)
"InstallShield_{821DC151-4691-4E26-AE7E-522921D0FD54}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"InterActual Player" = InterActual Player
"Les meilleurs Jeux de Pions Vol.1" = Les meilleurs Jeux de Pions Vol.1 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live & Sponsor
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money
"Mozilla Firefox (1.5.0.9)" = Mozilla Firefox (1.5.0.9)
"MP Navigator 2.0" = Canon MP Navigator 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MsgPlus! Plugin" = Messenger Plus! 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"Pack Vista Inspirat" = Pack Vista Inspirat 1.1
"QuickTime" = QuickTime
"Shareaza_is1" = Shareaza version 2.2.1.0
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SLD Codec Pack" = SLD Codec Pack
"VLC media player" = VLC media player 0.9.8a
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/04/2011 03:29:55 | Computer Name = SNNECCI | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x8007007e.

Error - 09/04/2011 09:44:17 | Computer Name = SNNECCI | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.2900.5512, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x040a2860.

Error - 09/04/2011 09:46:28 | Computer Name = SNNECCI | Source = Application Error | ID = 1000
Description = Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant
dbghelp.dll, version 5.1.2600.5512, adresse de défaillance 0x0001295d.

Error - 09/04/2011 10:06:59 | Computer Name = SNNECCI | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x8007007e.

Error - 09/04/2011 10:58:43 | Computer Name = SNNECCI | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040154.

Error - 09/04/2011 11:01:46 | Computer Name = SNNECCI | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040154.

Error - 09/04/2011 11:45:15 | Computer Name = SNNECCI | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040154.

Error - 09/04/2011 13:49:47 | Computer Name = SNNECCI | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040154.

Error - 10/04/2011 15:16:32 | Computer Name = SNNECCI | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040154.

Error - 10/04/2011 15:28:51 | Computer Name = SNNECCI | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040154.

[ System Events ]
Error - 10/04/2011 15:29:22 | Computer Name = SNNECCI | Source = W32Time | ID = 39452689
Description = Fournisseur de temps NtpClient : une erreur s'est produite lors de
la recherche DNS de l'homologue manuellement configuré 'time.windows.com,0x1'. NtpClient
va essayer à nouveau la recherche DNS dans 15 minutes. L'erreur était : Une opération
a été tentée sur un hôte impossible à atteindre. (0x80072751)

Error - 10/04/2011 15:29:22 | Computer Name = SNNECCI | Source = W32Time | ID = 39452701
Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps
à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement
accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 14 minutes.
NtpClient
n'a pas de source de temps précis.

Error - 10/04/2011 15:29:28 | Computer Name = SNNECCI | Source = Service Control Manager | ID = 7001
Description = Le service Gestionnaire de connexions d'accès distant dépend du service
Téléphonie qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 10/04/2011 15:29:28 | Computer Name = SNNECCI | Source = Service Control Manager | ID = 7001
Description = Le service Gestionnaire de connexions d'accès distant dépend du service
Téléphonie qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 10/04/2011 15:29:56 | Computer Name = SNNECCI | Source = Service Control Manager | ID = 7001
Description = Le service Gestionnaire de connexions d'accès distant dépend du service
Téléphonie qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 10/04/2011 15:30:25 | Computer Name = SNNECCI | Source = Service Control Manager | ID = 7001
Description = Le service Gestionnaire de connexions d'accès distant dépend du service
Téléphonie qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 10/04/2011 15:44:19 | Computer Name = SNNECCI | Source = W32Time | ID = 39452689
Description = Fournisseur de temps NtpClient : une erreur s'est produite lors de
la recherche DNS de l'homologue manuellement configuré 'time.windows.com,0x1'. NtpClient
va essayer à nouveau la recherche DNS dans 30 minutes. L'erreur était : Une opération
a été tentée sur un hôte impossible à atteindre. (0x80072751)

Error - 10/04/2011 15:44:19 | Computer Name = SNNECCI | Source = W32Time | ID = 39452701
Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps
à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement
accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 29 minutes.
NtpClient
n'a pas de source de temps précis.

Error - 10/04/2011 16:14:20 | Computer Name = SNNECCI | Source = W32Time | ID = 39452689
Description = Fournisseur de temps NtpClient : une erreur s'est produite lors de
la recherche DNS de l'homologue manuellement configuré 'time.windows.com,0x1'. NtpClient
va essayer à nouveau la recherche DNS dans 60 minutes. L'erreur était : Une opération
a été tentée sur un hôte impossible à atteindre. (0x80072751)

Error - 10/04/2011 16:14:20 | Computer Name = SNNECCI | Source = W32Time | ID = 39452701
Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps
à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement
accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 59 minutes.
NtpClient
n'a pas de source de temps précis.


< End of report >
huggie
 
Messages: 23
Inscription: 24 Déc 2005, 19:18

bouton "REPONSE" OTL 2/2

Messagede huggie » 12 Avr 2011, 18:46

OTL logfile created on: 10/04/2011 22:29:09 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Conforama\Mes documents\ACER
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

895,00 Mb Total Physical Memory | 599,00 Mb Available Physical Memory | 67,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70,51 Gb Total Space | 44,14 Gb Free Space | 62,60% Space Free | Partition Type: NTFS
Drive E: | 1,92 Gb Total Space | 0,38 Gb Free Space | 19,96% Space Free | Partition Type: FAT

Computer Name: SNNECCI | User Name: Conforama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/10 21:06:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Conforama\Mes documents\ACER\OTL.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/10 13:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2005/10/09 09:21:47 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
PRC - [2005/08/12 21:52:34 | 000,180,224 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
PRC - [2005/04/29 09:10:08 | 000,737,381 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PRC - [2005/04/29 09:10:08 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PRC - [2005/04/29 09:09:04 | 000,110,672 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2005/04/29 09:08:52 | 000,221,266 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2005/03/22 16:47:54 | 000,057,344 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe
PRC - [2005/02/21 15:56:00 | 001,826,885 | ---- | M] (Stardock) -- C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
PRC - [2005/02/02 12:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/01/20 20:04:22 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/01/07 12:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
PRC - [2004/01/29 10:31:10 | 000,086,016 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
PRC - [2002/09/30 22:09:06 | 000,151,552 | ---- | M] (Y'z@Home) -- C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
PRC - [2002/09/29 15:41:00 | 000,090,112 | ---- | M] (Y'z@Home) -- C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe


========== Modules (SafeList) ==========

MOD - [2011/04/10 21:06:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Conforama\Mes documents\ACER\OTL.exe
MOD - [2008/04/14 04:30:54 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2005/08/12 06:38:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon.dll
MOD - [2005/02/02 12:12:14 | 000,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2005/01/11 14:31:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll
MOD - [2002/09/30 22:08:58 | 000,053,248 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.dll
MOD - [2002/09/29 15:41:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MySqlInventime)
SRV - File not found [On_Demand | Stopped] -- -- (EventSystem)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2005/04/29 09:10:08 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/04/29 09:09:04 | 000,110,672 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/04/29 09:08:52 | 000,221,266 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005/03/22 16:47:54 | 000,057,344 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2005/01/07 12:01:52 | 000,049,152 | ---- | M] () [Auto | Running] -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService)
SRV - [2004/04/08 05:25:04 | 001,135,728 | ---- | M] (America Online, Inc.) [Disabled | Stopped] -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011/04/10 22:17:32 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2008/07/07 17:35:36 | 000,034,296 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamcatchme.sys -- (MBAMCatchMe)
DRV - [2008/06/20 13:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2005/05/23 08:27:00 | 000,137,884 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/05/23 08:27:00 | 000,080,272 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/05/23 08:27:00 | 000,010,864 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/05/20 09:31:12 | 000,021,504 | ---- | M] (MTC Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbd.sys -- (kbd)
DRV - [2005/05/20 09:01:20 | 000,005,120 | ---- | M] (MTC Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CIR.sys -- (CIR)
DRV - [2005/05/12 21:54:04 | 001,133,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/07 20:50:32 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005/04/07 20:48:56 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005/04/06 12:48:44 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/03/25 18:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2005/03/22 16:36:20 | 000,653,896 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SLDRV\slntamr.sys -- (Slntamr)
DRV - [2005/03/22 16:35:24 | 000,014,648 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys -- (RecAgent)
DRV - [2005/03/22 16:35:20 | 000,229,848 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SLDRV\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2005/03/22 16:34:36 | 000,101,328 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SLDRV\slnthal.sys -- (SlNtHal)
DRV - [2005/03/22 16:33:56 | 001,397,136 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SLDRV\mtlstrm.sys -- (Mtlstrm)
DRV - [2005/03/22 16:27:04 | 000,013,280 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SLDRV\slwdmsup.sys -- (SlWdmSup)
DRV - [2005/03/14 11:46:52 | 000,047,230 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2005/03/08 21:33:26 | 000,098,560 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2005/02/23 19:46:46 | 000,228,992 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2005/02/01 19:00:24 | 000,020,096 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005/01/28 17:48:58 | 002,310,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/01/06 14:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/12/31 15:24:16 | 000,028,160 | ---- | M] (ULi Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULILAN.SYS -- (ULI5261)
DRV - [2004/12/21 12:38:12 | 000,034,816 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2004/12/15 18:30:14 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2004/11/17 03:27:00 | 000,031,232 | R--- | M] (LITE-ON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbdtv.sys -- (usbdtv) LITE-ON DVB-T (PID=F001)
DRV - [2004/11/17 03:27:00 | 000,022,016 | R--- | M] (LITE-ON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dtvfw.sys -- (DTVFW)
DRV - [2004/11/15 23:51:54 | 000,050,048 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2004/10/19 14:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/10/04 11:33:02 | 000,062,799 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2004/09/21 19:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2004/07/08 18:07:34 | 000,036,531 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/16 14:55:48 | 000,002,851 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2002/10/01 15:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPCA561.SYS -- (CA561) ICatch (VI)
DRV - [1999/09/10 19:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1609197471-2031097339-961219911-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-1609197471-2031097339-961219911-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-1609197471-2031097339-961219911-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1609197471-2031097339-961219911-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-1609197471-2031097339-961219911-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.9\Extensions\\Components: C:\PROGRA~1\MOZILL~1\components\ [2011/04/09 16:23:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.9\Extensions\\Plugins: C:\PROGRA~1\MOZILL~1\plugins\ [2006/12/30 18:33:26 | 000,000,000 | ---D | M]

[2007/09/07 14:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Conforama\Application Data\Mozilla\Firefox\Profiles\itcflf03.default\extensions
[2006/09/28 14:20:13 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Documents and Settings\Conforama\Application Data\Mozilla\Firefox\Profiles\itcflf03.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2006/09/25 23:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/12/30 18:33:15 | 000,061,038 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/12/30 18:33:15 | 000,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/12/30 18:33:16 | 000,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2006/09/26 03:31:38 | 002,078,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2006/09/25 23:32:51 | 000,000,680 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.png
[2006/09/25 23:32:50 | 000,000,782 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.src
[2006/09/25 23:32:50 | 000,000,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.gif
[2006/09/25 23:32:51 | 000,001,081 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.src
[2006/09/25 23:32:51 | 000,001,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.gif
[2006/09/25 23:32:51 | 000,000,718 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.src
[2006/09/25 23:32:51 | 000,000,115 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.gif
[2006/09/25 23:32:50 | 000,000,686 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.src
[2006/09/25 23:32:51 | 000,000,459 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.png
[2006/09/25 23:32:50 | 000,001,457 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.src
[2006/09/25 23:32:50 | 000,000,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.gif
[2006/09/25 23:32:51 | 000,001,221 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.src

O1 HOSTS File: ([2004/08/05 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {AD21FC64-9439-2F9B-4183-5D96ECF10676} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - No CLSID value found.
O3 - HKU\S-1-5-21-1609197471-2031097339-961219911-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1609197471-2031097339-961219911-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [DIT] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1609197471-2031097339-961219911-1006..\Run: [RDR PROXY] File not found
O4 - Startup: C:\Documents and Settings\Conforama\Menu Démarrer\Programmes\Démarrage\Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe (Stardock)
O4 - Startup: C:\Documents and Settings\Conforama\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe ()
O4 - Startup: C:\Documents and Settings\Conforama\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe (Y'z@Home)
O4 - Startup: C:\Documents and Settings\Conforama\Menu Démarrer\Programmes\Démarrage\Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe (Y'z@Home)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1609197471-2031097339-961219911-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Impression rapide - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Imprimer - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 5616069906 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Conforama\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Conforama\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{22ba00b6-3d37-11dd-aee6-00038a000015}\Shell\AutoRun\command - "" = E:\EmDesk.exe
O33 - MountPoints2\{22ba00b6-3d37-11dd-aee6-00038a000015}\Shell\EmDesk\command - "" = E:\EmDesk.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: AppMgmt - File not found
NetSvcs: EventSystem - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/10 21:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Conforama\Mes documents\ACER
[2011/04/09 18:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Conforama\Application Data\RegistryKeys
[2011/04/09 17:47:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Conforama\Recent
[2011/04/09 16:56:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/09 16:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CCleaner
[2011/04/09 16:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/09 01:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Conforama\Bureau\musique JP
[2005/10/09 08:55:17 | 000,015,008 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[1980/01/01 00:00:00 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\slserv.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/10 22:30:00 | 000,000,246 | ---- | M] () -- C:\WINDOWS\tasks\HDReg.job
[2011/04/10 22:17:32 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2011/04/10 22:00:00 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\A9BF319B90D4AA5B.job
[2011/04/10 21:52:28 | 000,000,711 | ---- | M] () -- C:\Documents and Settings\Conforama\Bureau\Raccourci vers mbam-setup-1.50.1.1100.lnk
[2011/04/10 21:52:28 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\Conforama\Bureau\Raccourci vers hijackthis.lnk
[2011/04/10 21:52:28 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\Conforama\Bureau\Raccourci vers ccsetup304.lnk
[2011/04/10 21:52:28 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\Conforama\Bureau\Raccourci (2) vers HiJackThis.lnk
[2011/04/10 21:52:28 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Conforama\Bureau\Raccourci vers OTL.lnk
[2011/04/10 21:33:00 | 000,445,672 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/04/10 21:33:00 | 000,380,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/10 21:33:00 | 000,064,052 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/04/10 21:33:00 | 000,053,098 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/10 21:28:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/10 21:28:35 | 939,048,960 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/10 21:25:44 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/10 21:16:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/09 16:56:46 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/04/09 16:49:03 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2011/04/09 00:43:20 | 000,209,920 | ---- | M] () -- C:\Documents and Settings\Conforama\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/10 21:52:28 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\Conforama\Bureau\Raccourci vers mbam-setup-1.50.1.1100.lnk
[2011/04/10 21:52:28 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\Conforama\Bureau\Raccourci vers hijackthis.lnk
[2011/04/10 21:52:28 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\Conforama\Bureau\Raccourci vers ccsetup304.lnk
[2011/04/10 21:52:28 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\Conforama\Bureau\Raccourci (2) vers HiJackThis.lnk
[2011/04/10 21:52:28 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Conforama\Bureau\Raccourci vers OTL.lnk
[2011/04/09 16:58:23 | 939,048,960 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/09 16:56:46 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/04/09 16:49:03 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2009/08/05 19:20:56 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2008/07/22 12:46:35 | 000,034,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys
[2008/07/09 17:06:50 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\eiuse.exe
[2007/02/26 14:51:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/02/23 19:11:17 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/10/30 19:27:50 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/10/21 15:11:54 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/25 23:32:42 | 000,002,941 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/09/21 15:15:39 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\deluidrv.exe
[2006/09/21 15:15:39 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\delentry.exe
[2006/07/05 19:57:12 | 000,000,154 | ---- | C] () -- C:\WINDOWS\podiomlive.ini
[2006/07/05 15:47:14 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/07/05 15:47:14 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/07/05 15:47:14 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2006/06/24 09:04:13 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
[2006/05/22 15:37:17 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/06 17:52:13 | 000,000,412 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/03/22 19:09:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Storpg2k.dll
[2006/03/22 19:09:10 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2006/03/03 16:23:46 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2006/03/03 16:12:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/02/26 21:33:51 | 000,118,784 | ---- | C] () -- C:\WINDOWS\ShowBmp.exe
[2006/02/26 21:33:51 | 000,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2006/02/26 21:33:51 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2006/02/23 19:53:08 | 000,000,040 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI
[2006/02/20 20:16:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/02/13 13:53:18 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/02/07 00:10:03 | 000,209,920 | ---- | C] () -- C:\Documents and Settings\Conforama\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/05 20:32:13 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2006/02/05 20:30:13 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2006/02/05 20:30:13 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2006/02/03 00:07:24 | 000,036,734 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe
[2006/02/03 00:04:30 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\9B89EEFD80.sys
[2006/01/24 20:08:29 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/01/23 19:46:00 | 000,152,064 | ---- | C] () -- C:\WINDOWS\snap.dat
[2006/01/23 19:10:57 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7I.DLL
[2005/11/29 14:27:47 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Conforama\Local Settings\Application Data\fusioncache.dat
[2005/11/23 06:00:00 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/10/09 09:43:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/09 09:23:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\jRegistryKey.dll
[2005/10/09 09:23:54 | 000,000,289 | ---- | C] () -- C:\WINDOWS\my.ini
[2005/10/09 09:22:37 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2005/10/09 09:16:33 | 000,007,154 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2005/10/09 09:14:47 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/09 09:04:04 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/10/09 09:04:04 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/10/09 09:04:04 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/10/09 08:55:17 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005/10/09 08:55:17 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\slmh.exe
[2005/10/09 08:55:17 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005/10/09 08:55:17 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\minirec.exe
[2005/10/09 08:55:17 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2005/10/09 08:55:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\SmCfg.exe
[2005/08/12 23:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/05/12 14:24:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/11 20:14:32 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/12/20 12:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/12/02 16:20:16 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/09/22 11:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/09/01 17:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/16 18:25:16 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/16 18:17:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/16 18:05:45 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/16 17:56:59 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/16 17:54:04 | 000,238,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/16 17:41:35 | 000,445,672 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2004/08/16 17:41:35 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2004/08/16 17:41:35 | 000,064,052 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2004/08/16 17:41:35 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2004/08/16 17:41:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/16 17:40:58 | 000,380,684 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/16 17:40:58 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/16 17:40:58 | 000,053,098 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/16 17:40:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/16 17:40:56 | 000,004,613 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/16 17:40:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/16 17:40:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/16 17:40:37 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/16 17:40:37 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/16 17:40:20 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/16 17:40:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/07/29 16:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2002/12/14 23:46:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/12/14 23:46:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/12/14 23:46:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/12/14 22:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/11/15 14:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[1997/06/14 10:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1980/01/01 00:00:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[1980/01/01 00:00:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[1980/01/01 00:00:00 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[1980/01/01 00:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\slcoinst.dll
[1980/01/01 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\slrundll.exe

========== LOP Check ==========

[2006/01/23 19:11:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2006/10/01 17:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\First stupid else meet
[2006/08/08 00:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2005/11/29 22:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/07/21 10:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Conforama\Application Data\Camfrog
[2006/07/27 20:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Conforama\Application Data\CamfrogBar
[2007/02/23 14:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Conforama\Application Data\Canon
[2007/01/08 23:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Conforama\Application Data\cerasus.media
[2006/09/26 00:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Conforama\Application Data\Desktop Sidebar
[2006/02/06 10:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Conforama\Application Data\Leadertech
[2006/02/13 14:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Conforama\Application Data\LiteOn
[2006/10/02 12:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Conforama\Application Data\Online Free Eggs
[2011/04/09 18:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Conforama\Application Data\RegistryKeys
[2006/01/25 12:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Conforama\Application Data\Shareaza
[2006/08/09 20:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Conforama\Application Data\Surfheckmail
[2007/09/10 15:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Conforama\Application Data\Template
[2011/04/10 22:00:00 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\Tasks\A9BF319B90D4AA5B.job
[2011/04/10 22:30:00 | 000,000,246 | ---- | M] () -- C:\WINDOWS\Tasks\HDReg.job
[2005/11/29 14:26:37 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/07/22 16:56:34 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/07/22 16:56:34 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/07/22 16:56:34 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/07/22 16:56:34 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CTFMON.EXE >
[2004/08/05 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5584247B568C2E53934873F4B655FE6A -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe

< MD5 for: EVENTLOG.DLL >
[2004/08/05 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004/08/05 14:00:00 | 001,884,672 | ---- | M] (Microsoft Corporation) MD5=90E794C5D2D368686FE71B4A0354462C -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/05 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/05 14:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >

Salut et merci
huggie
 
Messages: 23
Inscription: 24 Déc 2005, 19:18

Re: bouton "REPONSE"

Messagede nickW » 13 Avr 2011, 01:03

Bonsoir,

Quand comprendras-tu qu'il ne faut pas créer QUATRE nouveaux sujets, mais utiliser le bouton Répondre pour ajouter de nouveaux messages dans ton sujet initial?


Peux-tu me décrire exactement les symptômes car "Objet: plus de connexion internet.", cela reste vague?
*- Avec tous les navigateurs?
*- Messages d'erreur?
*- etc ...

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 25 invités