OK Pages internet s'affichent en double + pub intempestives

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

OK Pages internet s'affichent en double + pub intempestives

Messagede richou » 30 Sep 2008, 13:18

Bonjour,
depuis quelques jours, mes pages internet s'affichent en double !!! des pages de pub s'affichent !! et une alerte de sécurité windows s'affiche pour me prévenir que la mises à jour automatique de windows est désactivée. J'essaie de la réactiver mais c'est impossible.
Il y a un problème sur ma machine mais je n'arrive pas à m'en sortir.
Si quelqu'un peut m'aider, merci.
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede nickW » 01 Oct 2008, 00:25

Bonsoir,

Peux-tu créer puis envoyer des "logs" (rapports d'analyse) de l'état de ton PC:

Ces instructions sont valables uniquement pour Windows XP.
Si ton PC est sous un autre système d'exploitation, dis-le moi afin que je t'envoie d'autres instructions.



Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser.



Étape 1: OTViewIt (de OldTimer), téléchargement
Télécharger OTViewIt.exe depuis http://oldtimer.geekstogo.com/OTViewIt.exe
Enregistrer ce fichier sur le Bureau.


Étape 2: Navilog1 (de IL-MAFIOSO), Option 1
Télécharger Navilog1 par un clic droit sur le lien ci-dessous:
http://pagesperso-orange.fr/il.mafioso/ ... vilog1.exe
Enregistrer le fichier sur le Bureau.
Fermer toutes les applications actives (comme traitement de texte, navigateur).
Faire un double clic sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, l'outil s'exécutera automatiquement.
(Si ce n'est pas le cas, faire un double clic sur le raccourci Navilog1 présent sur le Bureau).

Suivre les indications affichées.
Sur le menu principal, choisir l'option 1 et valider.
(ne pas choisir les options 2,3 ou 4 sans mon avis/accord)

Attendre jusqu'au message :
*** Analyse Termine le ..... ***
Appuyer sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Note: Dans le Bloc-notes, vérifier dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sous le nom navi1.txt
Fermer le Bloc-notes.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)


Étape 3: OTViewIt (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.
Faire un double clic sur OTViewIt.exe pour lancer l'outil.
Cliquer sur le bouton Run Scan et laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant l'un des deux rapports.
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTViewIt.


Étape 4: Résultats
Envoyer en réponse:
*- le rapport de Navilog1, Option 1 (contenu du fichier navi1.txt)

Envoyer ensuite en réponse dans deux messages distincts (à cause de la longueur des logs):
*- les deux rapports de OTViewIt (contenu des fichiers OTViewIt.txt et Extras.txt situés sur le Bureau).

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede richou » 01 Oct 2008, 09:02

Bonjour Nickw,
c'est encore moi ! On avait eu déja affaire ensemble il y a quelques mois pour une contamination et tout c'était bien passé.
Donc voila le rapport de navilog1 :

Search Navipromo version 3.6.6 commencé le 01/10/2008 à 9:36:24,79

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spéblurpte !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Richard"

Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "D:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "D:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "d:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "D:\Documents and Settings\Richard.1043768403116.000\applic~1" ***


*** Recherche dossiers dans "D:\Documents and Settings\Richard.1043768403116.000\locals~1\applic~1" ***


*** Recherche dossiers dans "D:\Documents and Settings\Richard.1043768403116.000\menudm~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "D:\Documents and Settings\Richard.1043768403116.000\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "D:\Documents and Settings\Richard.1043768403116.000\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\DdfMlnpo.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 01/10/2008 à 9:39:39,03 ***


la suite dans un prochain message....
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede richou » 01 Oct 2008, 09:04

voici donc le 2ème message :

otviexlt :

OTViewIt logfile created on: 01/10/2008 09:44:49 - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = D:\Documents and Settings\Richard.1043768403116.000\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1023,36 Mb Total Physical Memory | 526,80 Mb Available Physical Memory | 51,48% Memory free
2,40 Gb Paging File | 1,87 Gb Available in Paging File | 77,75% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,99 Gb Total Space | 6,88 Gb Free Space | 22,93% Space Free | Partition Type: NTFS
Drive D: | 196,88 Gb Total Space | 164,07 Gb Free Space | 83,34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 1043768403116
Current User Name: Richard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2005/08/05 21:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2008/04/14 04:34:20 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2005/08/25 19:41:44 | 00,155,648 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\PhiBtn.exe
[2005/08/25 19:41:58 | 00,266,240 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\Tray900.exe
[2005/02/16 17:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
[2008/01/15 04:22:56 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/09/13 18:41:50 | 00,380,536 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2005/07/06 01:58:36 | 00,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\OpWare15.exe
[2006/11/17 05:42:52 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
[2004/04/08 05:25:04 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe
[2008/06/21 12:49:26 | 00,290,816 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\bdmcon.exe
[2007/03/26 15:49:46 | 00,069,632 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\bdagent.exe
[2007/07/09 12:39:05 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/04/14 04:34:20 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/04/14 04:34:20 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2005/05/31 14:23:08 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
[2005/05/11 13:50:14 | 00,221,266 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
[2005/05/11 13:52:00 | 00,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
[2005/05/11 13:52:04 | 00,737,381 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
[2005/01/07 12:01:52 | 00,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
[2008/06/07 15:23:40 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2005/05/31 14:29:16 | 00,577,597 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
[2006/12/04 12:53:32 | 00,139,305 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IMApp.exe
[2006/02/10 19:00:58 | 00,069,632 | ---- | M] (VoyagerSoft, LLC) -- C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
[2005/04/01 19:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
[2004/02/26 09:52:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
[2006/11/09 13:33:04 | 00,086,016 | ---- | M] (SOFTWIN S.R.L) -- C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
[2005/05/11 13:50:34 | 00,110,672 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
[2008/08/07 16:10:15 | 00,278,528 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
[2007/01/19 16:12:56 | 00,081,920 | ---- | M] () -- C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
[2008/06/21 12:49:34 | 00,462,848 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\vsserv.exe
[2008/04/14 04:34:29 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/01/15 04:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/06/23 11:21:49 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/01 09:31:16 | 00,419,840 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/13 18:41:50 | 00,380,536 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Running])
[2004/04/08 05:25:04 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2007/07/09 12:39:05 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running])
[2007/01/19 16:12:56 | 00,081,920 | ---- | M] () -- C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe -- (bdss [Auto | Running])
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/05/31 14:23:08 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe -- (btwdins [Auto | Running])
[2008/04/14 04:33:57 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2005/05/11 13:50:14 | 00,221,266 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/05/11 13:50:34 | 00,110,672 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched [Auto | Running])
[2005/05/11 13:52:00 | 00,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service [Auto | Running])
[2008/03/04 15:59:28 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2005/01/07 12:01:52 | 00,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService [Auto | Running])
[2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/01/15 04:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/08/07 16:10:15 | 00,278,528 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
File not found -- -- (MysqlInventime [On_Demand | Stopped])
[2003/07/28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
File not found -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Planificateur LiveUpdate automatique [Auto | Stopped])
[2008/06/07 15:23:40 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2006/02/10 19:00:58 | 00,069,632 | ---- | M] (VoyagerSoft, LLC) -- C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe -- (ScReadSpool [Auto | Running])
[2005/04/01 19:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService [Auto | Running])
[2004/02/26 09:52:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/06/21 12:49:34 | 00,462,848 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\vsserv.exe -- (VSSERV [Auto | Running])
[2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2006/11/09 13:33:04 | 00,086,016 | ---- | M] (SOFTWIN S.R.L) -- C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM [Auto | Running])

========== Driver Services ==========

[2005/05/27 12:51:26 | 00,799,744 | ---- | M] (Philips Semiconductors GmbH) -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid [On_Demand | Stopped])
[2001/08/17 21:52:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ABP480N5.SYS -- (abp480n5 [Boot | Running])
[2001/08/17 22:07:32 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\adpu160m.sys -- (adpu160m [Boot | Running])
[2008/04/13 20:36:39 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agpcpq.sys -- (agpCPQ [Boot | Running])
[2001/08/17 21:52:02 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aha154x.sys -- (Aha154x [Boot | Running])
[2001/08/17 22:07:36 | 00,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aic78u2.sys -- (aic78u2 [Boot | Running])
[2001/08/17 22:07:38 | 00,056,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aic78xx.sys -- (aic78xx [Boot | Running])
[2007/01/25 16:37:16 | 04,027,456 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM [On_Demand | Running])
[2001/08/17 21:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2008/04/13 20:36:38 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\alim1541.sys -- (alim1541 [Boot | Running])
[2008/04/13 20:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Boot | Running])
[2005/03/09 15:53:00 | 00,043,008 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2001/08/17 21:52:04 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amsint.sys -- (amsint [Boot | Running])
[2001/08/17 21:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Boot | Running])
[2001/08/17 21:52:04 | 00,022,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asc3350p.sys -- (asc3350p [Boot | Running])
[2001/08/17 21:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Boot | Running])
[2005/08/03 23:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/07/09 12:36:32 | 00,011,000 | ---- | M] () -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [System | Running])
[2006/09/05 18:03:16 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln [System | Running])
[2006/12/04 16:51:44 | 00,008,704 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\bdfdll.sys -- (bdfdll [On_Demand | Running])
[2006/01/09 18:50:34 | 00,014,145 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv [On_Demand | Running])
[2007/04/20 13:29:44 | 00,025,984 | ---- | M] (Softwin SRL) -- C:\Program Files\Softwin\BitDefender10\bdpredir.sys -- (bdpredir [System | Running])
[2006/06/28 17:13:54 | 00,010,768 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRSDRV [Auto | Running])
[2005/05/31 14:16:06 | 00,401,152 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Stopped])
[2005/05/31 14:11:18 | 00,030,363 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver [On_Demand | Stopped])
[2008/04/13 20:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])
[2008/04/13 20:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2008/06/14 19:33:37 | 00,272,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2008/04/13 20:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB [On_Demand | Stopped])
[2005/05/31 14:13:34 | 01,341,466 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [On_Demand | Running])
File not found -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL [Auto | Stopped])
File not found -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP [Auto | Stopped])
[2005/05/31 14:07:56 | 00,148,040 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
[2005/05/31 14:11:08 | 00,030,189 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem [On_Demand | Stopped])
[2005/05/31 14:10:32 | 00,056,648 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
[2005/08/25 18:28:00 | 01,240,576 | ---- | M] (Philips Consumer Electronics) -- C:\WINDOWS\system32\drivers\camdrv41.sys -- (camvid40 [On_Demand | Stopped])
File not found -- D:\DOCUME~1\RICHAR~1.000\LOCALS~1\Temp\catchme.sys -- (catchme [On_Demand | Running])
[2008/04/13 20:46:23 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE [On_Demand | Stopped])
[2001/08/17 21:52:06 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cd20xrnt.sys -- (cd20xrnt [Boot | Running])
[2001/08/23 17:04:44 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Boot | Running])
[2001/08/17 21:52:06 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray [Boot | Running])
[2001/08/17 21:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Running])
[2001/08/17 21:52:16 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dac960nt.sys -- (dac960nt [Boot | Running])
[2001/08/17 22:07:44 | 00,020,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o [Boot | Running])
[2001/08/17 22:07:44 | 00,025,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hpn.sys -- (hpn [Boot | Running])
[2008/04/13 20:41:22 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt [System | Running])
[2008/04/13 20:41:22 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i2omp.sys -- (i2omp [Boot | Running])
[2001/08/17 21:52:08 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ini910u.sys -- (ini910u [Boot | Running])
[2008/04/14 04:05:15 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/04/13 20:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE [On_Demand | Stopped])
[2001/08/17 21:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Boot | Running])
[2008/04/13 20:39:50 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2008/04/13 20:46:25 | 00,085,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC [On_Demand | Stopped])
[2008/04/13 20:46:22 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP [On_Demand | Stopped])
[2001/08/23 17:15:46 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2001/08/17 22:07:40 | 00,027,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\perc2.sys -- (perc2 [Boot | Running])
[2001/08/17 22:07:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\perc2hib.sys -- (perc2hib [Boot | Running])
[2008/04/14 03:55:30 | 00,040,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor [System | Stopped])
[2006/08/19 05:33:24 | 00,013,568 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\profos.sys -- (Profos [On_Demand | Stopped])
[2004/08/05 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/10/20 02:56:10 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 21:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Boot | Running])
[2001/08/17 21:52:16 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ql10wnt.sys -- (Ql10wnt [Boot | Running])
[2001/08/17 21:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Boot | Running])
[2001/08/17 21:52:16 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ql1240.sys -- (ql1240 [Boot | Running])
[2001/08/17 21:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Boot | Running])
[2008/04/13 20:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2004/08/05 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2004/12/02 16:36:08 | 00,070,912 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2007/11/13 12:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2008/04/13 20:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Boot | Running])
[2008/04/13 20:46:23 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP [On_Demand | Stopped])
[2001/08/17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2001/08/17 22:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Boot | Running])
[2006/08/19 09:23:43 | 00,642,560 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/04/13 20:46:21 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip [On_Demand | Stopped])
[2001/08/17 22:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Boot | Running])
[2001/08/17 22:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Boot | Running])
[2001/08/17 22:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Boot | Running])
[2001/08/17 22:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Boot | Running])
[2001/08/23 17:00:46 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\toside.sys -- (TosIde [Boot | Running])
[2006/08/16 12:11:12 | 00,022,656 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\trufos.sys -- (Trufos [On_Demand | Stopped])
[2001/08/17 21:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Boot | Running])
[2008/04/13 20:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2008/04/13 20:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2008/04/13 20:45:35 | 00,017,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci [On_Demand | Running])
[2006/08/19 21:06:41 | 00,223,128 | ---- | M] () -- C:\WINDOWS\system32\drivers\vaxscsi.sys -- (vaxscsi [On_Demand | Running])
[2008/04/13 20:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp [Boot | Running])
[2008/04/13 20:40:31 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde [Boot | Running])
[2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Running])
[2004/04/14 11:08:00 | 00,010,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])
[2004/04/14 11:08:00 | 00,021,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Stopped])
[2004/04/14 11:08:00 | 00,005,600 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])
[2004/04/14 11:08:00 | 00,044,064 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])
[2006/10/18 21:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
[2008/04/13 20:46:24 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC [On_Demand | Stopped])
[2006/09/28 19:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [Boot | Running])
[2006/09/28 20:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://recherche.neuf.fr/
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Local Page"=http://www.iesearch.com/
"SearchAssistant"=http://recherche.neuf.fr/ie/default.html

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://recherche.neuf.fr/
"Start Page"=http://www.neufportail.fr/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (227994 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
7997 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{017ADA5E-C7D1-4636-8000-F9991B3AA875} (HKLM) -- C:\WINDOWS\system32\opnlMfdD.dll ()
{259F616C-A300-44F5-B04A-ED001A26C85C} (HKLM) -- C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
{68A91F35-47DB-44D7-9D28-E67984E6DD79} (HKLM) -- C:\WINDOWS\system32\ljJYQICs.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{eea958fb-075e-4c33-99e3-0c3d0c481dd7} (HKLM) -- C:\WINDOWS\system32\gkqapf.dll ()

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{259F616C-A300-44F5-B04A-ED001A26C85C}" (HKLM) -- C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{F2CF5485-4E02-4F68-819C-B92DE9277049}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"a08c995d"=rundll32.exe "C:\WINDOWS\system32\kkybenop.dll",b ()
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" (SOFTWIN S.R.L.)
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg (SOFTWIN S.R.L.)
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
"BMa3bfaac1"=Rundll32.exe "C:\WINDOWS\system32\vbqvtxgt.dll",s ()
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"Opware15"="C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe" (ScanSoft, Inc.)
"PDF3 Registry Controller"="C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" (ScanSoft, Inc.)
"PhiBtn"=%SystemRoot%\System32\drivers\PhiBtn.exe (Philips)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RegistryMechanic"= File not found
"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"Traymin900"=%SystemRoot%\System32\drivers\Tray900.exe (Philips)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe /c (IncrediMail, Ltd.)
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" (Ahead Software AG)

========== (O4) Startup Folders ==========

[2005/05/31 14:29:16 | 00,577,597 | ---- | M] (Broadcom Corporation.) -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xporter vers Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2007/05/31 13:41:06 | 10,352,472 | ---- | M] (Microsoft Corporation)
Envoyer à &Bluetooth: C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm [2003/05/29 13:53:12 | 00,001,320 | ---- | M] ()
Open with Scansoft PDF Converter 3.0: C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\ieshellext.dll [2005/04/12 11:16:02 | 00,045,056 | ---- | M] (ScanSoft, Inc.)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Console Java (Sun) -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Recherche -- C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
41 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0742B9EF-8C83-41CA-BFBA-830A59E23533}: https://support.microsoft.com/OAS/ActiveX/MSDcode.cab -- Reg Error: Key does not exist or could not be opened.
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/ ... ontrol.cab -- Windows Genuine Advantage Validation Tool
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdat ... /opuc3.cab -- Office Update Installation Engine
{42E1F024-ECC3-456F-B98A-4CE5ACDBF25C}: https://ssl-tb.sitadelle.com/selfcare.c ... Config.ocx -- ActiveFormX Contrôle
{56393399-041A-4650-94C7-13DFCB1F4665}: http://www3.ca.com/securityadvisor/pest ... stscan.cab -- PSFormX Control
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://www.bitdefender.fr/scan8/oscan8.cab -- BDSCANONLINE Control
{6531D99C-0D0E-4293-B3CB-A3E1D0D41847}: http://aspglobal.ahnlab.com/asp/cab/AhnASP.cab -- AhnASP Control
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftup ... 2678003750 -- MUWebControl Class
{74D05D43-3236-11D4-BDCD-00C04F9A3B61}: http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab -- HouseCall Control
{7B297BFD-85E4-4092-B2AF-16A91B2EA103}: http://www.ca.com/us/securityadvisor/vi ... ebscan.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/fl ... rashim.cab -- Reg Error: Key does not exist or could not be opened.
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}: http://ax.emsisoft.com/asquared.cab -- a-squared Scanner
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_07
{CE3409C4-9E26-4F8E-83E4-778498F9E7B4}: http://www.photoways.com/clients/uploader_v2.2.0.6.cab -- Reg Error: Key does not exist or could not be opened.
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shoc ... sh5r42.cab -- Shockwave Flash Object
{E36C5562-C4E0-4220-BCB2-1C671E3A5916}: file:///C:/DRIVERS/snapsys/HDDDiag/bin/npseatools.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{1B8F7FD5-BD15-49CA-BEEA-28F5847EA193} (Servers: | Description: Carte réseau 1394)
{40DDCCA4-3C9D-41A3-B128-FF4397B58660} (Servers: | Description: )
{6D581BD2-3023-48F3-8820-761EE209CD4A} (Servers: | Description: )
{6E406F32-D6C0-42A6-973F-FA620FD63FCE} (Servers: | Description: )
{83BA01AE-388E-4EF8-A68B-A8EBC7AFFDAE} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{A402D69B-9A75-44B9-94DF-8A77B943F249} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=sockspy.dll
>[2006/01/26 20:19:52 | 00,073,728 | ---- | M] () -- C:\WINDOWS\system32\sockspy.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
ljJYQICs: "DllName" = ljJYQICs.dll -- C:\WINDOWS\system32\ljJYQICs.dll ()
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" (HKLM) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
"{68A91F35-47DB-44D7-9D28-E67984E6DD79}" (HKLM) -- C:\WINDOWS\system32\ljJYQICs.dll ()

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\opnlMfdD,
>[2008/09/25 13:06:02 | 00,253,952 | ---- | M] () -- C:\WINDOWS\system32\opnlMfdD.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Files/Folders - Created Within 30 Days ==========

[246 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/10/01 09:33:44 | 00,000,543 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\Navilog1.lnk
[2008/10/01 09:32:00 | 00,571,687 | ---- | C] (IL-MAFIOSO ) -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\Navilog1.exe
[2008/10/01 09:31:16 | 00,419,840 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\OTViewIt.exe
[2008/09/30 19:10:05 | 00,115,462 | ---- | C] () -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\Page_1 copie.jpg
[2008/09/30 13:44:13 | 00,111,616 | ---- | C] () -- C:\WINDOWS\System32\pkacebii.dll
[2008/09/30 13:44:13 | 00,111,616 | ---- | C] () -- C:\WINDOWS\System32\gkqapf.dll
[2008/09/30 13:41:13 | 00,976,072 | -HS- | C] () -- C:\WINDOWS\System32\ponebykk.ini
[2008/09/30 13:41:13 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\kkybenop.dll
[2008/09/30 13:40:39 | 00,104,448 | ---- | C] () -- C:\WINDOWS\System32\vbqvtxgt.dll
[2008/09/29 11:32:24 | 00,091,440 | ---- | C] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2008/09/28 20:39:25 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2008/09/28 20:39:19 | 00,000,635 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\Registry Mechanic.lnk
[2008/09/28 20:39:14 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2008/09/28 18:17:57 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2008/09/28 17:49:28 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\Madagascar 2008
[2008/09/28 17:48:13 | 00,976,072 | -HS- | C] () -- C:\WINDOWS\System32\jhbvylpy.ini
[2008/09/28 17:45:11 | 00,111,616 | ---- | C] () -- C:\WINDOWS\System32\ttvmnrch.dll
[2008/09/28 17:45:11 | 00,111,616 | ---- | C] () -- C:\WINDOWS\System32\szwlxp.dll
[2008/09/28 17:44:32 | 00,105,984 | ---- | C] () -- C:\WINDOWS\System32\kacvqvth.dll
[2008/09/25 14:18:14 | 00,295,432 | ---- | C] () -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\Untitled1.comicdoc
[2008/09/25 13:09:06 | 00,112,128 | ---- | C] () -- C:\WINDOWS\System32\mvsdhaih.dll
[2008/09/25 13:09:06 | 00,112,128 | ---- | C] () -- C:\WINDOWS\System32\dbpbfw.dll
[2008/09/25 13:07:20 | 00,975,079 | -HS- | C] () -- C:\WINDOWS\System32\flghqoqx.ini
[2008/09/25 13:07:03 | 00,113,127 | ---- | C] () -- C:\WINDOWS\BMa3bfaac1.xml
[2008/09/25 13:07:03 | 00,098,816 | ---- | C] () -- C:\WINDOWS\System32\jtnpgnwn.dll
[2008/09/25 13:07:03 | 00,000,023 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/09/25 13:06:05 | 00,611,740 | -HS- | C] () -- C:\WINDOWS\System32\DdfMlnpo.ini2
[2008/09/25 13:06:05 | 00,611,740 | -HS- | C] () -- C:\WINDOWS\System32\DdfMlnpo.ini
[2008/09/25 13:05:58 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\opnlMfdD.dll
[2008/09/25 13:05:41 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2008/09/25 13:00:50 | 00,044,032 | ---- | C] () -- C:\WINDOWS\System32\qoMEwxWo.dll
[2008/09/25 13:00:50 | 00,044,032 | ---- | C] () -- C:\WINDOWS\System32\ljJYQICs.dll
[2008/09/25 12:38:21 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\Comic Life
[2008/09/25 12:37:15 | 00,000,004 | RHS- | C] () -- D:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
[2008/09/25 12:29:18 | 00,000,000 | ---D | C] -- C:\Program Files\plasq
[2008/09/25 12:28:49 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Wise Installation Wizard
[2008/09/22 20:02:20 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\DancefloorFGSummer2008[1]
[2008/09/19 10:54:17 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\BitTorrent Downloads
[2008/09/19 09:07:34 | 00,000,598 | ---- | C] () -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\Mes dossiers de partage.lnk
[2008/09/19 09:07:17 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\Mes fichiers reçus
[2008/09/03 22:19:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/03 22:07:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/09/03 21:59:36 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/09/03 10:56:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr
[2008/09/03 10:56:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/03 10:56:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/03 10:47:00 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/09/03 10:47:00 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/09/03 10:47:00 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/09/03 10:47:00 | 00,041,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk7.sys
[2008/09/03 10:47:00 | 00,040,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys
[2008/09/03 10:47:00 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ip6fw.sys
[2008/09/03 10:47:00 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mssmbios.sys
[2008/09/03 10:46:59 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2008/09/03 10:46:59 | 00,264,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\http.sys
[2008/09/03 10:46:59 | 00,079,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sdbus.sys
[2008/09/03 10:46:59 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/09/03 10:46:59 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys
[2008/09/03 10:46:59 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tunmp.sys
[2008/09/03 10:46:59 | 00,011,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffdisk.sys
[2008/09/03 10:46:59 | 00,011,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_sd.sys
[2008/09/03 10:46:58 | 00,129,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltmgr.sys
[2008/09/03 10:46:58 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/09/03 10:46:58 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/09/03 10:46:58 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/09/03 10:46:13 | 01,054,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2008/09/03 10:46:13 | 00,734,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2008/09/03 10:46:13 | 00,731,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdll.dll
[2008/09/03 10:46:13 | 00,685,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\advapi32.dll
[2008/09/03 10:46:13 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autoconv.exe
[2008/09/03 10:46:13 | 00,625,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autochk.exe
[2008/09/03 10:46:13 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.dll
[2008/09/03 10:46:13 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2008/09/03 10:46:13 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localspl.dll
[2008/09/03 10:46:13 | 00,281,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.dll
[2008/09/03 10:46:13 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imagehlp.dll
[2008/09/03 10:46:13 | 00,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\desk.cpl
[2008/09/03 10:46:13 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msv1_0.dll
[2008/09/03 10:46:13 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpcsvc.dll
[2008/09/03 10:46:13 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2008/09/03 10:46:13 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\locator.exe
[2008/09/03 10:46:13 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2008/09/03 10:46:13 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msgsvc.dll
[2008/09/03 10:46:13 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2008/09/03 10:46:13 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\format.com
[2008/09/03 10:46:13 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2008/09/03 10:46:13 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mgmtapi.dll
[2008/09/03 10:46:13 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lmhsvc.dll
[2008/09/03 10:46:13 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlsapi.dll
[2008/09/03 10:46:12 | 01,005,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupapi.dll
[2008/09/03 10:46:12 | 00,685,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdlg.dll
[2008/09/03 10:46:12 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\printui.dll
[2008/09/03 10:46:12 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaut32.dll
[2008/09/03 10:46:12 | 00,431,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samsrv.dll
[2008/09/03 10:46:12 | 00,421,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2008/09/03 10:46:12 | 00,307,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sysdm.cpl
[2008/09/03 10:46:12 | 00,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasapi32.dll
[2008/09/03 10:46:12 | 00,145,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwprovau.dll
[2008/09/03 10:46:12 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schannel.dll
[2008/09/03 10:46:12 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2008/09/03 10:46:12 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe
[2008/09/03 10:46:12 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scardsvr.exe
[2008/09/03 10:46:12 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srvsvc.dll
[2008/09/03 10:46:12 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntprint.dll
[2008/09/03 10:46:12 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasauto.dll
[2008/09/03 10:46:12 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samlib.dll
[2008/09/03 10:46:12 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll
[2008/09/03 10:46:12 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastapi.dll
[2008/09/03 10:46:12 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe
[2008/09/03 10:46:12 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfctrs.dll
[2008/09/03 10:46:12 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rshx32.dll
[2008/09/03 10:46:12 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2008/09/03 10:46:12 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2008/09/03 10:46:11 | 01,845,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2008/09/03 10:46:11 | 01,013,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
[2008/09/03 10:46:11 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\untfs.dll
[2008/09/03 10:46:11 | 00,311,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ulib.dll
[2008/09/03 10:46:11 | 00,188,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\acpi.sys
[2008/09/03 10:46:11 | 00,146,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winspool.drv
[2008/09/03 10:46:11 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2008/09/03 10:46:11 | 00,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.sys
[2008/09/03 10:46:11 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wkssvc.dll
[2008/09/03 10:46:11 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32spl.dll
[2008/09/03 10:46:11 | 00,096,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/09/03 10:46:11 | 00,071,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bridge.sys
[2008/09/03 10:46:11 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\arp1394.sys
[2008/09/03 10:46:11 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmarpc.sys
[2008/09/03 10:46:11 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys
[2008/09/03 10:46:11 | 00,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys
[2008/09/03 10:46:11 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmonui.dll
[2008/09/03 10:46:11 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2008/09/03 10:46:11 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2008/09/03 10:46:11 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\asyncmac.sys
[2008/09/03 10:46:11 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2008/09/03 10:46:10 | 00,800,256 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmboot.sys
[2008/09/03 10:46:10 | 00,180,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxdav.sys
[2008/09/03 10:46:10 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2008/09/03 10:46:10 | 00,154,496 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmio.sys
[2008/09/03 10:46:10 | 00,152,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipnat.sys
[2008/09/03 10:46:10 | 00,143,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fastfat.sys
[2008/09/03 10:46:10 | 00,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2008/09/03 10:46:10 | 00,092,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ksecdd.sys
[2008/09/03 10:46:10 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipsec.sys
[2008/09/03 10:46:10 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys
[2008/09/03 10:46:10 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2008/09/03 10:46:10 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdfs.sys
[2008/09/03 10:46:10 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdrom.sys
[2008/09/03 10:46:10 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2008/09/03 10:46:10 | 00,054,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2008/09/03 10:46:10 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dmusic.sys
[2008/09/03 10:46:10 | 00,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys
[2008/09/03 10:46:10 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fips.sys
[2008/09/03 10:46:10 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mountmgr.sys
[2008/09/03 10:46:10 | 00,042,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\imapi.sys
[2008/09/03 10:46:10 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\crusoe.sys
[2008/09/03 10:46:10 | 00,037,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\isapnp.sys
[2008/09/03 10:46:10 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2008/09/03 10:46:10 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\disk.sys
[2008/09/03 10:46:10 | 00,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys
[2008/09/03 10:46:10 | 00,027,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fdc.sys
[2008/09/03 10:46:10 | 00,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdclass.sys
[2008/09/03 10:46:10 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2008/09/03 10:46:10 | 00,023,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouclass.sys
[2008/09/03 10:46:10 | 00,020,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipinip.sys
[2008/09/03 10:46:10 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\flpydisk.sys
[2008/09/03 10:46:10 | 00,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omp.sys
[2008/09/03 10:46:10 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys
[2008/09/03 10:46:10 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2008/09/03 10:46:10 | 00,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2008/09/03 10:46:10 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys
[2008/09/03 10:46:10 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2008/09/03 10:46:10 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2008/09/03 10:46:10 | 00,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omgmt.sys
[2008/09/03 10:46:10 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelide.sys
[2008/09/03 10:46:10 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2008/09/03 10:46:09 | 00,574,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ntfs.sys
[2008/09/03 10:46:09 | 00,456,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2008/09/03 10:46:09 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2008/09/03 10:46:09 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\netbt.sys
[2008/09/03 10:46:09 | 00,105,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mup.sys
[2008/09/03 10:46:09 | 00,091,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndiswan.sys
[2008/09/03 10:46:09 | 00,088,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys
[2008/09/03 10:46:09 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys
[2008/09/03 10:46:09 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parport.sys
[2008/09/03 10:46:09 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pci.sys
[2008/09/03 10:46:09 | 00,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nic1394.sys
[2008/09/03 10:46:09 | 00,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ohci1394.sys
[2008/09/03 10:46:09 | 00,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\p3.sys
[2008/09/03 10:46:09 | 00,040,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndproxy.sys
[2008/09/03 10:46:09 | 00,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys
[2008/09/03 10:46:09 | 00,035,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msgpc.sys
[2008/09/03 10:46:09 | 00,034,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\netbios.sys
[2008/09/03 10:46:09 | 00,030,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npfs.sys
[2008/09/03 10:46:09 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2008/09/03 10:46:09 | 00,019,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\partmgr.sys
[2008/09/03 10:46:09 | 00,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfs.sys
[2008/09/03 10:46:09 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisuio.sys
[2008/09/03 10:46:09 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisip.sys
[2008/09/03 10:46:09 | 00,010,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndistapi.sys
[2008/09/03 10:46:09 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mskssrv.sys
[2008/09/03 10:46:09 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys
[2008/09/03 10:46:09 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspclock.sys
[2008/09/03 10:46:09 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspqm.sys
[2008/09/03 10:46:08 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.sys
[2008/09/03 10:46:08 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv.sys
[2008/09/03 10:46:08 | 00,225,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2008/09/03 10:46:08 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys
[2008/09/03 10:46:08 | 00,196,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2008/09/03 10:46:08 | 00,175,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdbss.sys
[2008/09/03 10:46:08 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2008/09/03 10:46:08 | 00,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2008/09/03 10:46:08 | 00,120,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pcmcia.sys
[2008/09/03 10:46:08 | 00,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys
[2008/09/03 10:46:08 | 00,073,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2008/09/03 10:46:08 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\psched.sys
[2008/09/03 10:46:08 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serial.sys
[2008/09/03 10:46:08 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2008/09/03 10:46:08 | 00,058,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/09/03 10:46:08 | 00,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2008/09/03 10:46:08 | 00,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rasl2tp.sys
[2008/09/03 10:46:08 | 00,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2008/09/03 10:46:08 | 00,048,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\raspptp.sys
[2008/09/03 10:46:08 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\raspppoe.sys
[2008/09/03 10:46:08 | 00,040,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\processr.sys
[2008/09/03 10:46:08 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys
[2008/09/03 10:46:08 | 00,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2008/09/03 10:46:08 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2008/09/03 10:46:08 | 00,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys
[2008/09/03 10:46:08 | 00,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serenum.sys
[2008/09/03 10:46:08 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\streamip.sys
[2008/09/03 10:46:08 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys
[2008/09/03 10:46:08 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Sy
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede richou » 01 Oct 2008, 09:08

et enfin le 3ème, le extras.txt :

OTViewIt Extras logfile created on: 01/10/2008 09:44:49 - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = D:\Documents and Settings\Richard.1043768403116.000\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1023,36 Mb Total Physical Memory | 526,80 Mb Available Physical Memory | 51,48% Memory free
2,40 Gb Paging File | 1,87 Gb Available in Paging File | 77,75% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,99 Gb Total Space | 6,88 Gb Free Space | 22,93% Space Free | Partition Type: NTFS
Drive D: | 196,88 Gb Total Space | 164,07 Gb Free Space | 83,34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 1043768403116
Current User Name: Richard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
"SerialNumber"=A109A-K13-3ZXD-BAP5-TE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 04:34:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/05/31 12:14:04 | 00,259,184 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
[2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2007/01/19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 04:34:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/05/31 12:13:50 | 00,038,000 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\aol.exe:*:Disabled:AOL
[2005/05/31 12:14:04 | 00,259,184 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL 9.0
[2004/12/25 17:54:04 | 00,163,328 | ---- | M] (Inventime) -- C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME
[2007/09/08 01:01:54 | 00,043,008 | ---- | M] () -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2006/12/04 12:53:32 | 00,139,305 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail
[2006/12/04 12:53:32 | 00,204,843 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
[2006/10/31 15:02:28 | 00,086,058 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
[2005/08/15 18:38:13 | 00,081,920 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2006/12/04 12:53:32 | 00,278,568 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail
[2006/09/14 16:15:24 | 05,001,216 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule
File not found -- C:\Program Files\SHARE 1.0 EX2\Share.exe:*:Enabled:Share
[2008/04/14 04:34:01 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2008/04/14 04:34:20 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application
[2008/01/15 04:22:48 | 19,926,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
File not found -- C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic
File not found -- C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic
File not found -- C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic
File not found -- C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade
File not found -- C:\Program Files\Wyzo\wyzo.exe:*:Disabled:Wyzo
[2005/05/31 12:13:50 | 00,038,000 | ---- | M] (America Online, Inc.) -- %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL
File not found -- %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA
File not found -- %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA
[2007/01/19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
NameSpace_Catalog5\Catalog_Entries\000000000005 [Espace de noms Bluetooth] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2007/03/14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B7DDCD3-D6D8-4366-A6D8-9B6495A2925E}"=ScanSoft OmniPage 15.0
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=Panneau de contrôle ATI
"{162DDD86-C087-4E59-B7A8-0C1D8F884A9A}"=Adobe Fonts All
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}"=Samsung PC Studio
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD
"{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}"=Philips SPC 900NC PC Camera
"{22524CA1-515C-4153-9807-52AE65F73B5F}"=BitDefender Antivirus Plus v10
"{265FCC3B-4814-4B2B-89D6-217DFB8AD886}"=Adobe Device Central CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}"=WIDCOMM Bluetooth Software
"{3F50AF3B-8997-4916-0095-99D63DDB785A}"=Harry Potter TM
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}"=Grand Theft Auto Vice City
"{51DC4D9C-F729-48A7-9CE0-BC77529ECCA2}"=Adobe WinSoft Linguistics Plugin
"{602A205F-8D02-48EE-8782-262B2103B984}"=ScanSoft PDF Converter 3.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{7302810D-7ACF-4339-B27B-57016CAADDCD}"=Adobe Asset Services CS3
"{73B79E83-490B-460D-B0D6-2C7B73980325}"=Adobe Stock Photos CS3
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}"=Macromedia Shockwave Player
"{85309D89-7BE9-4094-BB17-24999C6118FC}"=ArcSoft PhotoStudio 5.5
"{89ACA875-BDB9-443C-B7C7-D74D3BDE8FE2}"=Philips VLounge
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}"=VC_MergeModuleToMSI
"{9011040C-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0020-040C-0000-0000000FF1CE}"=Module de compatibilité pour Microsoft Office System 2007
"{91D829E6-F1D1-433F-861F-0552DFED0EAD}"=Adobe PDF Library Files
"{93656878-FF8B-4935-99BB-F3F260037C57}"=Lara Croft Tomb Raider: The Angel Of Darkness
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow!
"{9A394342-4A68-4EBA-85A6-55B559F4E700}"=Microsoft .NET Framework 1.1 French Language Pack
"{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}"=SolidConverterPDF
"{A16E2D86-7D92-48F4-9649-6029C96D4D8F}"=L'Internet ADSL de Cegetel
"{A3088CD2-612B-11D3-AF43-00C04F443448}"=Microsoft Works 2000
"{A4464AC3-D85E-4649-8748-706191063DF6}"=Adobe Anchor Service CS3
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A78A65E4-1D88-477A-83B4-3EC540F6A55A}"=Adobe Type Support
"{AC76BA86-7AD7-1036-7B44-A81200000003}"=Adobe Reader 8.1.2 - Français
"{AD1D8B40-F83C-41CA-BA08-9DB8D1653316}"=ScanSoft PDF Create 3.0
"{AED353B9-E6D7-406F-B007-2C55C5265EB3}"=Adobe Camera Raw 4.0
"{B056DB05-BF39-49A0-AAB8-C8FA49D9660C}"=Micro Application - PrintPratic 3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}"=iTunes
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}"=Logitech Gaming Software
"{BA0601E1-B65C-11D5-80A9-0000B494D9A6}"=PC Booster
"{BB148BFF-D96D-48B6-9B4A-243DCC6DD444}"=Comic Life
"{BF18C55F-791F-4C17-AB75-E397EE01C14B}"=Adobe Version Cue CS3 Client
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}"=QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CBF7A9A4-C0D4-4BA0-8991-C9B7D90A5298}"=Adobe Setup
"{CE52110A-7773-444F-9E5D-4A45E4792DB6}"=Adobe Bridge Start Meeting
"{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}"=Canon MP450
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}"=GTA San Andreas
"{D446BA40-1F5F-44EB-A794-0AC14F809C79}"=Adobe Default Language CS3
"{D8FC8E35-D397-4C16-87AE-141A625221E4}"=Adobe CMaps
"{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}"=Dragon NaturallySpeaking 9
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Codeur Windows Media Série 9
"{E5C28906-EC86-404E-BB4F-6AB2590451FF}"=Adobe Linguistics CS3
"{F0CF6455-EDD8-41C6-A96A-223874E660CC}"=Adobe XMP Panels CS3
"{F32F1F7C-322D-46B9-B69A-5C3EDC88B74C}"=Adobe Photoshop CS3
"{F3697BA5-C8D8-4925-ACCA-F486C76BAD33}"=Adobe Help Viewer 1.1
"{F36CFE58-47C0-4D75-995B-E0172563FA83}"=Adobe ExtendScript Toolkit 2
"{F5346614-B7C4-4E94-826A-E2363155233D}"=EasyCleaner
"{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}"=Windows Live Messenger
"{FABA59CC-347B-478B-B2A7-37BF0885CACB}"=Adobe Bridge CS3
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe_8d0dc9390f2c596455e1446b5918a40"=Adobe Photoshop CS3
"a-squared Free_is1"=a-squared Free 3.0
"AVGAntiSpyware75"=AVG Anti-Spyware 7.5
"BitTorrent"=BitTorrent 5.0.9
"CCleaner"=CCleaner (remove only)
"Desperados - Une aventure au Far West 1.01"=Desperados - Une aventure au Far West 1.01
"DVD Shrink_is1"=DVD Shrink 3.2
"EAX Unified"=EAX Unified
"eMule"=eMule
"FIFA 2000"=FIFA 2000
"Foxit Reader"=Foxit Reader
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"IncrediMail"=IncrediMail Xe
"InstallShield_{93656878-FF8B-4935-99BB-F3F260037C57}"=Lara Croft Tomb Raider: The Angel Of Darkness
"Kaspersky On-line Scanner"=Kaspersky On-line Scanner
"LimeWire"=LimeWire PRO 4.9.23
"Messenger Plus! Live"=Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MP Navigator 2.0"=Canon MP Navigator 2.0
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Navilog1_is1"=Navilog1 3.6.6
"Nero - Burning Rom!UninstallKey"=Nero 6 Ultra Edition
"NeroVision!UninstallKey"=Nero Digital
"Network Play System"=EA Network Play System
"Neuf_Kit"=Neuf - Kit de connexion
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PhotoFiltre"=PhotoFiltre
"Registry Mechanic_is1"=Registry Mechanic 7.0
"SpywareBlaster_is1"=SpywareBlaster 4.1
"Téléchargement PHOTOWAYS"=Téléchargement PHOTOWAYS 3.0.7
"TomTom HOME"=TomTom HOME
"VLC media player"=VideoLAN VLC media player 0.8.6h
"Vodafone 804SS USB driver"=Vodafone 804SS USB driver Software
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Lecteur Windows Media 11
"Windows XP Service"=Windows XP Service Pack 3
"WinRAR archiver"=Archiveur WinRAR
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/09/2008 13:53:03 | Computer Name = 1043768403116 | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 11.0.6568.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 12/09/2008 13:54:09 | Computer Name = 1043768403116 | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 11.0.6568.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 17/09/2008 08:26:36 | Computer Name = 1043768403116 | Source = Application Hang | ID = 1002
Description = Application bloquée bdlite.exe, version 10.1.0.2, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 25/09/2008 07:51:51 | Computer Name = 1043768403116 | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16705, module
défaillant kernel32.dll, version 5.1.2600.5512, adresse de défaillance 0x00012aeb.

Error - 28/09/2008 13:12:36 | Computer Name = 1043768403116 | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16705, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00f8176c.

Error - 29/09/2008 05:57:30 | Computer Name = 1043768403116 | Source = Application Error | ID = 1000
Description = Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant
dbghelp.dll, version 5.1.2600.5512, adresse de défaillance 0x0001295d.

Error - 29/09/2008 05:57:39 | Computer Name = 1043768403116 | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16705, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 30/09/2008 08:08:09 | Computer Name = 1043768403116 | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16705, module
défaillant kernel32.dll, version 5.1.2600.5512, adresse de défaillance 0x00012aeb.

Error - 30/09/2008 13:05:22 | Computer Name = 1043768403116 | Source = Application Hang | ID = 1002
Description = Application bloquée notepad.exe, version 5.1.2600.5512, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 30/09/2008 13:05:23 | Computer Name = 1043768403116 | Source = Application Hang | ID = 1002
Description = Application bloquée notepad.exe, version 5.1.2600.5512, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 30/09/2008 13:17:13 | Computer Name = 1043768403116 | Source = Print | ID = 6161
Description = Impossible d'imprimer le document Page_1.psd appartenant à Richard
sur l'imprimante Canon MP450 Series Printer. Type de données : NT EMF 1.008. Taille
du fichier spoule en octets : 2526964. Nombre d'octets imprimés : 2526888. Nombre
de pages dans le document : 1. Nombre de pages imprimées : 0. Ordinateur client
: \\1043768403116. Le code d'erreur Win32 renvoyé par le processeur d'impression
était : 0 (0x0).

Error - 30/09/2008 13:43:56 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service General Purpose USB Driver (adildr.sys) n'a pas pu démarrer
en raison de l'erreur : %%2

Error - 30/09/2008 13:43:56 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service Bluetooth Serial Driver n'a pas pu démarrer en raison de
l'erreur : %%2

Error - 30/09/2008 13:43:56 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service Bluetooth Port Client Driver n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 30/09/2008 13:43:56 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 30/09/2008 13:45:46 | Computer Name = 1043768403116 | Source = System Error | ID = 1003
Description = Code erreur 1000008e, paramètre 1 c0000005, paramètre 2 805cf6d0,
paramètre 3 f21efc40, paramètre 4 00000000.

Error - 01/10/2008 03:22:28 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service General Purpose USB Driver (adildr.sys) n'a pas pu démarrer
en raison de l'erreur : %%2

Error - 01/10/2008 03:22:28 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service Bluetooth Serial Driver n'a pas pu démarrer en raison de
l'erreur : %%2

Error - 01/10/2008 03:22:28 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service Bluetooth Port Client Driver n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 01/10/2008 03:22:28 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3


<End>



Pour moi, c'est toujours de l'Hébreu !
Si tu vois quelque chose que je devrais enlever ou mettre. Fais moi part de tes remarques...
Merci encore
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede nickW » 01 Oct 2008, 21:16

Bonsoir,

La suite...


Au vu de la longueur de la procédure, je te conseille de l'imprimer, d'enregistrer la page dans un fichier HTML (c'est la meilleure solution), ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet et il y aura des redémarrages).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection.


Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).


Étape 1: Création du fichier reparlsa.reg
Ouvrir une înstance du Bloc-notes: Démarrer---->Exécuter, taper notepad puis cliquer sur OK.
Faire un copier/coller des lignes ci-dessous (dans la zone blanche située sous "Code:") dans la fenêtre du Bloc-notes qui vient d'être ouverte.
Dans le Bloc-notes, vérifier (dans le menu Format) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom de reparlsa.reg
Attention no 1: Il y a une ligne blanche après la dernière ligne
Attention no 2: l'extension doit être .reg , choisir "Tous les fichiers" dans la liste déroulante de "Type" lors du "Enregistrer sous.."
Si l'extension est .reg.txt, renommer le fichier en .reg
Code: Tout sélectionner
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00



Fermer le Bloc-notes.


Étape 2: The Avenger (de Swandog46), téléchargement
Télécharger The Avenger en cliquant sur ce lien: http://swandog46.geekstogo.com/avenger2/download.php
Enregistrer ce fichier sur le Bureau.
Extraire de l'archive avenger.zip le fichier avenger.exe et le placer sur le Bureau.


Étape 3: Création du fichier aven1.txt
Ouvrir une înstance du Bloc-notes: Démarrer---->Exécuter, taper notepad puis cliquer sur OK.
Faire un copier/coller des lignes ci-dessous (dans la zone blanche située sous "Code:") dans la fenêtre du Bloc-notes qui vient d'être ouverte.
Dans le Bloc-notes, vérifier (dans le menu Format) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sur le Bureau sous le nom de aven1.txt

Code: Tout sélectionner
Begin copying here:

Files to delete:
C:\WINDOWS\BMa3bfaac1.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\System32\dbpbfw.dll
C:\WINDOWS\System32\DdfMlnpo.ini
C:\WINDOWS\System32\DdfMlnpo.ini2
C:\WINDOWS\System32\flghqoqx.ini
C:\WINDOWS\system32\gkqapf.dll
C:\WINDOWS\System32\jhbvylpy.ini
C:\WINDOWS\System32\jtnpgnwn.dll
C:\WINDOWS\System32\kacvqvth.dll
C:\WINDOWS\system32\kkybenop.dll
C:\WINDOWS\system32\ljJYQICs.dll
C:\WINDOWS\System32\mvsdhaih.dll
C:\WINDOWS\system32\opnlMfdD.dll
C:\WINDOWS\System32\pkacebii.dll
C:\WINDOWS\System32\ponebykk.ini
C:\WINDOWS\System32\qoMEwxWo.dll
C:\WINDOWS\System32\szwlxp.dll
C:\WINDOWS\System32\ttvmnrch.dll
C:\WINDOWS\system32\vbqvtxgt.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{017ADA5E-C7D1-4636-8000-F9991B3AA875}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68A91F35-47DB-44D7-9D28-E67984E6DD79}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eea958fb-075e-4c33-99e3-0c3d0c481dd7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJYQICs

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | a08c995d
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | BMa3bfaac1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {68A91F35-47DB-44D7-9D28-E67984E6DD79}


Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: richou.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 4: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image BitDefender: double clic sur l'icône dans la SysBarre (à coté de l'horloge), dans le menu "Antivirus", dans l'onglet "Résident", décocher la case située devant "Protection en temps réel activée"


Étape 5: Utilisation du fichier reparlsa.reg
Faire un clic droit sur reparlsa.reg, puis dans le menu contextuel choisir Fusionner et accepter la fusion dans le Registre.


Étape 6: The Avenger (de Swandog46), exécution
Fermer toutes les fenêtres de programme (il va y avoir redémarrage du PC).
Lancer The Avenger en cliquant sur son icône située sur le Bureau.
Cliquer sur OK sur le message d'avertissement.
Cliquer sur l'icône Image représentant un dossier jaune.

Il y a ouverture d'une nouvelle fenêtre "Open script file"
Dans cette fenêtre, naviguer jusqu'au Bureau et sélectionner (double clic) le fichier aven1.txt

Le contenu du fichier aven1.txt doit s'afficher dans la zone blanche (sous "Input script here:").

Ensuite cliquer sur le bouton Image "Execute" pour lancer l'exécution du script.

Cliquer sur "Oui" deux fois quand demandé (fenêtres "Confirm execution" et "First step completed").
Il va y avoir un ou deux redémarrages (avec une brève apparition d'une fenêtre de commande à fond noir).
En fin d'exécution, le rapport s'affichera dans le Bloc-notes.
Fermer le Bloc-notes.


Étape 7: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 8: OTViewIt (de OldTimer)
Supprimer les deux fichiers OTViewIt.txt et Extras.txt présents sur le Bureau.
Fermer toutes les fenêtres de programme ouvertes.
Faire un double clic sur OTViewIt.exe pour lancer l'outil.
Cliquer sur le bouton Run Scan et laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant l'un des deux rapports.
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTViewIt.


Étape 9: Résultats
Envoyer en réponse:
*- le rapport de The Avenger (contenu du fichier SystemDrive\avenger.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans deux messages distincts (à cause de la longueur des logs):
*- les deux rapports de OTViewIt (contenu des fichiers OTViewIt.txt et Extras.txt situés sur le Bureau).

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede richou » 02 Oct 2008, 10:12

Bonjour Nickw,
j'ai fait les manips que tu m'as demandées. Tout c'est bien passé sauf qu'avant de commencer l'étape 6, mon ordinateur s'est éteint et je l'ai redémarré.
Voici donc le rapport d'avenger :

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\BMa3bfaac1.xml" deleted successfully.
File "C:\WINDOWS\pskt.ini" deleted successfully.
File "C:\WINDOWS\System32\dbpbfw.dll" deleted successfully.
File "C:\WINDOWS\System32\DdfMlnpo.ini" deleted successfully.
File "C:\WINDOWS\System32\DdfMlnpo.ini2" deleted successfully.
File "C:\WINDOWS\System32\flghqoqx.ini" deleted successfully.
File "C:\WINDOWS\system32\gkqapf.dll" deleted successfully.
File "C:\WINDOWS\System32\jhbvylpy.ini" deleted successfully.
File "C:\WINDOWS\System32\jtnpgnwn.dll" deleted successfully.
File "C:\WINDOWS\System32\kacvqvth.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\kkybenop.dll" not found!
Deletion of file "C:\WINDOWS\system32\kkybenop.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\ljJYQICs.dll" deleted successfully.
File "C:\WINDOWS\System32\mvsdhaih.dll" deleted successfully.
File "C:\WINDOWS\system32\opnlMfdD.dll" deleted successfully.
File "C:\WINDOWS\System32\pkacebii.dll" deleted successfully.
File "C:\WINDOWS\System32\ponebykk.ini" deleted successfully.
File "C:\WINDOWS\System32\qoMEwxWo.dll" deleted successfully.
File "C:\WINDOWS\System32\szwlxp.dll" deleted successfully.
File "C:\WINDOWS\System32\ttvmnrch.dll" deleted successfully.
File "C:\WINDOWS\system32\vbqvtxgt.dll" deleted successfully.

Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{017ADA5E-C7D1-4636-8000-F9991B3AA875}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{017ADA5E-C7D1-4636-8000-F9991B3AA875}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68A91F35-47DB-44D7-9D28-E67984E6DD79}" deleted successfully.

Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eea958fb-075e-4c33-99e3-0c3d0c481dd7}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eea958fb-075e-4c33-99e3-0c3d0c481dd7}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJYQICs" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|a08c995d" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BMa3bfaac1" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{68A91F35-47DB-44D7-9D28-E67984E6DD79}" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede richou » 02 Oct 2008, 10:14

voici celui de otviewit.txt :

OTViewIt logfile created on: 02/10/2008 10:28:16 - Run 2
OTViewIt by OldTimer - Version 1.0.9.2 Folder = D:\Documents and Settings\Richard.1043768403116.000\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1023,36 Mb Total Physical Memory | 565,34 Mb Available Physical Memory | 55,24% Memory free
2,40 Gb Paging File | 1,99 Gb Available in Paging File | 82,94% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,99 Gb Total Space | 6,87 Gb Free Space | 22,91% Space Free | Partition Type: NTFS
Drive D: | 196,88 Gb Total Space | 164,08 Gb Free Space | 83,34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 1043768403116
Current User Name: Richard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2005/08/05 21:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2008/04/14 04:34:20 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2005/08/25 19:41:44 | 00,155,648 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\PhiBtn.exe
[2005/08/25 19:41:58 | 00,266,240 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\Tray900.exe
[2005/02/16 17:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
[2008/01/15 04:22:56 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/01/11 23:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2005/07/06 01:58:36 | 00,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\OpWare15.exe
[2006/11/17 05:42:52 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
[2008/06/21 12:49:26 | 00,290,816 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\bdmcon.exe
[2007/03/26 15:49:46 | 00,069,632 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\bdagent.exe
[2005/05/31 14:29:16 | 00,577,597 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
[2006/12/04 12:53:32 | 00,139,305 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IMApp.exe
[2008/09/13 18:41:50 | 00,380,536 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
[2004/04/08 05:25:04 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe
[2007/07/09 12:39:05 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2005/05/31 14:23:08 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
[2005/05/11 13:50:14 | 00,221,266 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
[2005/05/11 13:52:00 | 00,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
[2005/05/11 13:52:04 | 00,737,381 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
[2005/01/07 12:01:52 | 00,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
[2008/06/07 15:23:40 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2006/02/10 19:00:58 | 00,069,632 | ---- | M] (VoyagerSoft, LLC) -- C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
[2005/04/01 19:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
[2004/02/26 09:52:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
[2006/11/09 13:33:04 | 00,086,016 | ---- | M] (SOFTWIN S.R.L) -- C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
[2007/01/19 16:12:56 | 00,081,920 | ---- | M] () -- C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
[2008/08/07 16:10:15 | 00,278,528 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
[2005/05/11 13:50:34 | 00,110,672 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
[2008/06/21 12:49:34 | 00,462,848 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\vsserv.exe
[2008/01/15 04:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/04/14 04:34:28 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/04/14 04:34:29 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/10/01 09:31:16 | 00,419,840 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/13 18:41:50 | 00,380,536 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Running])
[2004/04/08 05:25:04 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2007/07/09 12:39:05 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running])
[2007/01/19 16:12:56 | 00,081,920 | ---- | M] () -- C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe -- (bdss [Auto | Running])
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/05/31 14:23:08 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe -- (btwdins [Auto | Running])
[2008/04/14 04:33:57 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2005/05/11 13:50:14 | 00,221,266 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/05/11 13:50:34 | 00,110,672 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched [Auto | Running])
[2005/05/11 13:52:00 | 00,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service [Auto | Running])
[2008/03/04 15:59:28 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2005/01/07 12:01:52 | 00,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService [Auto | Running])
[2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/01/15 04:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/08/07 16:10:15 | 00,278,528 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
File not found -- -- (MysqlInventime [On_Demand | Stopped])
[2003/07/28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
File not found -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Planificateur LiveUpdate automatique [Auto | Stopped])
[2008/06/07 15:23:40 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2006/02/10 19:00:58 | 00,069,632 | ---- | M] (VoyagerSoft, LLC) -- C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe -- (ScReadSpool [Auto | Running])
[2005/04/01 19:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService [Auto | Running])
[2004/02/26 09:52:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/06/21 12:49:34 | 00,462,848 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\vsserv.exe -- (VSSERV [Auto | Running])
[2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2006/11/09 13:33:04 | 00,086,016 | ---- | M] (SOFTWIN S.R.L) -- C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM [Auto | Running])

========== Driver Services ==========

[2005/05/27 12:51:26 | 00,799,744 | ---- | M] (Philips Semiconductors GmbH) -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid [On_Demand | Stopped])
[2001/08/17 21:52:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ABP480N5.SYS -- (abp480n5 [Boot | Stopped])
[2001/08/17 22:07:32 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\adpu160m.sys -- (adpu160m [Boot | Stopped])
[2008/04/13 20:36:39 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agpcpq.sys -- (agpCPQ [Boot | Stopped])
[2001/08/17 21:52:02 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aha154x.sys -- (Aha154x [Boot | Stopped])
[2001/08/17 22:07:36 | 00,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aic78u2.sys -- (aic78u2 [Boot | Stopped])
[2001/08/17 22:07:38 | 00,056,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aic78xx.sys -- (aic78xx [Boot | Stopped])
[2007/01/25 16:37:16 | 04,027,456 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM [On_Demand | Running])
[2001/08/17 21:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Stopped])
[2008/04/13 20:36:38 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\alim1541.sys -- (alim1541 [Boot | Stopped])
[2008/04/13 20:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Boot | Stopped])
[2005/03/09 15:53:00 | 00,043,008 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2001/08/17 21:52:04 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amsint.sys -- (amsint [Boot | Stopped])
[2001/08/17 21:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Boot | Stopped])
[2001/08/17 21:52:04 | 00,022,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asc3350p.sys -- (asc3350p [Boot | Stopped])
[2001/08/17 21:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Boot | Stopped])
[2005/08/03 23:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/07/09 12:36:32 | 00,011,000 | ---- | M] () -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [System | Running])
[2006/09/05 18:03:16 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln [System | Running])
[2006/12/04 16:51:44 | 00,008,704 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\bdfdll.sys -- (bdfdll [On_Demand | Running])
[2006/01/09 18:50:34 | 00,014,145 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv [On_Demand | Running])
[2007/04/20 13:29:44 | 00,025,984 | ---- | M] (Softwin SRL) -- C:\Program Files\Softwin\BitDefender10\bdpredir.sys -- (bdpredir [System | Running])
[2006/06/28 17:13:54 | 00,010,768 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRSDRV [Auto | Running])
[2005/05/31 14:16:06 | 00,401,152 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Stopped])
[2005/05/31 14:11:18 | 00,030,363 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver [On_Demand | Stopped])
[2008/04/13 20:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])
[2008/04/13 20:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2008/06/14 19:33:37 | 00,272,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2008/04/13 20:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB [On_Demand | Stopped])
[2005/05/31 14:13:34 | 01,341,466 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [On_Demand | Running])
File not found -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL [Auto | Stopped])
File not found -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP [Auto | Stopped])
[2005/05/31 14:07:56 | 00,148,040 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
[2005/05/31 14:11:08 | 00,030,189 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem [On_Demand | Stopped])
[2005/05/31 14:10:32 | 00,056,648 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
[2005/08/25 18:28:00 | 01,240,576 | ---- | M] (Philips Consumer Electronics) -- C:\WINDOWS\system32\drivers\camdrv41.sys -- (camvid40 [On_Demand | Stopped])
File not found -- D:\DOCUME~1\RICHAR~1.000\LOCALS~1\Temp\catchme.sys -- (catchme [On_Demand | Stopped])
[2008/04/13 20:46:23 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE [On_Demand | Stopped])
[2001/08/17 21:52:06 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cd20xrnt.sys -- (cd20xrnt [Boot | Stopped])
[2001/08/23 17:04:44 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Boot | Stopped])
[2001/08/17 21:52:06 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray [Boot | Stopped])
[2001/08/17 21:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Stopped])
[2001/08/17 21:52:16 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dac960nt.sys -- (dac960nt [Boot | Stopped])
[2001/08/17 22:07:44 | 00,020,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o [Boot | Stopped])
[2001/08/17 22:07:44 | 00,025,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hpn.sys -- (hpn [Boot | Stopped])
[2008/04/13 20:41:22 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt [System | Running])
[2008/04/13 20:41:22 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i2omp.sys -- (i2omp [Boot | Stopped])
[2001/08/17 21:52:08 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ini910u.sys -- (ini910u [Boot | Stopped])
[2008/04/14 04:05:15 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/04/13 20:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE [On_Demand | Stopped])
[2001/08/17 21:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Boot | Stopped])
[2008/04/13 20:39:50 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2008/04/13 20:46:25 | 00,085,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC [On_Demand | Stopped])
[2008/04/13 20:46:22 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP [On_Demand | Stopped])
[2001/08/23 17:15:46 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2001/08/17 22:07:40 | 00,027,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\perc2.sys -- (perc2 [Boot | Stopped])
[2001/08/17 22:07:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\perc2hib.sys -- (perc2hib [Boot | Stopped])
[2008/04/14 03:55:30 | 00,040,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor [System | Stopped])
[2006/08/19 05:33:24 | 00,013,568 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\profos.sys -- (Profos [On_Demand | Stopped])
[2004/08/05 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/10/20 02:56:10 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 21:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Boot | Stopped])
[2001/08/17 21:52:16 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ql10wnt.sys -- (Ql10wnt [Boot | Stopped])
[2001/08/17 21:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Boot | Stopped])
[2001/08/17 21:52:16 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ql1240.sys -- (ql1240 [Boot | Stopped])
[2001/08/17 21:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Boot | Stopped])
[2008/04/13 20:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2004/08/05 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2004/12/02 16:36:08 | 00,070,912 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2007/11/13 12:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2008/04/13 20:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Boot | Stopped])
[2008/04/13 20:46:23 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP [On_Demand | Stopped])
[2001/08/17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2001/08/17 22:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Boot | Stopped])
[2006/08/19 09:23:43 | 00,642,560 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/04/13 20:46:21 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip [On_Demand | Stopped])
[2001/08/17 22:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Boot | Stopped])
[2001/08/17 22:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Boot | Stopped])
[2001/08/17 22:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Boot | Stopped])
[2001/08/17 22:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Boot | Stopped])
[2001/08/23 17:00:46 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\toside.sys -- (TosIde [Boot | Stopped])
[2006/08/16 12:11:12 | 00,022,656 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\trufos.sys -- (Trufos [On_Demand | Stopped])
[2001/08/17 21:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Boot | Stopped])
[2008/04/13 20:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2008/04/13 20:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2008/04/13 20:45:35 | 00,017,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci [On_Demand | Running])
[2006/08/19 21:06:41 | 00,223,128 | ---- | M] () -- C:\WINDOWS\system32\drivers\vaxscsi.sys -- (vaxscsi [On_Demand | Running])
[2008/04/13 20:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp [Boot | Stopped])
[2008/04/13 20:40:31 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde [Boot | Stopped])
[2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Running])
[2004/04/14 11:08:00 | 00,010,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])
[2004/04/14 11:08:00 | 00,021,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Stopped])
[2004/04/14 11:08:00 | 00,005,600 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])
[2004/04/14 11:08:00 | 00,044,064 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])
[2006/10/18 21:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
[2008/04/13 20:46:24 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC [On_Demand | Stopped])
[2006/09/28 19:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [Boot | Running])
[2006/09/28 20:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://recherche.neuf.fr/
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Local Page"=http://www.iesearch.com/
"SearchAssistant"=http://recherche.neuf.fr/ie/default.html

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://recherche.neuf.fr/
"Start Page"=http://www.neufportail.fr/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (227994 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
7997 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{259F616C-A300-44F5-B04A-ED001A26C85C} (HKLM) -- C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{c29e4999-c38d-46bf-b1c9-a0cb683fdf9a} (HKLM) -- C:\WINDOWS\system32\lajwvc.dll ()
{D292B70D-E64A-4EF4-9D26-A42B6BA190A2} (HKLM) -- C:\WINDOWS\system32\opnlMfdD.dll File not found

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{259F616C-A300-44F5-B04A-ED001A26C85C}" (HKLM) -- C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{F2CF5485-4E02-4F68-819C-B92DE9277049}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" (SOFTWIN S.R.L.)
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg (SOFTWIN S.R.L.)
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"Opware15"="C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe" (ScanSoft, Inc.)
"PDF3 Registry Controller"="C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" (ScanSoft, Inc.)
"PhiBtn"=%SystemRoot%\System32\drivers\PhiBtn.exe (Philips)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RegistryMechanic"= File not found
"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"Traymin900"=%SystemRoot%\System32\drivers\Tray900.exe (Philips)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe /c (IncrediMail, Ltd.)
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" (Ahead Software AG)

========== (O4) Startup Folders ==========

[2005/05/31 14:29:16 | 00,577,597 | ---- | M] (Broadcom Corporation.) -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xporter vers Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2007/05/31 13:41:06 | 10,352,472 | ---- | M] (Microsoft Corporation)
Envoyer à &Bluetooth: C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm [2003/05/29 13:53:12 | 00,001,320 | ---- | M] ()
Open with Scansoft PDF Converter 3.0: C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\ieshellext.dll [2005/04/12 11:16:02 | 00,045,056 | ---- | M] (ScanSoft, Inc.)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Console Java (Sun) -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Recherche -- C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
41 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0742B9EF-8C83-41CA-BFBA-830A59E23533}: https://support.microsoft.com/OAS/ActiveX/MSDcode.cab -- Reg Error: Key does not exist or could not be opened.
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/ ... ontrol.cab -- Windows Genuine Advantage Validation Tool
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdat ... /opuc3.cab -- Office Update Installation Engine
{42E1F024-ECC3-456F-B98A-4CE5ACDBF25C}: https://ssl-tb.sitadelle.com/selfcare.c ... Config.ocx -- ActiveFormX Contrôle
{56393399-041A-4650-94C7-13DFCB1F4665}: http://www3.ca.com/securityadvisor/pest ... stscan.cab -- PSFormX Control
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://www.bitdefender.fr/scan8/oscan8.cab -- BDSCANONLINE Control
{6531D99C-0D0E-4293-B3CB-A3E1D0D41847}: http://aspglobal.ahnlab.com/asp/cab/AhnASP.cab -- AhnASP Control
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftup ... 2678003750 -- MUWebControl Class
{74D05D43-3236-11D4-BDCD-00C04F9A3B61}: http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab -- HouseCall Control
{7B297BFD-85E4-4092-B2AF-16A91B2EA103}: http://www.ca.com/us/securityadvisor/vi ... ebscan.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/fl ... rashim.cab -- Reg Error: Key does not exist or could not be opened.
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}: http://ax.emsisoft.com/asquared.cab -- a-squared Scanner
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_07
{CE3409C4-9E26-4F8E-83E4-778498F9E7B4}: http://www.photoways.com/clients/uploader_v2.2.0.6.cab -- Reg Error: Key does not exist or could not be opened.
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shoc ... sh5r42.cab -- Shockwave Flash Object
{E36C5562-C4E0-4220-BCB2-1C671E3A5916}: file:///C:/DRIVERS/snapsys/HDDDiag/bin/npseatools.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{1B8F7FD5-BD15-49CA-BEEA-28F5847EA193} (Servers: | Description: Carte réseau 1394)
{40DDCCA4-3C9D-41A3-B128-FF4397B58660} (Servers: | Description: )
{6D581BD2-3023-48F3-8820-761EE209CD4A} (Servers: | Description: )
{6E406F32-D6C0-42A6-973F-FA620FD63FCE} (Servers: | Description: )
{83BA01AE-388E-4EF8-A68B-A8EBC7AFFDAE} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{A402D69B-9A75-44B9-94DF-8A77B943F249} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=sockspy.dll
>[2006/01/26 20:19:52 | 00,073,728 | ---- | M] () -- C:\WINDOWS\system32\sockspy.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" (HKLM) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\opnlMfdD,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Files/Folders - Created Within 30 Days ==========

[246 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/10/02 10:24:34 | 00,000,000 | ---D | C] -- C:\Avenger
[2008/10/02 10:23:44 | 00,005,779 | ---- | C] () -- C:\backup.reg
[2008/10/02 10:23:35 | 00,135,168 | ---- | C] () -- C:\zip.exe
[2008/10/02 10:23:35 | 00,019,286 | ---- | C] () -- C:\cleanup.exe
[2008/10/02 10:23:35 | 00,000,574 | ---- | C] () -- C:\cleanup.bat
[2008/10/02 10:01:57 | 00,731,136 | ---- | C] () -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\avenger.exe
[2008/10/02 10:01:57 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\avenger
[2008/10/02 10:01:30 | 00,724,952 | ---- | C] () -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\avenger.zip
[2008/10/02 09:36:48 | 00,111,616 | ---- | C] () -- C:\WINDOWS\System32\lajwvc.dll
[2008/10/02 09:36:47 | 00,111,616 | ---- | C] () -- C:\WINDOWS\System32\xpldtdfr.dll
[2008/10/02 09:33:47 | 00,983,044 | -HS- | C] () -- C:\WINDOWS\System32\nwrkcymh.ini
[2008/10/02 09:33:47 | 00,076,288 | ---- | C] () -- C:\WINDOWS\System32\hmyckrwn.dll
[2008/10/02 09:33:07 | 00,104,448 | ---- | C] () -- C:\WINDOWS\System32\jcoyjogk.dll
[2008/10/01 09:33:44 | 00,000,543 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\Navilog1.lnk
[2008/10/01 09:32:00 | 00,571,687 | ---- | C] (IL-MAFIOSO ) -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\Navilog1.exe
[2008/10/01 09:31:16 | 00,419,840 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\OTViewIt.exe
[2008/09/30 19:10:05 | 00,115,462 | ---- | C] () -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\Page_1 copie.jpg
[2008/09/29 11:32:24 | 00,091,440 | ---- | C] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2008/09/28 20:39:25 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2008/09/28 20:39:19 | 00,000,635 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\Registry Mechanic.lnk
[2008/09/28 20:39:14 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2008/09/28 18:17:57 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2008/09/28 17:49:28 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\Madagascar 2008
[2008/09/25 14:18:14 | 00,295,432 | ---- | C] () -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\Untitled1.comicdoc
[2008/09/25 13:05:41 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2008/09/25 12:38:21 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\Comic Life
[2008/09/25 12:37:15 | 00,000,004 | RHS- | C] () -- D:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
[2008/09/25 12:29:18 | 00,000,000 | ---D | C] -- C:\Program Files\plasq
[2008/09/25 12:28:49 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Wise Installation Wizard
[2008/09/22 20:02:20 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Richard.1043768403116.000\Bureau\DancefloorFGSummer2008[1]
[2008/09/19 10:54:17 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\BitTorrent Downloads
[2008/09/19 09:07:34 | 00,000,598 | ---- | C] () -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\Mes dossiers de partage.lnk
[2008/09/19 09:07:17 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Richard.1043768403116.000\Mes documents\Mes fichiers reçus
[2008/09/03 22:19:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/03 22:07:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/09/03 21:59:36 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/09/03 10:56:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr
[2008/09/03 10:56:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/03 10:56:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/03 10:47:00 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/09/03 10:47:00 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/09/03 10:47:00 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/09/03 10:47:00 | 00,041,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk7.sys
[2008/09/03 10:47:00 | 00,040,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys
[2008/09/03 10:47:00 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ip6fw.sys
[2008/09/03 10:47:00 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mssmbios.sys
[2008/09/03 10:46:59 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2008/09/03 10:46:59 | 00,264,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\http.sys
[2008/09/03 10:46:59 | 00,079,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sdbus.sys
[2008/09/03 10:46:59 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/09/03 10:46:59 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys
[2008/09/03 10:46:59 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tunmp.sys
[2008/09/03 10:46:59 | 00,011,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffdisk.sys
[2008/09/03 10:46:59 | 00,011,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_sd.sys
[2008/09/03 10:46:58 | 00,129,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltmgr.sys
[2008/09/03 10:46:58 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/09/03 10:46:58 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/09/03 10:46:58 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/09/03 10:46:13 | 01,054,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2008/09/03 10:46:13 | 00,734,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2008/09/03 10:46:13 | 00,731,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdll.dll
[2008/09/03 10:46:13 | 00,685,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\advapi32.dll
[2008/09/03 10:46:13 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autoconv.exe
[2008/09/03 10:46:13 | 00,625,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autochk.exe
[2008/09/03 10:46:13 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.dll
[2008/09/03 10:46:13 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2008/09/03 10:46:13 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localspl.dll
[2008/09/03 10:46:13 | 00,281,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.dll
[2008/09/03 10:46:13 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imagehlp.dll
[2008/09/03 10:46:13 | 00,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\desk.cpl
[2008/09/03 10:46:13 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msv1_0.dll
[2008/09/03 10:46:13 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpcsvc.dll
[2008/09/03 10:46:13 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2008/09/03 10:46:13 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\locator.exe
[2008/09/03 10:46:13 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2008/09/03 10:46:13 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msgsvc.dll
[2008/09/03 10:46:13 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2008/09/03 10:46:13 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\format.com
[2008/09/03 10:46:13 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2008/09/03 10:46:13 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mgmtapi.dll
[2008/09/03 10:46:13 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lmhsvc.dll
[2008/09/03 10:46:13 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlsapi.dll
[2008/09/03 10:46:12 | 01,005,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupapi.dll
[2008/09/03 10:46:12 | 00,685,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdlg.dll
[2008/09/03 10:46:12 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\printui.dll
[2008/09/03 10:46:12 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaut32.dll
[2008/09/03 10:46:12 | 00,431,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samsrv.dll
[2008/09/03 10:46:12 | 00,421,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2008/09/03 10:46:12 | 00,307,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sysdm.cpl
[2008/09/03 10:46:12 | 00,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasapi32.dll
[2008/09/03 10:46:12 | 00,145,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwprovau.dll
[2008/09/03 10:46:12 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schannel.dll
[2008/09/03 10:46:12 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2008/09/03 10:46:12 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe
[2008/09/03 10:46:12 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scardsvr.exe
[2008/09/03 10:46:12 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srvsvc.dll
[2008/09/03 10:46:12 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntprint.dll
[2008/09/03 10:46:12 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasauto.dll
[2008/09/03 10:46:12 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samlib.dll
[2008/09/03 10:46:12 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll
[2008/09/03 10:46:12 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastapi.dll
[2008/09/03 10:46:12 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe
[2008/09/03 10:46:12 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfctrs.dll
[2008/09/03 10:46:12 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rshx32.dll
[2008/09/03 10:46:12 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2008/09/03 10:46:12 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2008/09/03 10:46:11 | 01,845,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2008/09/03 10:46:11 | 01,013,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
[2008/09/03 10:46:11 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\untfs.dll
[2008/09/03 10:46:11 | 00,311,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ulib.dll
[2008/09/03 10:46:11 | 00,188,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\acpi.sys
[2008/09/03 10:46:11 | 00,146,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winspool.drv
[2008/09/03 10:46:11 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2008/09/03 10:46:11 | 00,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.sys
[2008/09/03 10:46:11 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wkssvc.dll
[2008/09/03 10:46:11 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32spl.dll
[2008/09/03 10:46:11 | 00,096,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/09/03 10:46:11 | 00,071,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bridge.sys
[2008/09/03 10:46:11 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\arp1394.sys
[2008/09/03 10:46:11 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmarpc.sys
[2008/09/03 10:46:11 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys
[2008/09/03 10:46:11 | 00,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys
[2008/09/03 10:46:11 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmonui.dll
[2008/09/03 10:46:11 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2008/09/03 10:46:11 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2008/09/03 10:46:11 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\asyncmac.sys
[2008/09/03 10:46:11 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2008/09/03 10:46:10 | 00,800,256 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmboot.sys
[2008/09/03 10:46:10 | 00,180,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxdav.sys
[2008/09/03 10:46:10 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2008/09/03 10:46:10 | 00,154,496 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmio.sys
[2008/09/03 10:46:10 | 00,152,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipnat.sys
[2008/09/03 10:46:10 | 00,143,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fastfat.sys
[2008/09/03 10:46:10 | 00,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2008/09/03 10:46:10 | 00,092,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ksecdd.sys
[2008/09/03 10:46:10 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipsec.sys
[2008/09/03 10:46:10 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys
[2008/09/03 10:46:10 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2008/09/03 10:46:10 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdfs.sys
[2008/09/03 10:46:10 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdrom.sys
[2008/09/03 10:46:10 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2008/09/03 10:46:10 | 00,054,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2008/09/03 10:46:10 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dmusic.sys
[2008/09/03 10:46:10 | 00,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys
[2008/09/03 10:46:10 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fips.sys
[2008/09/03 10:46:10 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mountmgr.sys
[2008/09/03 10:46:10 | 00,042,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\imapi.sys
[2008/09/03 10:46:10 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\crusoe.sys
[2008/09/03 10:46:10 | 00,037,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\isapnp.sys
[2008/09/03 10:46:10 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2008/09/03 10:46:10 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\disk.sys
[2008/09/03 10:46:10 | 00,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys
[2008/09/03 10:46:10 | 00,027,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fdc.sys
[2008/09/03 10:46:10 | 00,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdclass.sys
[2008/09/03 10:46:10 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2008/09/03 10:46:10 | 00,023,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouclass.sys
[2008/09/03 10:46:10 | 00,020,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipinip.sys
[2008/09/03 10:46:10 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\flpydisk.sys
[2008/09/03 10:46:10 | 00,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omp.sys
[2008/09/03 10:46:10 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys
[2008/09/03 10:46:10 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2008/09/03 10:46:10 | 00,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2008/09/03 10:46:10 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys
[2008/09/03 10:46:10 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2008/09/03 10:46:10 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2008/09/03 10:46:10 | 00,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omgmt.sys
[2008/09/03 10:46:10 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelide.sys
[2008/09/03 10:46:10 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2008/09/03 10:46:09 | 00,574,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ntfs.sys
[2008/09/03 10:46:09 | 00,456,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2008/09/03 10:46:09 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2008/09/03 10:46:09 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\netbt.sys
[2008/09/03 10:46:09 | 00,105,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mup.sys
[2008/09/03 10:46:09 | 00,091,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndiswan.sys
[2008/09/03 10:46:09 | 00,088,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys
[2008/09/03 10:46:09 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys
[2008/09/03 10:46:09 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parport.sys
[2008/09/03 10:46:09 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pci.sys
[2008/09/03 10:46:09 | 00,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nic1394.sys
[2008/09/03 10:46:09 | 00,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ohci1394.sys
[2008/09/03 10:46:09 | 00,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\p3.sys
[2008/09/03 10:46:09 | 00,040,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndproxy.sys
[2008/09/03 10:46:09 | 00,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys
[2008/09/03 10:46:09 | 00,035,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msgpc.sys
[2008/09/03 10:46:09 | 00,034,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\netbios.sys
[2008/09/03 10:46:09 | 00,030,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npfs.sys
[2008/09/03 10:46:09 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2008/09/03 10:46:09 | 00,019,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\partmgr.sys
[2008/09/03 10:46:09 | 00,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfs.sys
[2008/09/03 10:46:09 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisuio.sys
[2008/09/03 10:46:09 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisip.sys
[2008/09/03 10:46:09 | 00,010,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndistapi.sys
[2008/09/03 10:46:09 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mskssrv.sys
[2008/09/03 10:46:09 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys
[2008/09/03 10:46:09 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspclock.sys
[2008/09/03 10:46:09 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspqm.sys
[2008/09/03 10:46:08 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.sys
[2008/09/03 10:46:08 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv.sys
[2008/09/03 10:46:08 | 00,225,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2008/09/03 10:46:08 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys
[2008/09/03 10:46:08 | 00,196,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2008/09/03 10:46:08 | 00,175,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdbss.sys
[2008/09/03 10:46:08 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2008/09/03 10:46:08 | 00,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2008/09/03 10:46:08 | 00,120,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pcmcia.sys
[2008/09/03 10:46:08 | 00,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys
[2008/09/03 10:46:08 | 00,073,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2008/09/03 10:46:08 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\psched.sys
[2008/09/03 10:46:08 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serial.sys
[2008/09/03 10:46:08 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2008/09/03 10:46:08 | 00,058,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/09/03 10:46:08 | 00,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2008/09/03 10:46:08 | 00,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rasl2tp.sys
[2008/09/03 10:46:08 | 00,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2008/09/03 10:46:08 | 00,048,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\raspptp.sys
[2008/09/03 10:46:08 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\raspppoe.sys
[2008/09/03 10:46:08 | 00,040,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\processr.sys
[2008/09/03 10:46:08 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys
[2008/09/03 10:46:08 | 00,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2008/09/03 10:46:08 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2008/09/03 10:46:08 | 00,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys
[2008/09/03 10:46:08 | 00,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serenum.sys
[2008/09/03 10:46:08 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\streamip.sys
[2008/09/03 10:46:08 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys
[2008/09/03 10:46:08 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2008/09/03 10:46:08 | 00,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sfloppy.sys
[2008/09/03 10:46:08 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\slip.sys
[2008/09/03 10:46:08 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2008/09/03 10:46:08 | 00,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swenum.sys
[2008/09/03 10:46:07 | 02,067,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2008/09/03 10:46:07 | 00,384,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\update.sys
[2008/09/03 10:46:07 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2008/09/03 10:46:07 | 00,131,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\HAL.DLL
[2008/09/03 10:46:07 | 00,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2008/09/03 10:46:07 | 00,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys
[2008/09/03 10:46:07 | 00,0
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede richou » 02 Oct 2008, 10:22

et celui de extras.txt :

OTViewIt Extras logfile created on: 02/10/2008 10:28:16 - Run 2
OTViewIt by OldTimer - Version 1.0.9.2 Folder = D:\Documents and Settings\Richard.1043768403116.000\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1023,36 Mb Total Physical Memory | 565,34 Mb Available Physical Memory | 55,24% Memory free
2,40 Gb Paging File | 1,99 Gb Available in Paging File | 82,94% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,99 Gb Total Space | 6,87 Gb Free Space | 22,91% Space Free | Partition Type: NTFS
Drive D: | 196,88 Gb Total Space | 164,08 Gb Free Space | 83,34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 1043768403116
Current User Name: Richard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
"SerialNumber"=A109A-K13-3ZXD-BAP5-TE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 04:34:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/05/31 12:14:04 | 00,259,184 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
[2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2007/01/19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 04:34:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/05/31 12:13:50 | 00,038,000 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\aol.exe:*:Disabled:AOL
[2005/05/31 12:14:04 | 00,259,184 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL 9.0
[2004/12/25 17:54:04 | 00,163,328 | ---- | M] (Inventime) -- C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME
[2007/09/08 01:01:54 | 00,043,008 | ---- | M] () -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2006/12/04 12:53:32 | 00,139,305 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail
[2006/12/04 12:53:32 | 00,204,843 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
[2006/10/31 15:02:28 | 00,086,058 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
[2005/08/15 18:38:13 | 00,081,920 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2006/12/04 12:53:32 | 00,278,568 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail
[2006/09/14 16:15:24 | 05,001,216 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule
File not found -- C:\Program Files\SHARE 1.0 EX2\Share.exe:*:Enabled:Share
[2008/04/14 04:34:01 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2008/04/14 04:34:20 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application
[2008/01/15 04:22:48 | 19,926,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
File not found -- C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic
File not found -- C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic
File not found -- C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic
File not found -- C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade
File not found -- C:\Program Files\Wyzo\wyzo.exe:*:Disabled:Wyzo
[2005/05/31 12:13:50 | 00,038,000 | ---- | M] (America Online, Inc.) -- %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL
File not found -- %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA
File not found -- %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA
[2007/01/19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
NameSpace_Catalog5\Catalog_Entries\000000000005 [Espace de noms Bluetooth] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2007/03/14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B7DDCD3-D6D8-4366-A6D8-9B6495A2925E}"=ScanSoft OmniPage 15.0
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=Panneau de contrôle ATI
"{162DDD86-C087-4E59-B7A8-0C1D8F884A9A}"=Adobe Fonts All
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}"=Samsung PC Studio
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD
"{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}"=Philips SPC 900NC PC Camera
"{22524CA1-515C-4153-9807-52AE65F73B5F}"=BitDefender Antivirus Plus v10
"{265FCC3B-4814-4B2B-89D6-217DFB8AD886}"=Adobe Device Central CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}"=WIDCOMM Bluetooth Software
"{3F50AF3B-8997-4916-0095-99D63DDB785A}"=Harry Potter TM
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}"=Grand Theft Auto Vice City
"{51DC4D9C-F729-48A7-9CE0-BC77529ECCA2}"=Adobe WinSoft Linguistics Plugin
"{602A205F-8D02-48EE-8782-262B2103B984}"=ScanSoft PDF Converter 3.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{7302810D-7ACF-4339-B27B-57016CAADDCD}"=Adobe Asset Services CS3
"{73B79E83-490B-460D-B0D6-2C7B73980325}"=Adobe Stock Photos CS3
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}"=Macromedia Shockwave Player
"{85309D89-7BE9-4094-BB17-24999C6118FC}"=ArcSoft PhotoStudio 5.5
"{89ACA875-BDB9-443C-B7C7-D74D3BDE8FE2}"=Philips VLounge
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}"=VC_MergeModuleToMSI
"{9011040C-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0020-040C-0000-0000000FF1CE}"=Module de compatibilité pour Microsoft Office System 2007
"{91D829E6-F1D1-433F-861F-0552DFED0EAD}"=Adobe PDF Library Files
"{93656878-FF8B-4935-99BB-F3F260037C57}"=Lara Croft Tomb Raider: The Angel Of Darkness
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow!
"{9A394342-4A68-4EBA-85A6-55B559F4E700}"=Microsoft .NET Framework 1.1 French Language Pack
"{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}"=SolidConverterPDF
"{A16E2D86-7D92-48F4-9649-6029C96D4D8F}"=L'Internet ADSL de Cegetel
"{A3088CD2-612B-11D3-AF43-00C04F443448}"=Microsoft Works 2000
"{A4464AC3-D85E-4649-8748-706191063DF6}"=Adobe Anchor Service CS3
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A78A65E4-1D88-477A-83B4-3EC540F6A55A}"=Adobe Type Support
"{AC76BA86-7AD7-1036-7B44-A81200000003}"=Adobe Reader 8.1.2 - Français
"{AD1D8B40-F83C-41CA-BA08-9DB8D1653316}"=ScanSoft PDF Create 3.0
"{AED353B9-E6D7-406F-B007-2C55C5265EB3}"=Adobe Camera Raw 4.0
"{B056DB05-BF39-49A0-AAB8-C8FA49D9660C}"=Micro Application - PrintPratic 3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}"=iTunes
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}"=Logitech Gaming Software
"{BA0601E1-B65C-11D5-80A9-0000B494D9A6}"=PC Booster
"{BB148BFF-D96D-48B6-9B4A-243DCC6DD444}"=Comic Life
"{BF18C55F-791F-4C17-AB75-E397EE01C14B}"=Adobe Version Cue CS3 Client
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}"=QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CBF7A9A4-C0D4-4BA0-8991-C9B7D90A5298}"=Adobe Setup
"{CE52110A-7773-444F-9E5D-4A45E4792DB6}"=Adobe Bridge Start Meeting
"{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}"=Canon MP450
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}"=GTA San Andreas
"{D446BA40-1F5F-44EB-A794-0AC14F809C79}"=Adobe Default Language CS3
"{D8FC8E35-D397-4C16-87AE-141A625221E4}"=Adobe CMaps
"{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}"=Dragon NaturallySpeaking 9
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Codeur Windows Media Série 9
"{E5C28906-EC86-404E-BB4F-6AB2590451FF}"=Adobe Linguistics CS3
"{F0CF6455-EDD8-41C6-A96A-223874E660CC}"=Adobe XMP Panels CS3
"{F32F1F7C-322D-46B9-B69A-5C3EDC88B74C}"=Adobe Photoshop CS3
"{F3697BA5-C8D8-4925-ACCA-F486C76BAD33}"=Adobe Help Viewer 1.1
"{F36CFE58-47C0-4D75-995B-E0172563FA83}"=Adobe ExtendScript Toolkit 2
"{F5346614-B7C4-4E94-826A-E2363155233D}"=EasyCleaner
"{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}"=Windows Live Messenger
"{FABA59CC-347B-478B-B2A7-37BF0885CACB}"=Adobe Bridge CS3
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe_8d0dc9390f2c596455e1446b5918a40"=Adobe Photoshop CS3
"a-squared Free_is1"=a-squared Free 3.0
"AVGAntiSpyware75"=AVG Anti-Spyware 7.5
"BitTorrent"=BitTorrent 5.0.9
"CCleaner"=CCleaner (remove only)
"Desperados - Une aventure au Far West 1.01"=Desperados - Une aventure au Far West 1.01
"DVD Shrink_is1"=DVD Shrink 3.2
"EAX Unified"=EAX Unified
"eMule"=eMule
"FIFA 2000"=FIFA 2000
"Foxit Reader"=Foxit Reader
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"IncrediMail"=IncrediMail Xe
"InstallShield_{93656878-FF8B-4935-99BB-F3F260037C57}"=Lara Croft Tomb Raider: The Angel Of Darkness
"Kaspersky On-line Scanner"=Kaspersky On-line Scanner
"LimeWire"=LimeWire PRO 4.9.23
"Messenger Plus! Live"=Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MP Navigator 2.0"=Canon MP Navigator 2.0
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Navilog1_is1"=Navilog1 3.6.6
"Nero - Burning Rom!UninstallKey"=Nero 6 Ultra Edition
"NeroVision!UninstallKey"=Nero Digital
"Network Play System"=EA Network Play System
"Neuf_Kit"=Neuf - Kit de connexion
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PhotoFiltre"=PhotoFiltre
"Registry Mechanic_is1"=Registry Mechanic 7.0
"SpywareBlaster_is1"=SpywareBlaster 4.1
"Téléchargement PHOTOWAYS"=Téléchargement PHOTOWAYS 3.0.7
"TomTom HOME"=TomTom HOME
"VLC media player"=VideoLAN VLC media player 0.8.6h
"Vodafone 804SS USB driver"=Vodafone 804SS USB driver Software
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Lecteur Windows Media 11
"Windows XP Service"=Windows XP Service Pack 3
"WinRAR archiver"=Archiveur WinRAR
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/09/2008 13:53:03 | Computer Name = 1043768403116 | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 11.0.6568.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 12/09/2008 13:54:09 | Computer Name = 1043768403116 | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 11.0.6568.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 17/09/2008 08:26:36 | Computer Name = 1043768403116 | Source = Application Hang | ID = 1002
Description = Application bloquée bdlite.exe, version 10.1.0.2, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 25/09/2008 07:51:51 | Computer Name = 1043768403116 | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16705, module
défaillant kernel32.dll, version 5.1.2600.5512, adresse de défaillance 0x00012aeb.

Error - 28/09/2008 13:12:36 | Computer Name = 1043768403116 | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16705, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00f8176c.

Error - 29/09/2008 05:57:30 | Computer Name = 1043768403116 | Source = Application Error | ID = 1000
Description = Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant
dbghelp.dll, version 5.1.2600.5512, adresse de défaillance 0x0001295d.

Error - 29/09/2008 05:57:39 | Computer Name = 1043768403116 | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16705, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 30/09/2008 08:08:09 | Computer Name = 1043768403116 | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16705, module
défaillant kernel32.dll, version 5.1.2600.5512, adresse de défaillance 0x00012aeb.

Error - 30/09/2008 13:05:22 | Computer Name = 1043768403116 | Source = Application Hang | ID = 1002
Description = Application bloquée notepad.exe, version 5.1.2600.5512, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 30/09/2008 13:05:23 | Computer Name = 1043768403116 | Source = Application Hang | ID = 1002
Description = Application bloquée notepad.exe, version 5.1.2600.5512, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 02/10/2008 04:16:17 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service General Purpose USB Driver (adildr.sys) n'a pas pu démarrer
en raison de l'erreur : %%2

Error - 02/10/2008 04:16:17 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service Bluetooth Serial Driver n'a pas pu démarrer en raison de
l'erreur : %%2

Error - 02/10/2008 04:16:17 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service Bluetooth Port Client Driver n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 02/10/2008 04:16:17 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 02/10/2008 04:17:43 | Computer Name = 1043768403116 | Source = System Error | ID = 1003
Description = Code erreur 1000008e, paramètre 1 c0000005, paramètre 2 805cf6ee,
paramètre 3 ef337c40, paramètre 4 00000000.

Error - 02/10/2008 04:25:16 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service General Purpose USB Driver (adildr.sys) n'a pas pu démarrer
en raison de l'erreur : %%2

Error - 02/10/2008 04:25:16 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service Bluetooth Serial Driver n'a pas pu démarrer en raison de
l'erreur : %%2

Error - 02/10/2008 04:25:16 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service Bluetooth Port Client Driver n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 02/10/2008 04:25:16 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 02/10/2008 04:25:33 | Computer Name = 1043768403116 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp
amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde


<End>


voici donc les rapports ! Apparement mes pages ne s'affichent plus en double, j'ai juste eu une page de pub qui s'est affichée et l'alerte de sécurité est partie.
Peux tu m'expliquer brievement ce qu'avait mon ordinateur ?
car j'ai executé betement. Est ce un virus ? le pack 3 ? etc..
As tu remarqué également ce que je devrais enlever ou mettre ou mettre à jour ?

Merci en tout cas de ta précieuse aide
richou
 
Messages: 81
Inscription: 14 Nov 2007, 15:25
Localisation: Caen

Messagede nickW » 02 Oct 2008, 22:00

Bonsoir,

Ton PC était infecté par le trojan Vundo.


As-tu bien créé puis utilisé le fichier reparlsa.reg (étapes 1 & 5)?
As-tu vu apparaître un message d'erreur?
Je vais te faire recommencer cette manip.

Certains éléments se sont créés entre l'envoi de ton premier log et la procédure précédente.
Il faut donc continuer le nettoyage:


Étape 1: Création du fichier reparlsa.reg
Ouvrir une înstance du Bloc-notes: Démarrer---->Exécuter, taper notepad puis cliquer sur OK.
Faire un copier/coller des lignes ci-dessous (dans la zone blanche située sous "Code:") dans la fenêtre du Bloc-notes qui vient d'être ouverte.
Dans le Bloc-notes, vérifier (dans le menu Format) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom de reparlsa.reg
Attention no 1: Il y a une ligne blanche après la dernière ligne
Attention no 2: l'extension doit être .reg , choisir "Tous les fichiers" dans la liste déroulante de "Type" lors du "Enregistrer sous.."
Si l'extension est .reg.txt, renommer le fichier en .reg
Code: Tout sélectionner
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00



Fermer le Bloc-notes.

Étape 2: Création du fichier aven2.txt
Ouvrir une înstance du Bloc-notes: Démarrer---->Exécuter, taper notepad puis cliquer sur OK.
Faire un copier/coller des lignes ci-dessous (dans la zone blanche située sous "Code:") dans la fenêtre du Bloc-notes qui vient d'être ouverte.
Dans le Bloc-notes, vérifier (dans le menu Format) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sur le Bureau sous le nom de aven2.txt

Code: Tout sélectionner
Begin copying here:

Files to delete:
C:\WINDOWS\System32\lajwvc.dll
C:\WINDOWS\System32\xpldtdfr.dll
C:\WINDOWS\System32\nwrkcymh.ini
C:\WINDOWS\System32\hmyckrwn.dll
C:\WINDOWS\System32\jcoyjogk.dll
C:\WINDOWS\system32\opnlMfdD.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c29e4999-c38d-46bf-b1c9-a0cb683fdf9a}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D292B70D-E64A-4EF4-9D26-A42B6BA190A2}



Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: richou.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image BitDefender: double clic sur l'icône dans la SysBarre (à coté de l'horloge), dans le menu "Antivirus", dans l'onglet "Résident", décocher la case située devant "Protection en temps réel activée"


Étape 4: Utilisation du fichier reparlsa.reg
Faire un clic droit sur reparlsa.reg, puis dans le menu contextuel choisir Fusionner et accepter la fusion dans le Registre.


Étape 5: The Avenger (de Swandog46), exécution
Fermer toutes les fenêtres de programme (il va y avoir redémarrage du PC).
Lancer The Avenger en cliquant sur son icône située sur le Bureau.
Cliquer sur OK sur le message d'avertissement.
Cliquer sur l'icône Image représentant un dossier jaune.

Il y a ouverture d'une nouvelle fenêtre "Open script file"
Dans cette fenêtre, naviguer jusqu'au Bureau et sélectionner (double clic) le fichier aven2.txt

Le contenu du fichier aven2.txt doit s'afficher dans la zone blanche (sous "Input script here:").

Ensuite cliquer sur le bouton Image "Execute" pour lancer l'exécution du script.

Cliquer sur "Oui" deux fois quand demandé (fenêtres "Confirm execution" et "First step completed").
Il va y avoir un ou deux redémarrages (avec une brève apparition d'une fenêtre de commande à fond noir).
En fin d'exécution, le rapport s'affichera dans le Bloc-notes.
Fermer le Bloc-notes.


Étape 6: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 7: OTViewIt (de OldTimer)
Supprimer les deux fichiers OTViewIt.txt et Extras.txt présents sur le Bureau.
Fermer toutes les fenêtres de programme ouvertes.
Faire un double clic sur OTViewIt.exe pour lancer l'outil.
Cliquer sur le bouton Run Scan et laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant l'un des deux rapports.
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTViewIt.


Étape 8: Résultats
Envoyer en réponse:
*- le rapport de The Avenger (contenu du fichier SystemDrive\avenger.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTViewIt (contenu du fichier OTViewIt.txt situé sur le Bureau).

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 19 invités