speck41

Bonjour cher experts. J'ai un portable avec cette configuration: Dell Inspiron 1525 Intel pentium Dual CPU T3200 2 GHZ Mémoire vive : 2Go Système d'exploitation: Vista 32 Bits Ma question est la suivante, est-ce que je peux installer Windows 7 avec cette configuration et, est ce que je dois installer la versoin 32 bits ou 64 bits ferait l'affaire? Merci de m'éclairer. Speck41 speck41@hotmail.com

Après formatage, mon pc d'un gig de processeur est une bombe... Merci à la gang de Zébulon et à Pear

Merci pour ta grande disponibilité. Tu m'as été d'une grande aide ( même si on arrive pas toujours à déloger la bibite ) ça m'as permis d'en apprendre un peu plus. Un formatage est quand même assez rapide et s'occupera de tous les problèmes, vitesse, espace... MERCI ! Speck41

Salut Pear, merci pour cette réponse rapide. Je suis présentement sur l'ordinateur qui est infecté, il démarre. C'est simplement lorsque je redémarre à partir du lecteur dvd avec OTLPE dedans, sinon le redémarrage s'effectue très lentement mais c'est fonctionnel et très lent. C'est seulement en redémarrant avec OTLPE que le message d'erreur du post précédent est apparu. Si c'est bien ce que tu avais compris, je vais formater et réinstaller mais j'attends une confirmation. Merci Speck41

Bonjour Pear, ça ne donne rien de bon. Sur un portable j'ai téléchargé le fichier et gravé un dvd. Je mets le dvd dans l'ordinateur infecté et lorsque je redémarre l'ordinateur l'instalation commence. Quelques instants plus tard une page bleu avec un message de windows qui a détecté un problème. A problem has been detected and windows has been shut down to prevent damage.........bla bla bla. et donne le numéro d'erreur suivant à la fin : stop:0x0000000A (0xc0206964, 0x00000002, 0x00000001, 0x805CBB65) Je suis bloqué là. J'ai refais la procédure 2 fois pour être sur que ce n'était pas moi qui faisais quelque chose de travers avec le même résultat. Merci Speck41

Salut Pear, je suppose que tu dois être très occupé. Je te donnes de nouvelles info sur mon sujet: les problèmes sont réapparus de plus belle. Mon PC est redevenu extrèmement lent et en plus, je ne suis même plus capable d'y accéder à partir d'un portable qui est sur le même réseau.... il me demande maintenant un mot de passe et pourtant il n'y en a jamais eu. Je n'y comprends plus rien. Espérant avoir de tes nouvelles , merci. P.S.: ne crois surtout pas que je veuille te presser, je sais que vous faites tous un travail bénévole remarquable pour nous aider nous, les ignorants. Speck41

Salut Pear, et bien là je te jure qu'on a donné un bon coup de barre! Ça va beaucoup mieux, grâce à toi . Maintenant, je n'ai pas beaucoup d'espace restant sur mon disque C, et, j'aimerais en faire un peu plus. (taille totale 19.1 GO espace libre 1.97 GO) La plupart de mes logiciels (et fichiers photos, sauvegardes etc. ) sont installés sur mon 2ième disque dur D ( taille totale 149 GO espace libre 98 GO, j'ai même un dossier Program Files sur le disque D pour la plupart des logiciel installés ) et je me demande ce que je peux enlever sur le C pour faire de l'espace qui sera nécessaire aux updates de Xp, de l'antivirus etc. Je ne comprends pas pourquoi il y a tant de choses sur mon disque C. Peux tu me diriger vers quelqu'un qui pourra m'aider avec ça sans que je ne jette quelque chose d'important au système d'exploitation ? Merci beaucoup des efforts que tu as consacré à m'aider, toi et ton équipe êtes vraiment formidables. Speck41

Re-Bonjour Pear, et bien, rien ne va. Je suis sur la recherche d'updates sur windows update et, ça tourne depuis environ 10AM. Il est présentement 16H19 PM et c'est encore sur : Recherche des dernières mises à jour pour votre ordinateur... Je crois bien qu'il y a un os à quelque part... Si tu as des suggestions, je suis preneur. Ou bien, est-ce que ce tread devrait être transféré sur une autre section du forum? Merci, Speck41

Je suis sur windows update et depuis au moins 30 minutes que le moteur de recherche cherche des mises à jour et, rien n'avance.....çà a l'air de tourner en rond. Je laisse aller encore un bout de temps pour voir. Speck41

Ah, je ne savais pas que cette mise à jour n'était pas faite..... Les mises à jour sont supposées s'afficher lorsque disponible et, je n'ai pas souvenir de l'avoir empêchée. Je m'y mets tout de suite. Merci Speck41

Salut Pear, je ne peux pas dire que mon PC aille mieux, je voulais juste éviter de continuer un tread si il n'y a plus de solutions à envisager. Il y a toujours le problème de lenteur qui part et reviens (pourtant l'utilisation de l'UC est faible dans le gestionnaire des tâches). Il y a aussi opéra qui, lorsque je le ferme en cliquant sur le X, demeure dans la liste du gestionnaire des tâches et, quand je veux l'ouvrir à nouveau, me dit qu'il est déjà ouvert. Alors je dois aller le fermer par le gestionnaire des tâches avant de pouvoir le ré-ouvrir. À part de ça, ça semble aller... Je songe à formater mon disque C, je pense que c'est la seule solution.... qu'en penses tu ? Merci Speck41

Super merci. Si d'après toi tout est ok, fais moi signe et je marque ce tread comme résolu. Merci Speck41

Merci Pear. Voici le log virus total: Antivirus Version Last Update Result AhnLab-V3 2010.08.24.00 2010.08.23 - AntiVir 8.2.4.38 2010.08.23 - Antiy-AVL 2.0.3.7 2010.08.23 - Authentium 5.2.0.5 2010.08.23 - Avast 4.8.1351.0 2010.08.23 - Avast5 5.0.332.0 2010.08.23 - AVG 9.0.0.851 2010.08.23 - BitDefender 7.2 2010.08.23 - CAT-QuickHeal 11.00 2010.08.23 - ClamAV 0.96.2.0-git 2010.08.23 - Comodo 5834 2010.08.23 - DrWeb 5.0.2.03300 2010.08.23 - Emsisoft 5.0.0.37 2010.08.23 - eSafe 7.0.17.0 2010.08.23 - eTrust-Vet 36.1.7810 2010.08.23 - F-Prot 4.6.1.107 2010.08.23 - F-Secure 9.0.15370.0 2010.08.23 - Fortinet 4.1.143.0 2010.08.23 - GData 21 2010.08.23 - Ikarus T3.1.1.88.0 2010.08.23 - Jiangmin 13.0.900 2010.08.23 - Kaspersky 7.0.0.125 2010.08.23 - McAfee 5.400.0.1158 2010.08.23 - McAfee-GW-Edition 2010.1B 2010.08.23 - Microsoft 1.6103 2010.08.23 - NOD32 5390 2010.08.23 - Norman 6.05.11 2010.08.23 - nProtect 2010-08-23.01 2010.08.23 - Panda 10.0.2.7 2010.08.23 - PCTools 7.0.3.5 2010.08.23 - Prevx 3.0 2010.08.24 - Rising 22.62.00.04 2010.08.23 - Sophos 4.56.0 2010.08.23 - Sunbelt 6780 2010.08.23 - SUPERAntiSpyware 4.40.0.1006 2010.08.23 - Symantec 20101.1.1.7 2010.08.23 - TheHacker 6.5.2.1.355 2010.08.23 - TrendMicro 9.120.0.1004 2010.08.23 - TrendMicro-HouseCall 9.120.0.1004 2010.08.23 - VBA32 3.12.14.0 2010.08.23 - ViRobot 2010.8.23.4003 2010.08.23 - VirusBuster 5.0.27.0 2010.08.23 - Additional information Show all MD5 : d2d52012c5a3cd41fec0f090a8e47ee7 SHA1 : 7866539ef9fc8b3852e2a22e0f04e8eeb1245573 SHA256: 7254b18ef4beac47913b23796b62c8b19e9d1f63cd889742e8ffd2f29efd1493 ---------------------------------------------------------------------------------- Voici ce qui est en rouge dans sysprot: Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS -------------------------------------------------------------------------------------- J'attends ta réponse pour savoir quoi faire avec cela. Merci Speck41

Bonjour Pear, j'ai effectué toutes les opérations demandées. J'ai aussi désinstallé et réinstallé Opéra. Opéra semble utiliser beaucoup de mémoire vive, surtout lorsque 3 ou 4 onglets sont ouverts. De façon générale le PC fonctionne assez bien.... sauf au démarrage il est "très très" lent pour 20 à 30 minutes. Ensuite ça va. Je ne le redémarre qu'au besoin. J'ai aussi enlevé AVG et remis Antivir, le problème ne semblait pas venir de là. C'est assez spécial car, il y a quelques semaines il allait beaucoup mieux, je ne le reconnais pas. Merci de l'aide que tu m'as apporté. Speck41

Bonjour Pear, merci encore une fois..... J'ai fais tout ce qui était proposé. J'ai remarqué que la défaillance de mon PC se produit durant les premières 20 à 30 minute suivant l'ouverture ou le redémarrage. À ce moment (Au redémarrage) l'utilisation de la mémoire vive se trouve aux alentours de 800 Mo, et, j'ai laissé le PC ouvert pendant une couple d'heures pour retourner voir et l'utilisation de la mémoire à ce moment se situait au tours de 330 Mo. Est-ce normal comme ça? Si non, qu'est-ce qui peut causer ce problème ? --------------------------------------------------------- Supplément: Je viens de remarquer aussi qu'Opéra a un problème. Lorsque je ferme Opéra (sans éteindre l'ordinateur) et que je veuille le ré-ouvrir en cliquant sur son raccourci, il me dit que je dois le fermer avant et m'offre de recommencer l'essai de sa ré-ouverture, et ça fait une boucle qui recommence toujours. Je dois aller le fermer dans le gestionnaire des tâches et ensuite le ré-ouvrir sans problèmes. Espérant que ces indications puissent allumer des lumières de solutions. Merci Speck41

Bonjour Pear, j'ai fais les actions recommandées. Il n'y a que quelques processus 04 que j'ai conservés. Ça n'allait pas mieux, j'ai alors entrepris de désinstaller plusieurs logiciels que je ne me servais plus. J'ai changé l'antivirus par AVG et à l'installation il me disait de désinstaller a squared que je ne trouve nulle part sur mes disques dur. Pour ce qui est de la rapidité de l'ordinateur en général, ça n'a pas changé. Juste ouvrir un nouvel onglet dans Opera prends au moins une minute, et, il y a quelques temps, ça prenais 2 secondes. Pourtant l'utilisation de l'UC dans le gestionnaire des taches indique moins de 50% des ressources employées. Si tu as d'autres suggestions, je suis preneur. Merci de l'aide, Speck41

Merci Pear, je fais toutes les actions demandées et je reviens avec les résultats plus tard. Il ne faut pas attendre une réponse rapidement, car je quitte pour quelques jours. C'est plutot bizare car mon pc est extrèmement lent, (ouverture d'opéra lente, ouverture de live mail lente ) mais, lorsque je vais voir dans le gestionnaire des taches il n'y a presque pas d'utilisation de l'UC entre 20 et 30% et tout est très lent. Merci Speck41

Bonjour, ou bonsoir et merci pour la réponse aussi rapide, c'est apprécié. J'ai téléchargé combofix et ensuite je l'ai exécuté. Je présume que la console de récupération était déjà installée car ça ne s'est pas passé comme décrit. Je vous joins le rapport généré par Combofix: ComboFix 10-08-08.01 - FKB 2010-08-08 16:22:28.2.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.510.233 [GMT -4:00] Lancé depuis: c:\documents and settings\FKB\Bureau\ComboFix.exe AV: a-squared Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255} AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\FKB\Application Data\inst.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((((((( Fichiers créés du 2010-07-08 au 2010-08-08 )))))))))))))))))))))))))))))))))))) . 2010-08-06 16:19 . 2010-08-08 18:01 -------- d-----w- c:\program files\ScanTool.net_win 2010-08-04 15:22 . 2009-03-30 14:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-08-04 15:22 . 2009-02-13 16:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-08-04 15:22 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-08-04 15:22 . 2010-08-04 15:22 -------- dc----w- c:\documents and settings\All Users\Application Data\Avira 2010-08-04 15:22 . 2010-08-04 15:22 -------- d-----w- c:\program files\Avira 2010-08-04 12:48 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-08-04 11:58 . 2010-08-04 11:58 -------- dc----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-07-20 01:58 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-07-20 01:58 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2010-07-20 01:56 . 2010-07-20 01:56 -------- d-----w- c:\program files\iPod 2010-07-19 13:47 . 2010-07-22 01:36 -------- dc----w- c:\documents and settings\FKB\Local Settings\Application Data\MigWiz 2010-07-17 15:19 . 2010-07-17 15:20 -------- d-----w- c:\program files\WebEx 2010-07-17 15:18 . 2009-07-07 18:48 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys 2010-07-17 15:18 . 2009-07-07 18:48 26672 ----a-w- c:\windows\system32\drivers\purendis.sys 2010-07-17 15:17 . 2010-07-17 15:17 -------- d-----w- c:\program files\Fichiers communs\Pure Networks Shared 2010-07-17 15:15 . 2010-07-17 15:29 -------- dc----w- c:\documents and settings\All Users\Application Data\Pure Networks 2010-07-10 14:16 . 2009-06-07 20:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll 2010-07-10 14:16 . 2009-06-07 20:16 819200 ----a-w- c:\windows\system32\xvidcore.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-04 15:17 . 2009-09-18 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-25 23:46 . 2009-09-18 15:20 -------- d-----w- c:\program files\Windows Live 2010-07-21 02:35 . 2009-10-10 21:02 -------- d-----w- c:\program files\mIRC 2010-07-20 01:56 . 2009-10-13 03:13 -------- d-----w- c:\program files\Fichiers communs\Apple 2010-07-19 13:47 . 2009-09-18 00:14 99160 ----a-w- c:\documents and settings\FKB\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-18 04:07 . 2009-09-22 13:43 -------- d-----w- c:\documents and settings\FKB\Application Data\uTorrent 2010-07-17 15:19 . 2010-07-17 15:19 8892928 -c--a-w- c:\documents and settings\All Users\Application Data\atscie.msi 2010-06-23 13:43 . 2001-08-28 12:00 78146 ----a-w- c:\windows\system32\perfc00C.dat 2010-06-23 13:43 . 2001-08-28 12:00 494760 ----a-w- c:\windows\system32\perfh00C.dat 2010-06-21 13:49 . 2010-02-08 14:29 -------- d-----w- c:\documents and settings\FKB\Application Data\Media Player Classic 2010-06-21 01:52 . 2010-01-03 05:35 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-06-21 01:40 . 2010-06-21 01:40 -------- d-----w- c:\program files\Apple Software Update 2010-06-20 20:08 . 2009-10-29 00:47 -------- d-----w- c:\program files\trend micro 2010-06-20 20:08 . 2010-06-20 20:08 52432 ----a-w- c:\windows\system32\drivers\klmd.sys 2010-06-20 19:31 . 2010-03-26 12:50 -------- d-----w- c:\program files\Lavasoft 2010-06-20 19:31 . 2010-03-26 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-06-20 02:32 . 2010-01-28 23:44 -------- d-----w- c:\program files\Yahoo! 2010-06-17 00:55 . 2010-06-17 00:55 -------- d-----w- c:\program files\AxBx 2010-06-07 13:21 . 2009-09-24 13:40 20450 ----a-w- c:\windows\SICALIB2.DAT 2010-05-11 13:45 . 2010-05-11 13:45 1707 ----a-w- C:\UsbFix_Upload_Me_ORDISALON.zip . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080] "WeatherEye"="c:\documents and settings\FKB\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-10-27 718232] "TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064] "nmctxth"="c:\program files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216] "nmapp"="d:\program files\Network Magic\nmapp.exe" [2010-07-17 472112] "iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Photo Express Calendar Checker SE.lnk] backup=c:\windows\pss\Photo Express Calendar Checker SE.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WordQCRS.lnk] backup=c:\windows\pss\WordQCRS.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^FKB^Menu Démarrer^Programmes^Démarrage^Logitech . Enregistrement du produit.lnk] backup=c:\windows\pss\Logitech . Enregistrement du produit.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^FKB^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk] backup=c:\windows\pss\Notification de cadeaux MSN.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2009-03-02 17:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-28 00:03 152872 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] 2009-01-29 22:20 57344 ----a-w- d:\program files\SlySoft\CloneCD\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] 2009-06-10 13:22 334224 ----a-w- d:\program files\Eraser\Eraser.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2007-03-06 21:48 488984 ----a-w- c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2007-03-06 21:58 1060376 ----a-w- c:\program files\Labtec\WebCam10\WebCam10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2010-04-29 19:39 1090952 ----a-w- d:\program files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2010-04-29 20:59 5248312 ----a-w- d:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 20:57 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 01:53 421888 ----a-w- d:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] 2007-06-25 13:47 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 16:43 248040 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2010-06-24 14:41 247144 ----a-w- d:\program files\TomTom HOME 2\TomTomHOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WordQ carat flag] 2009-03-03 04:00 24576 ----a-w- d:\program files\WordQ2Fr\WordQcrs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SvcOnlineArmor"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "QuickTime Task"="d:\program files\QuickTime\qttask.exe" -atboottime [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"= "d:\\Install\\P2P\\utorrent.exe"= "c:\\Documents and Settings\\FKB\\Bureau\\Raccourcis du Bureau\\P2P\\utorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= "d:\\Program Files\\iTunes\\iTunes.exe"= "c:\program files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service R3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys [2010-06-20 52432] R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2003-09-04 152576] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 LF30FS;LF30FS;d:\program files\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 101488] S2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] 2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contenu du dossier 'Tâches planifiées' 2010-08-08 c:\windows\Tasks\GlaryInitialize.job - d:\program files\Glary Utilities\initialize.exe [2009-09-04 15:14] . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: tomtom.com\www Handler: intu-ir2009 - {E4616804-F2F8-4839-B728-5305004DA6A7} - d:\program files\ImpotRapide 2009\ic2009pp.dll DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab . - - - - ORPHELINS SUPPRIMES - - - - ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file) SafeBoot-klmd23.sys MSConfigStartUp-Google Update - c:\documents and settings\FKB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-08 16:34 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2892) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\browselc.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Heure de fin: 2010-08-08 17:05:57 - La machine a redémarré ComboFix-quarantined-files.txt 2010-08-08 21:05 Avant-CF: 2 064 392 192 octets libres Après-CF: 2 020 384 768 octets libres - - End Of File - - 8177385B8132CAEF32B732BF321ECB76 ---------------------------------------------------------------------------------------------- Merci Speck41

Bonjour, j'ai un problème depuis quelques jours avec mon ordi qui n'arrive plus à être fonctionnel...... J'ai essayé Microsoft Security Essentials en l'installant et il premait trop de ressources, mon pc est ancien (512Meg de Ram Max). J'ai alors désinstallé Microsoft Security Essentials et réinstallé Antivir et depuis ce temps il ne fonctionne pas bien, il est extrèmement lent. Je vous joins un log Hijackthis. Merci Speck41 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:53:24, on 2010-08-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe D:\Program Files\Network Magic\nmapp.exe D:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\FKB\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\Opera\opera.exe C:\Documents and Settings\FKB\Bureau\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "D:\Program Files\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WeatherEye] C:\Documents and Settings\FKB\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264313117109 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O18 - Protocol: intu-ir2009 - {E4616804-F2F8-4839-B728-5305004DA6A7} - D:\Program Files\ImpotRapide 2009\ic2009pp.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 9674 bytes ------------------------------------------------------------------------------------------------------------

Ton aide m'a été précieuse. Je sais que certaines fois je télécharge des éléments qui peuvent être suspects.... je crois que la gratuité me font essayer des choses par curiosité. Merci infiniment. Ton aide qui m'a été précieuse. Je sais que certaines fois je télécharge des éléments qui peuvent être suspects.... je crois que la gratuité me font essayer des choses par curiosité. Il y a aussi les autres membres de la famille qui s'amusent en ligne. Merci infiniment. Speck41

Bonjour no.ppp, oui mon ordinateur va mieux, il n'y a plus de fenêtres internet explorer qui s'ouvrent et il semble un peu plus rapide aussi, comme tu le dis, pour eset online scanner "cela va prendre beaucoup de temps; sois patient !" ça a pris 10h05min..... Voici les résultats: C:\RECYCLER\S-1-5-21-606747145-162531612-682003330-1003\Dc32\MovedFiles\06202010_083941\C_Documents and Settings\FKB\Local Settings\temp\Ijd.exe a variant of Win32/Kryptik.FBH trojan C:\RECYCLER\S-1-5-21-606747145-162531612-682003330-1003\Dc32\MovedFiles\06202010_083941\C_WINDOWS\Ibatia.exe a variant of Win32/Kryptik.FBH trojan D:\INCINERATE\Install\unlocker_1.8.7_francais_20237.exe a variant of Win32/Adware.ADON application D:\Install\dxplayer_setup.exe multiple threats D:\Install\Graveur\Nero 7 Premium 7.10.1( French-English) + keygen\Nero 7 Premium 7.10.1( French-English) + keygen.zip Win32/Toolbar.AskSBar application D:\Install\Graveur\Nero 7 Premium 7.10.1( French-English) + keygen\Nero 7 Premium 7.10.1( French-English) + keygen\Nero-7.10.1.0.exe Win32/Toolbar.AskSBar application D:\Program Files\Big Kahuna Reef 2\Big Kahuna Reef 2.exe probably a variant of Win32/Agent trojan D:\Program Files\DivX Player\eBayShortcuts.exe Win32/Adware.ADON application ----------------------------------------------------------------------------------------------------------------- En attente de tes conseils, merci. Speck41

Re-salut, j'ai désinstallé AdAware comme suggéré. J'ai installé RSIT et je n'ai eu qu'un rapport que voici: Logfile of random's system information tool 1.07 (written by random/random) Run by FKB at 2010-06-20 16:08:23 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 3 GB (16%) free of 20 GB Total RAM: 510 MB (50% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:08:28, on 2010-06-20 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe D:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\FKB\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Documents and Settings\FKB\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe D:\Program Files\Opera\opera.exe C:\Documents and Settings\FKB\Bureau\Aide Zébulon\RSIT.exe C:\Program Files\trend micro\FKB.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "D:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [WordQ carat flag] D:\Program Files\WordQ2Fr\WordQcrs.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WeatherEye] C:\Documents and Settings\FKB\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "D:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\FKB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - S-1-5-18 Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\FKB\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\FKB\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (User 'Default user') O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\FKB\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe O4 - Global Startup: WordQCRS.lnk = D:\Program Files\WordQ2Fr\WordQcrs.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264313117109 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: intu-ir2009 - {E4616804-F2F8-4839-B728-5305004DA6A7} - D:\Program Files\ImpotRapide 2009\ic2009pp.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - D:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 10283 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GlaryInitialize.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-162531612-682003330-1003Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-162531612-682003330-1003UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-12-03 370296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-06 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-06 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "nmctxth"=C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe [2008-05-16 648504] "nmapp"=D:\Program Files\Pure Networks\Network Magic\nmapp.exe [2009-09-17 451896] "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] "SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-06-25 1629480] "InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-06-25 1057064] "WordQ carat flag"=D:\Program Files\WordQ2Fr\WordQcrs.exe [2009-03-03 24576] "QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2009-11-11 417792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080] "WeatherEye"=C:\Documents and Settings\FKB\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe [2009-10-26 718232] "Messenger (Yahoo!)"=D:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe [2010-04-29 5248312] "TomTomHOME.exe"=D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2010-05-07 247144] "Google Update"=C:\Documents and Settings\FKB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-23 136176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] D:\Program Files\Eraser\Eraser.exe [2009-06-10 334224] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] C:\Documents and Settings\FKB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-23 136176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2007-03-06 488984] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] C:\Program Files\Labtec\WebCam10\WebCam10.exe [2007-03-06 1060376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2010-04-29 5248312] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] D:\Program Files\QuickTime\qttask.exe [2009-11-11 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-02-18 248040] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2010-05-07 247144] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Photo Express Calendar Checker SE.lnk] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^FKB^Menu Démarrer^Programmes^Démarrage^Logitech . Enregistrement du produit.lnk] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SvcOnlineArmor"=2 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage WordQCRS.lnk - D:\Program Files\WordQ2Fr\WordQcrs.exe C:\Documents and Settings\FKB\Menu Démarrer\Programmes\Démarrage Notification de cadeaux MSN.lnk - C:\Documents and Settings\FKB\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] WgaLogon.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmd23.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmd23.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLUA"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 "NoDriveAutoRun"=255 "HonorAutoRunSetting"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser" "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC" "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup" "D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe"="D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI" "D:\Install\P2P\utorrent.exe"="D:\Install\P2P\utorrent.exe:*:Enabled:µTorrent" "C:\Documents and Settings\FKB\Bureau\Raccourcis du Bureau\P2P\utorrent.exe"="C:\Documents and Settings\FKB\Bureau\Raccourcis du Bureau\P2P\utorrent.exe:*:Enabled:µTorrent" "D:\Program Files\Activity Monitor\swatcher.exe"="D:\Program Files\Activity Monitor\swatcher.exe:*:Enabled:Activity Monitor" "D:\Program Files\Net-Orbit\Admin\netorbit.exe"="D:\Program Files\Net-Orbit\Admin\netorbit.exe:*:Enabled:netorbit" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe" "C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2010-06-20 16:08:14 ----A---- C:\TDSSKiller.2.3.2.0_20.06.2010_16.08.14_log.txt 2010-06-20 15:52:13 ----A---- C:\TDSSKiller.2.3.2.0_20.06.2010_15.52.13_log.txt 2010-06-20 08:39:41 ----D---- C:\_OTL 2010-06-16 20:55:44 ----D---- C:\Program Files\AxBx 2010-06-12 21:36:30 ----D---- C:\spoolerlogs 2010-06-10 21:26:58 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$ 2010-06-10 21:23:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$ 2010-06-10 21:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$ 2010-06-10 21:07:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$ 2010-06-10 21:07:32 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$ 2010-06-10 21:05:41 ----A---- C:\WINDOWS\imsins.BAK 2010-06-10 21:05:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$ 2010-06-04 21:42:17 ----D---- C:\Documents and Settings\FKB\Application Data\Acapela Group 2010-06-04 21:39:28 ----A---- C:\WINDOWS\WiViK3.ini 2010-06-01 20:34:39 ----D---- C:\Program Files\Windows Live SkyDrive 2010-05-26 15:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$ ======List of files/folders modified in the last 1 months====== 2010-06-20 16:08:27 ----D---- C:\Program Files\trend micro 2010-06-20 16:08:18 ----D---- C:\WINDOWS\Prefetch 2010-06-20 16:08:14 ----D---- C:\WINDOWS\system32\drivers 2010-06-20 16:07:48 ----D---- C:\WINDOWS\temp 2010-06-20 15:37:42 ----D---- C:\WINDOWS\system32\CatRoot2 2010-06-20 15:34:29 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-06-20 15:31:23 ----SHD---- C:\WINDOWS\Installer 2010-06-20 15:31:08 ----D---- C:\Program Files\Lavasoft 2010-06-20 15:31:02 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2010-06-20 15:30:58 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-06-20 15:30:52 ----D---- C:\WINDOWS\system32 2010-06-20 08:40:05 ----SD---- C:\WINDOWS\Tasks 2010-06-20 08:40:05 ----D---- C:\WINDOWS 2010-06-19 22:32:13 ----D---- C:\Program Files\Yahoo! 2010-06-19 10:38:58 ----D---- C:\Documents and Settings\FKB\Application Data\uTorrent 2010-06-19 10:30:20 ----A---- C:\WINDOWS\NeroDigital.ini 2010-06-17 21:38:24 ----D---- C:\Program Files\mIRC 2010-06-17 08:59:54 ----HD---- C:\WINDOWS\inf 2010-06-16 20:55:44 ----RD---- C:\Program Files 2010-06-13 18:43:30 ----D---- C:\Documents and Settings\FKB\Application Data\Macromedia 2010-06-13 18:05:45 ----D---- C:\WINDOWS\Drivers 2010-06-10 22:22:18 ----D---- C:\WINDOWS\Microsoft.NET 2010-06-10 22:22:11 ----RSD---- C:\WINDOWS\assembly 2010-06-10 21:27:04 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-06-10 21:23:36 ----HD---- C:\WINDOWS\$hf_mig$ 2010-06-10 21:23:06 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2010-06-10 21:15:38 ----D---- C:\Program Files\Internet Explorer 2010-06-10 21:15:04 ----D---- C:\WINDOWS\ie8updates 2010-06-10 21:10:04 ----D---- C:\WINDOWS\Debug 2010-06-10 21:02:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-06-10 21:01:10 ----D---- C:\WINDOWS\WinSxS 2010-06-09 09:44:21 ----D---- C:\Documents and Settings\FKB\Application Data\Classes de site 2010-06-09 09:44:20 ----D---- C:\Documents and Settings\FKB\Application Data\Sites 2010-06-07 10:24:17 ----D---- C:\Program Files\Microsoft Silverlight 2010-06-04 21:39:43 ----D---- C:\WINDOWS\system32\Setup 2010-06-04 21:36:53 ----D---- C:\Program Files\Fichiers communs\InstallShield 2010-06-03 18:59:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2010-06-01 20:30:38 ----SD---- C:\Documents and Settings\FKB\Application Data\Microsoft 2010-06-01 20:29:08 ----D---- C:\Program Files\MSN 2010-05-28 15:37:34 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2010-01-01 26024] R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-06-25 36776] R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-06-25 38440] R1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-19 46720] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-10 56816] R2 LF30FS;LF30FS; \??\D:\Program Files\Lock Folder XP 3.6\LF30XP.sys [] R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-05-16 23992] R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-05-16 25272] R2 ScFBPNT2;CanoScan FBP2 Port Driver; \??\C:\WINDOWS\system32\drivers\ScFBPNT2.SYS [] R3 ac97intc;Service d'installation du pilote audio Intel® 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-19 60800] R3 E100B;Pilote de carte Intel ® PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760] R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-15 34760] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-28 9600] R3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-28 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-19 61824] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-06-25 119080] S2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [] S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-04 48128] S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-04 38912] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415] S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127] S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775] S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063] S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455] S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807] S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295] S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871] S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311] S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551] S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599] S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615] S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471] S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271] S3 klmd23;klmd23; C:\WINDOWS\system32\drivers\klmd.sys [2010-06-20 52432] S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-03-06 1669664] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-03-06 2261792] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-04 51328] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-19 10880] S3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2010-02-28 47360] S3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 152576] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [] S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [] S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [] S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-06-25 1552680] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-06 153376] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 nmservice;Pure Networks Platform Service; C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe [2008-05-16 648504] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2008-10-23 244904] R2 TomTomHOMEService;TomTomHOMEService; D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2010-05-07 92008] R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [2008-07-26 141848] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040] S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S3 nmraapache;Pure Networks Net2Go Service; D:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2008-05-16 12800] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- ----------------------------------------------------------------------------------------------------------- Et le rapport de TDSSKiller: 15:52:13:937 2524 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48 15:52:13:937 2524 ================================================================================ 15:52:13:937 2524 SystemInfo: 15:52:13:937 2524 OS Version: 5.1.2600 ServicePack: 2.0 15:52:13:937 2524 Product type: Workstation 15:52:13:937 2524 ComputerName: ORDISALON 15:52:13:937 2524 UserName: FKB 15:52:13:937 2524 Windows directory: C:\WINDOWS 15:52:13:937 2524 Processor architecture: Intel x86 15:52:13:937 2524 Number of processors: 1 15:52:13:937 2524 Page size: 0x1000 15:52:13:937 2524 Boot type: Normal boot 15:52:13:937 2524 ================================================================================ 15:52:14:781 2524 Initialize success 15:52:14:781 2524 15:52:14:781 2524 Scanning Services ... 15:52:15:203 2524 Raw services enum returned 363 services 15:52:15:218 2524 15:52:15:218 2524 Scanning Drivers ... 15:52:16:796 2524 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys 15:52:17:109 2524 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys 15:52:17:218 2524 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:52:17:328 2524 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys 15:52:17:718 2524 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 15:52:18:171 2524 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 15:52:19:218 2524 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 15:52:20:359 2524 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:52:20:703 2524 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 15:52:20:937 2524 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:52:21:046 2524 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 15:52:21:140 2524 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys 15:52:21:218 2524 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 15:52:21:343 2524 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 15:52:21:453 2524 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\WINDOWS\system32\DRIVERS\avipbb.sys 15:52:21:562 2524 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 15:52:21:703 2524 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 15:52:21:906 2524 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 15:52:22:109 2524 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 15:52:22:562 2524 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 15:52:22:687 2524 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:52:23:109 2524 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 15:52:23:296 2524 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys 15:52:23:531 2524 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\DRIVERS\dmio.sys 15:52:24:203 2524 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 15:52:24:296 2524 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 15:52:24:453 2524 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 15:52:24:531 2524 E100B (1961f8b618e3c20df54c146b294efd2a) C:\WINDOWS\system32\DRIVERS\e100b325.sys 15:52:24:640 2524 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys 15:52:24:718 2524 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 15:52:24:828 2524 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 15:52:24:968 2524 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 15:52:25:046 2524 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys 15:52:25:171 2524 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 15:52:25:281 2524 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys 15:52:25:375 2524 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:52:25:500 2524 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:52:25:578 2524 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:52:25:687 2524 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 15:52:25:906 2524 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys 15:52:26:125 2524 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:52:26:218 2524 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys 15:52:26:328 2524 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys 15:52:26:406 2524 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys 15:52:26:500 2524 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys 15:52:26:593 2524 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys 15:52:26:703 2524 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys 15:52:26:796 2524 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys 15:52:26:921 2524 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys 15:52:27:000 2524 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys 15:52:27:265 2524 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys 15:52:27:343 2524 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys 15:52:27:421 2524 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys 15:52:27:484 2524 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys 15:52:27:546 2524 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys 15:52:27:609 2524 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys 15:52:27:687 2524 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 15:52:27:968 2524 InCDfs (580a81790cd0a48d85da322267da7ac4) C:\WINDOWS\system32\drivers\InCDFs.sys 15:52:28:078 2524 InCDPass (aaa2789d2ce21b31be9406ba1ceb7285) C:\WINDOWS\system32\drivers\InCDPass.sys 15:52:28:171 2524 InCDrec (4d022577e9072b5d22e0a383a7806bbb) C:\WINDOWS\system32\drivers\InCDrec.sys 15:52:28:437 2524 incdrm (c258e57321a3c3737f4fa815fa69ee0b) C:\WINDOWS\system32\drivers\InCDRm.sys 15:52:28:593 2524 IntelIde (1367812f8a974e0c13a4888fa5e7ede6) C:\WINDOWS\system32\DRIVERS\intelide.sys 15:52:28:687 2524 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 15:52:28:765 2524 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:52:28:890 2524 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:52:29:000 2524 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:52:29:109 2524 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:52:29:218 2524 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 15:52:29:312 2524 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:52:29:406 2524 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:52:29:515 2524 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys 15:52:29:687 2524 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 15:52:29:812 2524 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 15:52:30:015 2524 LF30FS (10e0d92e5b21c045e0a53befb71dc09d) D:\Program Files\Lock Folder XP 3.6\LF30XP.sys 15:52:30:796 2524 LVcKap (b72e763eb92b8dbe45c455ba6e4babd0) C:\WINDOWS\system32\DRIVERS\LVcKap.sys 15:52:31:984 2524 LVMVDrv (e8a376abc340c35318a79b766c2406bb) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys 15:52:32:562 2524 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 15:52:32:687 2524 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys 15:52:32:906 2524 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:52:32:984 2524 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 15:52:33:062 2524 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 15:52:33:281 2524 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:52:33:421 2524 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:52:33:578 2524 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys 15:52:33:765 2524 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 15:52:33:921 2524 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:52:34:015 2524 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:52:34:125 2524 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 15:52:34:578 2524 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:52:34:937 2524 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 15:52:35:562 2524 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 15:52:36:312 2524 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 15:52:37:015 2524 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 15:52:38:062 2524 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 15:52:38:546 2524 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:52:39:000 2524 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:52:39:515 2524 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:52:40:109 2524 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 15:52:40:578 2524 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 15:52:40:687 2524 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 15:52:40:812 2524 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 15:52:40:953 2524 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 15:52:41:281 2524 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 15:52:41:453 2524 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 15:52:41:796 2524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:52:41:953 2524 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:52:42:046 2524 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 15:52:42:140 2524 P3 (136e0cea9bd1c42066692decfa5c6418) C:\WINDOWS\system32\DRIVERS\p3.sys 15:52:42:281 2524 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\DRIVERS\parport.sys 15:52:42:359 2524 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 15:52:42:531 2524 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 15:52:42:609 2524 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys 15:52:43:046 2524 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\drivers\Pcmcia.sys 15:52:43:296 2524 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys 15:52:44:250 2524 PID_0920 (2f81e367875c5d7d6f05454ba84d27a9) C:\WINDOWS\system32\DRIVERS\LV532AV.SYS 15:52:44:437 2524 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys 15:52:44:546 2524 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:52:44:625 2524 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:52:44:718 2524 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys 15:52:45:125 2524 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:52:45:234 2524 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:52:45:328 2524 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:52:45:437 2524 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 15:52:45:593 2524 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:52:45:703 2524 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:52:45:859 2524 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 15:52:46:000 2524 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 15:52:46:218 2524 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys 15:52:46:343 2524 ScFBPNT2 (50b724c9d03111245df270bc3f49f04d) C:\WINDOWS\system32\drivers\ScFBPNT2.SYS 15:52:46:468 2524 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:52:46:562 2524 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 15:52:46:656 2524 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\DRIVERS\serial.sys 15:52:46:781 2524 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 15:52:46:984 2524 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 15:52:47:187 2524 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 15:52:47:296 2524 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys 15:52:47:437 2524 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 15:52:47:593 2524 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 15:52:47:750 2524 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 15:52:47:859 2524 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 15:52:47:937 2524 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 15:52:48:296 2524 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 15:52:48:484 2524 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:52:48:593 2524 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 15:52:48:703 2524 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 15:52:48:828 2524 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 15:52:48:968 2524 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 15:52:49:203 2524 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys 15:52:49:906 2524 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:52:51:046 2524 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 15:52:51:203 2524 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 15:52:51:343 2524 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:52:51:578 2524 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 15:52:51:750 2524 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 15:52:52:000 2524 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys 15:52:52:171 2524 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:52:52:343 2524 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 15:52:52:437 2524 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 15:52:52:531 2524 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 15:52:52:609 2524 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 15:52:52:609 2524 15:52:52:609 2524 Completed 15:52:52:609 2524 15:52:52:609 2524 Results: 15:52:52:609 2524 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 15:52:52:609 2524 File objects infected / cured / cured on reboot: 0 / 0 / 0 15:52:52:609 2524 15:52:52:625 2524 KLMD(ARK) unloaded successfully Voila, merci Speck41

Bonjour no.ppp, merci de ton aide très rapide. Je te post les rapports demandés. J'avais utilisé MBAM il y a 1 jour et il n'avait rien trouvé..... j'imagine que OTL a mis en évidence des problèmes qui étaient cachés? Voici les rapports: MBAM Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4217 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 2010-06-20 10:10:19 mbam-log-2010-06-20 (10-10-19).txt Type d'examen: Examen rapide Elément(s) analysé(s): 139446 Temps écoulé: 16 minute(s), 46 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\v71iql7hi7 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.53,93.188.161.183 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c77883a8-1a5f-4a83-b9da-857e0ddea8e8}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.53,93.188.161.183 -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) ------------------------------------------------------------------------------------------------------------ OTL All processes killed ========== OTL ========== Process Ijd.exe killed successfully! No active process named Ibatia.exe was found! Registry value HKEY_USERS\S-1-5-21-606747145-162531612-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\M5T8QL3YW3 deleted successfully. C:\Documents and Settings\FKB\Local Settings\temp\Ijd.exe moved successfully. C:\WINDOWS\_delis32.ini moved successfully. C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully. C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully. C:\WINDOWS\tasks\ac9af519.job moved successfully. File C:\WINDOWS\System32\ernel32.dll not found. C:\WINDOWS\Ibatia.exe moved successfully. C:\Documents and Settings\FKB\Application Data\ac9af519.exe moved successfully. C:\Documents and Settings\Invité\Application Data\VMNTOOLBAR folder moved successfully. ========== FILES ========== File\Folder C:\Documents and Settings\Invité\Application Data\VMNTOOLBAR not found. File\Folder C:\Documents and Settings\FKB\Local Settings\temp\Ijd.exe not found. File\Folder C:\WINDOWS\Ibatia.exe not found. File\Folder C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found. File\Folder C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job not found. File\Folder C:\WINDOWS\tasks\ac9af519.job not found. File\Folder C:\WINDOWS\_delis32.ini not found. File\Folder C:\WINDOWS\System32\ernel32.dll not found. File\Folder C:\Documents and Settings\FKB\Application Data\ac9af519.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: FKB ->Temp folder emptied: 1221233 bytes ->Temporary Internet Files folder emptied: 92982412 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 6419321 bytes ->Flash cache emptied: 12514 bytes User: Invité ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2836911 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 10306 bytes Total Files Cleaned = 99,00 mb [EMPTYFLASH] User: Administrateur User: All Users User: Default User User: FKB ->Flash cache emptied: 0 bytes User: Invité User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb Restore point Set: OTL Restore Point (0) C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.6.0 log created on 06202010_083941 Files\Folders moved on Reboot... Registry entries deleted on Reboot... -------------------------------------------------------------------------------------------------- Ah oui, suite à la deuxième utilisation d'OTL, le redémarrage ne s'est pas complètement effectué, après une période prolongée sans activité de l'ordinateur (30 min) je l'ai redémarré en faisant un reset. Merci Speck41

Bonsoir, merci no.ppp de prendre mon problème en main. Voici les 2 rapports demandés. ----------------------------------------------------------------------------------------- OTL logfile created on: 2010-06-19 19:33:24 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\FKB\Bureau Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd 510,00 Mb Total Physical Memory | 90,00 Mb Available Physical Memory | 18,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): c:\pagefile.sys 2500 3000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,13 Gb Total Space | 2,84 Gb Free Space | 14,87% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 90,99 Gb Free Space | 61,05% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ORDISALON Current User Name: FKB Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010-06-19 19:29:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FKB\Bureau\OTL.exe PRC - [2010-06-19 09:30:09 | 000,150,528 | ---- | M] () -- C:\Documents and Settings\FKB\Local Settings\temp\Ijd.exe PRC - [2010-06-19 09:29:40 | 000,165,376 | ---- | M] () -- C:\WINDOWS\Ibatia.exe PRC - [2010-05-07 08:36:10 | 000,092,008 | ---- | M] (TomTom) -- D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010-05-07 08:36:08 | 000,247,144 | ---- | M] (TomTom) -- D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2010-04-28 13:45:50 | 000,835,952 | ---- | M] (Opera Software) -- D:\Program Files\Opera\opera.exe PRC - [2010-04-16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe PRC - [2009-10-26 21:42:42 | 000,718,232 | ---- | M] (Pelmorex Media Inc.) -- C:\Documents and Settings\FKB\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe PRC - [2009-09-17 21:34:03 | 000,451,896 | ---- | M] (Pure Networks, Inc.) -- D:\Program Files\Pure Networks\Network Magic\nmapp.exe PRC - [2009-07-21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009-05-13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009-03-02 13:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008-11-09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008-05-16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe PRC - [2008-05-16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe PRC - [2007-06-25 09:47:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe PRC - [2007-06-25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe PRC - [2007-06-25 09:47:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe PRC - [2007-06-13 09:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010-06-19 19:29:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FKB\Bureau\OTL.exe MOD - [2004-08-03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010-05-07 08:36:10 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010-04-08 05:41:27 | 001,265,264 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2009-07-21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009-05-13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008-11-09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008-11-04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008-07-26 08:27:42 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) SRV - [2008-05-16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2008-05-16 05:56:04 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- D:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache) SRV - [2007-06-27 20:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2007-06-25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2006-10-26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - [2010-02-05 05:03:36 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2010-01-01 13:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2009-12-10 11:00:26 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009-05-11 10:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-03-30 10:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009-02-13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008-05-16 06:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp) DRV - [2008-05-16 06:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis) DRV - [2007-06-25 09:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm) DRV - [2007-06-25 09:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007-06-25 09:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs) DRV - [2007-03-06 17:52:46 | 002,261,792 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv) DRV - [2007-03-06 17:50:30 | 001,669,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap) DRV - [2007-02-15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2004-11-19 19:07:00 | 000,101,488 | ---- | M] () [Kernel | Auto | Running] -- D:\Program Files\Lock Folder XP 3.6\LF30XP.sys -- (LF30FS) DRV - [2004-08-04 00:10:12 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883) DRV - [2004-08-04 00:10:12 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc) DRV - [2004-08-04 00:10:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV) DRV - [2004-08-03 18:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) DRV - [2004-08-03 18:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) DRV - [2004-08-03 18:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) DRV - [2004-08-03 18:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) DRV - [2004-08-03 18:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) DRV - [2004-08-03 18:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) DRV - [2004-08-03 18:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) DRV - [2004-08-03 18:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) DRV - [2004-08-03 18:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) DRV - [2004-08-03 18:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) DRV - [2004-08-03 18:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) DRV - [2004-08-03 18:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004-08-03 18:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) DRV - [2004-08-03 18:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) DRV - [2004-08-03 18:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) DRV - [2003-09-04 11:38:56 | 000,152,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV532AV.SYS -- (PID_0920) Logitech QuickCam Express(PID_0920) DRV - [2001-08-17 16:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Service d'installation du pilote audio Intel® 82801 (WDM) DRV - [1999-05-21 01:00:00 | 000,015,488 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys -- (ScFBPNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\S-1-5-21-606747145-162531612-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-606747145-162531612-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.startup.homepage: "http://www.evolutionsynchro.123.fr/|http://www.google.ca/"'>http://www.evolutionsynchro.123.fr/|http://www.google.ca/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..browser.startup.homepage: "http://fr.msn.com/"'>http://fr.msn.com/" FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q="'>http://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=" FF - prefs.js..browser.search.selectedEngine: "Live Search" FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Program Files\Real\RealPlayer\browserrecord [2009-12-03 17:29:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-01-23 14:46:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-04-10 20:04:08 | 000,000,000 | ---D | M] [2009-12-13 15:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Mozilla\Extensions [2009-12-13 15:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Mozilla\Extensions\home2@tomtom.com [2010-05-21 09:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Mozilla\Firefox\Profiles\iwzhylrv.default\extensions [2009-10-28 20:03:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\FKB\Application Data\Mozilla\Firefox\Profiles\iwzhylrv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-11 19:44:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\FKB\Application Data\Mozilla\Firefox\Profiles\iwzhylrv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010-06-01 20:30:38 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\FKB\Application Data\Mozilla\Firefox\Profiles\iwzhylrv.default\searchplugins\live-search.xml O1 HOSTS File: ([2010-01-24 18:16:55 | 000,000,745 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Barre d'outils) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [nmapp] D:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.) O4 - HKLM..\Run: [nmctxth] C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.) O4 - HKLM..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) O4 - HKLM..\Run: [WordQ carat flag] D:\Program Files\WordQ2Fr\WordQcrs.exe () O4 - HKU\S-1-5-21-606747145-162531612-682003330-1003..\Run: [M5T8QL3YW3] C:\Documents and Settings\FKB\Local Settings\temp\Ijd.exe () O4 - HKU\S-1-5-21-606747145-162531612-682003330-1003..\Run: [Messenger (Yahoo!)] D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-606747145-162531612-682003330-1003..\Run: [TomTomHOME.exe] D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-21-606747145-162531612-682003330-1003..\Run: [WeatherEye] C:\Documents and Settings\FKB\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe (Pelmorex Media Inc.) O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WordQCRS.lnk = D:\Program Files\WordQ2Fr\WordQcrs.exe () O4 - Startup: C:\Documents and Settings\FKB\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk = C:\Documents and Settings\FKB\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-606747145-162531612-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255 O7 - HKU\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0 O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-606747145-162531612-682003330-1003\..Trusted Domains: tomtom.com ([www] https in Trusted sites) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264313117109 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.18.160.73 64.18.160.74 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.53,93.188.161.183 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\intu-ir2009 {E4616804-F2F8-4839-B728-5305004DA6A7} - D:\Program Files\ImpotRapide 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\FKB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\FKB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-09-17 18:10:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-05-11 09:45:21 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-05-11 09:45:21 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-06-19 19:29:39 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\FKB\Bureau\OTL.exe [2010-06-16 20:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\AxBx [2010-06-12 22:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\OBD Soft [2010-06-12 21:36:30 | 000,000,000 | ---D | C] -- C:\spoolerlogs [2010-06-10 10:45:29 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010-06-07 17:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Toyota [2010-06-07 10:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Demande Ordi [2010-06-07 09:27:39 | 000,000,000 | ---D | C] -- D:\Mes documents\Permis SAAQ 2010 [2010-06-05 11:43:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\FKB\Recent [2010-06-04 21:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Application Data\Acapela Group [2010-06-04 21:39:47 | 000,000,000 | ---D | C] -- D:\Mes documents\Utilisateurs de WordQ 2 [2010-06-02 19:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Routeur [2010-06-01 20:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive [2010-06-01 12:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Bulletin [2010-05-27 20:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Rencontre Instructeurs [2010-05-27 09:44:45 | 000,000,000 | ---D | C] -- D:\Mes documents\Émoticones [2010-05-26 18:35:38 | 000,000,000 | ---D | C] -- D:\Mes documents\TomTom [2004-11-24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll ========== Files - Modified Within 30 Days ========== [2010-06-19 19:56:48 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010-06-19 19:47:05 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010-06-19 19:43:21 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\FKB\ntuser.dat [2010-06-19 19:29:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FKB\Bureau\OTL.exe [2010-06-19 19:20:04 | 000,001,138 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-162531612-682003330-1003UA.job [2010-06-19 16:58:01 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\ac9af519.job [2010-06-19 16:55:02 | 000,044,544 | ---- | M] () -- C:\WINDOWS\System32\ernel32.dll [2010-06-19 16:54:56 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2010-06-19 16:54:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-06-19 16:53:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-06-19 16:53:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-06-19 16:53:38 | 535,285,760 | -HS- | M] () -- C:\hiberfil.sys [2010-06-19 16:52:26 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\FKB\ntuser.ini [2010-06-19 10:37:48 | 000,092,160 | ---- | M] () -- C:\Documents and Settings\FKB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-06-19 10:30:20 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-06-19 09:29:40 | 000,165,376 | ---- | M] () -- C:\WINDOWS\Ibatia.exe [2010-06-19 09:29:18 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\FKB\Application Data\ac9af519.exe [2010-06-19 08:20:01 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-162531612-682003330-1003Core.job [2010-06-18 10:59:33 | 000,172,134 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\perceuse.docx [2010-06-14 11:57:45 | 000,000,384 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Recettes.lnk [2010-06-10 21:33:07 | 000,349,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-06-10 21:24:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-06-10 21:02:17 | 001,033,070 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-06-10 21:02:17 | 000,494,760 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2010-06-10 21:02:17 | 000,426,514 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-06-10 21:02:17 | 000,078,146 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2010-06-10 21:02:17 | 000,065,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-06-10 10:31:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2010-06-09 10:05:03 | 000,703,511 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\St-Augustin_st_jean_2010.pdf [2010-06-09 09:44:21 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\FKB\Application Data\Settings.cfg [2010-06-07 09:21:11 | 000,020,450 | ---- | M] () -- C:\WINDOWS\SICALIB2.DAT [2010-06-04 21:39:28 | 000,000,561 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WordQCRS.lnk [2010-06-04 21:39:28 | 000,000,060 | ---- | M] () -- C:\WINDOWS\WiViK3.ini [2010-06-03 19:22:08 | 000,067,260 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Milliplein.jpeg [2010-06-03 09:28:28 | 000,024,124 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Magic Jack conditions.docx [2010-06-01 20:30:39 | 000,001,109 | ---- | M] () -- C:\Documents and Settings\FKB\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk [2010-05-28 17:37:57 | 000,010,534 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Letter to Parents - June Exams.pdf [2010-05-28 17:37:56 | 000,107,004 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Exam schedule June 2010.pdf ========== Files Created - No Company Name ========== [2010-06-19 16:55:02 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\ernel32.dll [2010-06-19 15:50:55 | 000,000,242 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010-06-19 09:30:29 | 000,000,274 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010-06-19 09:30:17 | 000,165,376 | ---- | C] () -- C:\WINDOWS\Ibatia.exe [2010-06-19 09:29:24 | 000,000,276 | -H-- | C] () -- C:\WINDOWS\tasks\ac9af519.job [2010-06-19 09:29:20 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\FKB\Application Data\ac9af519.exe [2010-06-18 10:58:02 | 000,172,134 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\perceuse.docx [2010-06-14 11:57:45 | 000,000,384 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Recettes.lnk [2010-06-10 21:05:41 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010-06-09 10:05:01 | 000,703,511 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\St-Augustin_st_jean_2010.pdf [2010-06-04 21:39:28 | 000,000,561 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WordQCRS.lnk [2010-06-04 21:39:28 | 000,000,060 | ---- | C] () -- C:\WINDOWS\WiViK3.ini [2010-06-03 19:22:08 | 000,067,260 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Milliplein.jpeg [2010-06-03 09:27:05 | 000,024,124 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Magic Jack conditions.docx [2010-06-01 20:30:39 | 000,001,109 | ---- | C] () -- C:\Documents and Settings\FKB\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk [2010-05-28 17:37:56 | 000,107,004 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Exam schedule June 2010.pdf [2010-05-28 17:37:56 | 000,010,534 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Letter to Parents - June Exams.pdf [2010-05-26 18:16:31 | 000,186,142 | ---- | C] () -- D:\Mes documents\Contrat Trousse auto occasion.pdf [2010-05-26 18:16:31 | 000,122,866 | ---- | C] () -- D:\Mes documents\Procuration Transfert SAAQ.pdf [2010-04-10 10:38:57 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-04-10 10:21:38 | 000,000,091 | ---- | C] () -- C:\WINDOWS\fpxpress.ini [2010-03-13 18:56:05 | 000,000,174 | ---- | C] () -- C:\WINDOWS\mp3 recorder.ini [2010-02-28 21:24:24 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll [2010-02-02 20:03:06 | 000,000,504 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2009-10-23 17:41:55 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI [2009-10-15 11:37:15 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2009-10-14 15:17:51 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll [2009-10-13 12:05:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WD.INI [2009-10-04 21:06:54 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009-09-28 20:33:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-09-24 09:31:56 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI [2009-09-24 09:29:41 | 000,000,548 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI [2009-09-24 09:27:30 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys [2007-03-06 17:50:30 | 001,669,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys [2006-05-25 01:22:06 | 000,025,602 | ---- | C] () -- C:\WINDOWS\System32\knstwai.dll [2005-03-14 14:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2004-10-03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [1999-08-10 18:02:20 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL [1999-08-10 18:02:16 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll [1999-01-27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1997-06-13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== LOP Check ========== [2010-01-16 11:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\GlarySoft [2009-11-29 13:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2009-09-17 21:37:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2010-02-28 21:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Configs [2010-01-12 19:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes [2009-10-16 12:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier [2009-10-16 13:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2010-01-23 22:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com [2010-05-11 09:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\open-config [2010-03-01 10:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft [2010-02-27 20:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp [2009-12-13 15:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2009-12-20 00:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk [2010-03-27 10:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions [2010-03-26 08:53:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B} [2010-01-03 15:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010-06-04 21:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Acapela Group [2009-12-03 18:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Apowersoft [2009-09-19 20:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Auslogics [2009-11-29 13:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Canneverbe_Limited [2010-06-09 09:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Classes de site [2009-09-22 09:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Convivea [2009-09-23 09:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Dynamique [2009-09-23 09:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\EmailNotifier [2010-01-03 13:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\GlarySoft [2009-12-13 19:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\ImgBurn [2009-10-16 13:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\iolo [2010-01-10 13:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\kibisoft [2010-05-15 09:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Leadertech [2009-12-12 14:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\MSNInstaller [2009-10-24 15:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Netscape [2009-09-24 10:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Opera [2009-10-24 16:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Photodex [2009-09-19 18:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\PhotoFiltre Studio X [2010-06-09 09:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Sites [2010-04-11 20:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Softativity [2009-09-18 10:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Styler [2010-01-16 13:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\TomTom [2010-01-16 12:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\TomTom(2) [2010-04-06 20:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Tracker Software [2010-06-19 10:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\uTorrent [2010-04-04 10:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Visicom Media [2010-03-01 10:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Vso [2010-03-27 13:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\WindSolutions [2009-10-31 11:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\EmailNotifier [2009-10-31 11:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\OnlineArmor [2009-10-31 11:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\VMNTOOLBAR [2009-10-14 15:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo [2010-06-19 16:58:01 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\Tasks\ac9af519.job [2010-06-19 16:54:56 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job [2010-06-19 19:56:48 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010-06-19 19:47:05 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job ========== Purity Check ========== < End of report > PRC - [2010-06-19 19:29:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FKB\Bureau\OTL.exe PRC - [2010-06-19 09:29:40 | 000,165,376 | ---- | M] () -- C:\WINDOWS\Ibatia.exe PRC - [2010-05-07 08:36:10 | 000,092,008 | ---- | M] (TomTom) -- D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010-05-07 08:36:08 | 000,247,144 | ---- | M] (TomTom) -- D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2010-04-16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe PRC - [2009-10-26 21:42:42 | 000,718,232 | ---- | M] (Pelmorex Media Inc.) -- C:\Documents and Settings\FKB\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe PRC - [2009-09-17 21:34:03 | 000,451,896 | ---- | M] (Pure Networks, Inc.) -- D:\Program Files\Pure Networks\Network Magic\nmapp.exe PRC - [2009-07-21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009-05-13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009-03-02 13:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008-11-09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008-05-16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe PRC - [2008-05-16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe PRC - [2007-06-25 09:47:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe PRC - [2007-06-25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe PRC - [2007-06-25 09:47:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe PRC - [2007-06-13 09:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010-06-19 19:29:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FKB\Bureau\OTL.exe MOD - [2004-08-03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010-05-07 08:36:10 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010-04-08 05:41:27 | 001,265,264 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2009-07-21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009-05-13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008-11-09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008-11-04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008-07-26 08:27:42 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) SRV - [2008-05-16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2008-05-16 05:56:04 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- D:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache) SRV - [2007-06-27 20:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2007-06-25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2006-10-26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - [2010-02-05 05:03:36 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2010-01-01 13:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2009-12-10 11:00:26 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009-05-11 10:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-03-30 10:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009-02-13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008-05-16 06:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp) DRV - [2008-05-16 06:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis) DRV - [2007-06-25 09:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm) DRV - [2007-06-25 09:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007-06-25 09:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs) DRV - [2007-03-06 17:52:46 | 002,261,792 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv) DRV - [2007-03-06 17:50:30 | 001,669,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap) DRV - [2007-02-15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2004-11-19 19:07:00 | 000,101,488 | ---- | M] () [Kernel | Auto | Running] -- D:\Program Files\Lock Folder XP 3.6\LF30XP.sys -- (LF30FS) DRV - [2004-08-04 00:10:12 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883) DRV - [2004-08-04 00:10:12 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc) DRV - [2004-08-04 00:10:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV) DRV - [2004-08-03 18:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) DRV - [2004-08-03 18:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) DRV - [2004-08-03 18:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) DRV - [2004-08-03 18:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) DRV - [2004-08-03 18:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) DRV - [2004-08-03 18:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) DRV - [2004-08-03 18:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) DRV - [2004-08-03 18:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) DRV - [2004-08-03 18:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) DRV - [2004-08-03 18:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) DRV - [2004-08-03 18:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) DRV - [2004-08-03 18:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004-08-03 18:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) DRV - [2004-08-03 18:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) DRV - [2004-08-03 18:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) DRV - [2003-09-04 11:38:56 | 000,152,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV532AV.SYS -- (PID_0920) Logitech QuickCam Express(PID_0920) DRV - [2001-08-17 16:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Service d'installation du pilote audio Intel® 82801 (WDM) DRV - [1999-05-21 01:00:00 | 000,015,488 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys -- (ScFBPNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\S-1-5-21-606747145-162531612-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-606747145-162531612-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.startup.homepage: "http://www.evolutionsynchro.123.fr/|http://www.google.ca/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..browser.startup.homepage: "http://fr.msn.com/" FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=" FF - prefs.js..browser.search.selectedEngine: "Live Search" FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Program Files\Real\RealPlayer\browserrecord [2009-12-03 17:29:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-01-23 14:46:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-04-10 20:04:08 | 000,000,000 | ---D | M] [2009-12-13 15:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Mozilla\Extensions [2009-12-13 15:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Mozilla\Extensions\home2@tomtom.com [2010-05-21 09:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Mozilla\Firefox\Profiles\iwzhylrv.default\extensions [2009-10-28 20:03:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\FKB\Application Data\Mozilla\Firefox\Profiles\iwzhylrv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-11 19:44:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\FKB\Application Data\Mozilla\Firefox\Profiles\iwzhylrv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010-06-01 20:30:38 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\FKB\Application Data\Mozilla\Firefox\Profiles\iwzhylrv.default\searchplugins\live-search.xml O1 HOSTS File: ([2010-01-24 18:16:55 | 000,000,745 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Barre d'outils) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [nmapp] D:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.) O4 - HKLM..\Run: [nmctxth] C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.) O4 - HKLM..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) O4 - HKLM..\Run: [WordQ carat flag] D:\Program Files\WordQ2Fr\WordQcrs.exe () O4 - HKU\S-1-5-21-606747145-162531612-682003330-1003..\Run: [M5T8QL3YW3] C:\Documents and Settings\FKB\Local Settings\temp\Ijd.exe () O4 - HKU\S-1-5-21-606747145-162531612-682003330-1003..\Run: [Messenger (Yahoo!)] D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-606747145-162531612-682003330-1003..\Run: [TomTomHOME.exe] D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-21-606747145-162531612-682003330-1003..\Run: [WeatherEye] C:\Documents and Settings\FKB\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe (Pelmorex Media Inc.) O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WordQCRS.lnk = D:\Program Files\WordQ2Fr\WordQcrs.exe () O4 - Startup: C:\Documents and Settings\FKB\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk = C:\Documents and Settings\FKB\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-606747145-162531612-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255 O7 - HKU\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0 O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-606747145-162531612-682003330-1003\..Trusted Domains: tomtom.com ([www] https in Trusted sites) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264313117109 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.18.160.73 64.18.160.74 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.53,93.188.161.183 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\intu-ir2009 {E4616804-F2F8-4839-B728-5305004DA6A7} - D:\Program Files\ImpotRapide 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\FKB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\FKB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-09-17 18:10:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-05-11 09:45:21 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-05-11 09:45:21 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-06-19 19:29:39 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\FKB\Bureau\OTL.exe [2010-06-16 20:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\AxBx [2010-06-12 22:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\OBD Soft [2010-06-12 21:36:30 | 000,000,000 | ---D | C] -- C:\spoolerlogs [2010-06-10 10:45:29 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010-06-07 17:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Toyota [2010-06-07 10:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Demande Ordi [2010-06-07 09:27:39 | 000,000,000 | ---D | C] -- D:\Mes documents\Permis SAAQ 2010 [2010-06-05 11:43:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\FKB\Recent [2010-06-04 21:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Application Data\Acapela Group [2010-06-04 21:39:47 | 000,000,000 | ---D | C] -- D:\Mes documents\Utilisateurs de WordQ 2 [2010-06-02 19:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Routeur [2010-06-01 20:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive [2010-06-01 12:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Bulletin [2010-05-27 20:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Rencontre Instructeurs [2010-05-27 09:44:45 | 000,000,000 | ---D | C] -- D:\Mes documents\Émoticones [2010-05-26 18:35:38 | 000,000,000 | ---D | C] -- D:\Mes documents\TomTom [2004-11-24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll ========== Files - Modified Within 30 Days ========== [2010-06-19 20:25:52 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\FKB\ntuser.dat [2010-06-19 20:21:44 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010-06-19 20:20:11 | 000,001,138 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-162531612-682003330-1003UA.job [2010-06-19 19:47:05 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010-06-19 19:29:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FKB\Bureau\OTL.exe [2010-06-19 16:58:01 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\ac9af519.job [2010-06-19 16:55:02 | 000,044,544 | ---- | M] () -- C:\WINDOWS\System32\ernel32.dll [2010-06-19 16:54:56 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2010-06-19 16:54:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-06-19 16:53:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-06-19 16:53:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-06-19 16:53:38 | 535,285,760 | -HS- | M] () -- C:\hiberfil.sys [2010-06-19 16:52:26 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\FKB\ntuser.ini [2010-06-19 10:37:48 | 000,092,160 | ---- | M] () -- C:\Documents and Settings\FKB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-06-19 10:30:20 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-06-19 09:29:40 | 000,165,376 | ---- | M] () -- C:\WINDOWS\Ibatia.exe [2010-06-19 09:29:18 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\FKB\Application Data\ac9af519.exe [2010-06-19 08:20:01 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-162531612-682003330-1003Core.job [2010-06-18 10:59:33 | 000,172,134 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\perceuse.docx [2010-06-14 11:57:45 | 000,000,384 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Recettes.lnk [2010-06-10 21:33:07 | 000,349,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-06-10 21:24:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-06-10 21:02:17 | 001,033,070 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-06-10 21:02:17 | 000,494,760 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2010-06-10 21:02:17 | 000,426,514 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-06-10 21:02:17 | 000,078,146 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2010-06-10 21:02:17 | 000,065,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-06-10 10:31:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2010-06-09 10:05:03 | 000,703,511 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\St-Augustin_st_jean_2010.pdf [2010-06-09 09:44:21 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\FKB\Application Data\Settings.cfg [2010-06-07 09:21:11 | 000,020,450 | ---- | M] () -- C:\WINDOWS\SICALIB2.DAT [2010-06-04 21:39:28 | 000,000,561 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WordQCRS.lnk [2010-06-04 21:39:28 | 000,000,060 | ---- | M] () -- C:\WINDOWS\WiViK3.ini [2010-06-03 19:22:08 | 000,067,260 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Milliplein.jpeg [2010-06-03 09:28:28 | 000,024,124 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Magic Jack conditions.docx [2010-06-01 20:30:39 | 000,001,109 | ---- | M] () -- C:\Documents and Settings\FKB\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk [2010-05-28 17:37:57 | 000,010,534 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Letter to Parents - June Exams.pdf [2010-05-28 17:37:56 | 000,107,004 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Exam schedule June 2010.pdf ========== Files Created - No Company Name ========== [2010-06-19 16:55:02 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\ernel32.dll [2010-06-19 15:50:55 | 000,000,242 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010-06-19 09:30:29 | 000,000,274 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010-06-19 09:30:17 | 000,165,376 | ---- | C] () -- C:\WINDOWS\Ibatia.exe [2010-06-19 09:29:24 | 000,000,276 | -H-- | C] () -- C:\WINDOWS\tasks\ac9af519.job [2010-06-19 09:29:20 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\FKB\Application Data\ac9af519.exe [2010-06-18 10:58:02 | 000,172,134 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\perceuse.docx [2010-06-14 11:57:45 | 000,000,384 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Recettes.lnk [2010-06-10 21:05:41 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010-06-09 10:05:01 | 000,703,511 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\St-Augustin_st_jean_2010.pdf [2010-06-04 21:39:28 | 000,000,561 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WordQCRS.lnk [2010-06-04 21:39:28 | 000,000,060 | ---- | C] () -- C:\WINDOWS\WiViK3.ini [2010-06-03 19:22:08 | 000,067,260 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Milliplein.jpeg [2010-06-03 09:27:05 | 000,024,124 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Magic Jack conditions.docx [2010-06-01 20:30:39 | 000,001,109 | ---- | C] () -- C:\Documents and Settings\FKB\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk [2010-05-28 17:37:56 | 000,107,004 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Exam schedule June 2010.pdf [2010-05-28 17:37:56 | 000,010,534 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Letter to Parents - June Exams.pdf [2010-05-26 18:16:31 | 000,186,142 | ---- | C] () -- D:\Mes documents\Contrat Trousse auto occasion.pdf [2010-05-26 18:16:31 | 000,122,866 | ---- | C] () -- D:\Mes documents\Procuration Transfert SAAQ.pdf [2010-04-10 10:38:57 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-04-10 10:21:38 | 000,000,091 | ---- | C] () -- C:\WINDOWS\fpxpress.ini [2010-03-13 18:56:05 | 000,000,174 | ---- | C] () -- C:\WINDOWS\mp3 recorder.ini [2010-02-28 21:24:24 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll [2010-02-02 20:03:06 | 000,000,504 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2009-10-23 17:41:55 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI [2009-10-15 11:37:15 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2009-10-14 15:17:51 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll [2009-10-13 12:05:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WD.INI [2009-10-04 21:06:54 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009-09-28 20:33:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-09-24 09:31:56 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI [2009-09-24 09:29:41 | 000,000,548 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI [2009-09-24 09:27:30 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys [2007-03-06 17:50:30 | 001,669,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys [2006-05-25 01:22:06 | 000,025,602 | ---- | C] () -- C:\WINDOWS\System32\knstwai.dll [2005-03-14 14:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2004-10-03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [1999-08-10 18:02:20 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL [1999-08-10 18:02:16 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll [1999-01-27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1997-06-13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== LOP Check ========== [2010-01-16 11:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\GlarySoft [2009-11-29 13:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2009-09-17 21:37:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2010-02-28 21:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Configs [2010-01-12 19:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes [2009-10-16 12:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier [2009-10-16 13:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2010-01-23 22:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com [2010-05-11 09:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\open-config [2010-03-01 10:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft [2010-02-27 20:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp [2009-12-13 15:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2009-12-20 00:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk [2010-03-27 10:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions [2010-03-26 08:53:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B} [2010-01-03 15:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010-06-04 21:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Acapela Group [2009-12-03 18:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Apowersoft [2009-09-19 20:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Auslogics [2009-11-29 13:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Canneverbe_Limited [2010-06-09 09:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Classes de site [2009-09-22 09:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Convivea [2009-09-23 09:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Dynamique [2009-09-23 09:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\EmailNotifier [2010-01-03 13:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\GlarySoft [2009-12-13 19:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\ImgBurn [2009-10-16 13:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\iolo [2010-01-10 13:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\kibisoft [2010-05-15 09:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Leadertech [2009-12-12 14:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\MSNInstaller [2009-10-24 15:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Netscape [2009-09-24 10:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Opera [2009-10-24 16:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Photodex [2009-09-19 18:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\PhotoFiltre Studio X [2010-06-09 09:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Sites [2010-04-11 20:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Softativity [2009-09-18 10:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Styler [2010-01-16 13:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\TomTom [2010-01-16 12:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\TomTom(2) [2010-04-06 20:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Tracker Software [2010-06-19 10:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\uTorrent [2010-04-04 10:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Visicom Media [2010-03-01 10:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Vso [2010-03-27 13:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\WindSolutions [2009-10-31 11:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\EmailNotifier [2009-10-31 11:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\OnlineArmor [2009-10-31 11:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\VMNTOOLBAR [2009-10-14 15:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo [2010-06-19 16:58:01 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\Tasks\ac9af519.job [2010-06-19 16:54:56 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job [2010-06-19 20:21:44 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010-06-19 19:47:05 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job ========== Purity Check ========== < End of report > ------------------------------------------------------------------------------------------------------- OTL Extras logfile created on: 2010-06-19 19:33:24 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\FKB\Bureau Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd 510,00 Mb Total Physical Memory | 90,00 Mb Available Physical Memory | 18,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): c:\pagefile.sys 2500 3000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,13 Gb Total Space | 2,84 Gb Free Space | 14,87% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 90,99 Gb Free Space | 61,05% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ORDISALON Current User Name: FKB Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "D:\Program Files\Opera\opera.exe" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "UpdatesDisableNotify" = 0 "UacDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Program Files\Opera\opera.exe" = D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.) "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG) "D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe" = D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI -- File not found "D:\Install\P2P\utorrent.exe" = D:\Install\P2P\utorrent.exe:*:Enabled:µTorrent -- () "C:\Documents and Settings\FKB\Bureau\Raccourcis du Bureau\P2P\utorrent.exe" = C:\Documents and Settings\FKB\Bureau\Raccourcis du Bureau\P2P\utorrent.exe:*:Enabled:µTorrent -- () "D:\Program Files\Activity Monitor\swatcher.exe" = D:\Program Files\Activity Monitor\swatcher.exe:*:Enabled:Activity Monitor -- File not found "D:\Program Files\Net-Orbit\Admin\netorbit.exe" = D:\Program Files\Net-Orbit\Admin\netorbit.exe:*:Enabled:netorbit -- File not found "C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0463B519-E4C8-4C16-84AA-4743D1ED91B5}" = Labtec WebCam "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery "{0F8C8B5A-B076-4400-8262-41D6131099ED}" = ImpôtRapide 2009 "{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 19 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision "{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA "{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57CDBAE6-0896-4E78-88F0-C673E4BB44FD}" = Lock Folder XP 3.6 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12 "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007 "{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007 "{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007 "{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007 "{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003 "{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003 "{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007 "{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95FC1DEC-34C4-4293-9C2F-89CC06BFE520}" = Pure Networks Platform "{995BF1A7-30E5-49E5-A0E4-AD3213D9E330}" = Labtec WebCam "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C3576AC-61CA-4A61-8D39-9502AF46F8B6}" = Acapela Synthèse de la Parole pour le WordQ 2 Fr (français canadien) "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call "{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7 "{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF097717-F174-4144-954A-FBC4BF301036}" = Nero 7 Premium "{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1" = Bit Che "{DC2314C9-5CF6-487F-9A90-A091AC2BE595}" = WordQ 2 Fr "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F8653A81-1A97-4A2A-8ECE-D2B895B4D796}" = Acapela Synthèse de la Parole pour le WordQ 2 Fr (Noyau) "{F8EAD05C-6EA9-4444-89A5-89BA1FDE921C}" = Network Magic "{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6 "Ace DivX Player_is1" = Ace DivX Player v2.1 "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALZip_is1" = ALZip "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Big Kahuna Reef 2 - Chain Reaction_is1" = Big Kahuna Reef 2 - Chain Reaction "CanoCraft CS-P 3.7" = Canon CanoCraft CS-P 3.7 "Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS "CCleaner" = CCleaner "Clean Virus MSN_is1" = Clean Virus MSN "CloneCD" = CloneCD "DataPro Standard Edition" = DataPro Standard Edition 14.1.16 "Defraggler" = Defraggler "FLVPlayer" = FLV Player 1.3.3 "FormatFactory" = FormatFactory 2.20 "FrontPageExpress" = Microsoft FrontPage Express "FTP Expert 3" = FTP Expert 3 "Glary Utilities_is1" = Glary Utilities 2.23.0.923 "ie8" = Windows Internet Explorer 8 "LG USB Drivers" = LG USB Drivers "lvdrivers_11.80" = Coffret de pilotes Logitech QuickCam "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "mIRC" = mIRC "Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Multi Virus Cleaner 2010_is1" = Multi Virus Cleaner 2010 "Network MagicUninstall" = Network Magic "PROPLUS" = Microsoft Office Professional Plus 2007 "PUBLISHERR" = Microsoft Office Publisher 2007 "QcDrv" = Programme de gestion Camera de Labtec® "TomTom HOME" = TomTom HOME 2.7.4.1962 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "WinLiveSuite_Wave3" = Installation Windows Live "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "XP Codec Pack" = XP Codec Pack "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "XWebDesignor" = XWebDesignor "Yahoo! Companion" = Yahoo! Barre d'outils "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "MétéoÉclair" = MétéoÉclair "Notification de cadeaux MSN" = Notification de cadeaux MSN "PhotoFiltre Studio X" = PhotoFiltre Studio X ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2010-06-13 16:08:08 | Computer Name = ORDISALON | Source = crypt32 | ID = 131077 Description = Échec de la récupération de la mise à jour automatique du certificat racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/323C118E1BF7B8B65254E2E2100DD6029037F096.crt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/323C118E1BF7B8B65254E2E2100DD6029037F096.crt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/323C118E1BF7B8B65254E2E2100DD6029037F096.crt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/323C118E1BF7B8B65254E2E2100DD6029037F096.crt> avec l'erreur : A connection with the server could not be established Error - 2010-06-13 16:08:08 | Computer Name = ORDISALON | Source = crypt32 | ID = 131077 Description = Échec de la récupération de la mise à jour automatique du certificat racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/323C118E1BF7B8B65254E2E2100DD6029037F096.crt> avec l'erreur : Cette connexion réseau n'existe pas. Error - 2010-06-13 16:08:51 | Computer Name = ORDISALON | Source = crypt32 | ID = 131077 Description = Échec de la récupération de la mise à jour automatique du certificat racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/323C118E1BF7B8B65254E2E2100DD6029037F096.crt> avec l'erreur : Cette connexion réseau n'existe pas. Error - 2010-06-13 16:08:51 | Computer Name = ORDISALON | Source = crypt32 | ID = 131077 Description = Échec de la récupération de la mise à jour automatique du certificat racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/323C118E1BF7B8B65254E2E2100DD6029037F096.crt> avec l'erreur : Cette connexion réseau n'existe pas. Error - 2010-06-15 07:06:08 | Computer Name = ORDISALON | Source = Application Hang | ID = 1002 Description = Application bloquée msimn.exe, version 6.0.2900.2180, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 2010-06-15 07:07:53 | Computer Name = ORDISALON | Source = Application Hang | ID = 1002 Description = Application bloquée msimn.exe, version 6.0.2900.2180, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 2010-06-15 07:08:52 | Computer Name = ORDISALON | Source = Application Hang | ID = 1002 Description = Application bloquée msimn.exe, version 6.0.2900.2180, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 2010-06-19 09:31:42 | Computer Name = ORDISALON | Source = Application Error | ID = 1000 Description = Application défaillante spoolsv.exe, version 5.1.2600.2696, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x009f6e47. Error - 2010-06-19 14:24:17 | Computer Name = ORDISALON | Source = Application Hang | ID = 1002 Description = Application bloquée msimn.exe, version 6.0.2900.2180, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 2010-06-19 15:35:45 | Computer Name = ORDISALON | Source = Application Hang | ID = 1002 Description = Application bloquée msimn.exe, version 6.0.2900.2180, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. [ System Events ] Error - 2010-06-19 11:21:20 | Computer Name = ORDISALON | Source = Service Control Manager | ID = 7034 Description = Le service Service Bonjour s'est terminé de façon inattendue pour la 1ème fois. Error - 2010-06-19 11:48:11 | Computer Name = ORDISALON | Source = DCOM | ID = 10010 Description = Le serveur {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} ne s'est pas enregistré sur DCOM avant la fin du temps imparti. Error - 2010-06-19 12:25:35 | Computer Name = ORDISALON | Source = DCOM | ID = 10010 Description = Le serveur {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} ne s'est pas enregistré sur DCOM avant la fin du temps imparti. Error - 2010-06-19 12:35:27 | Computer Name = ORDISALON | Source = DCOM | ID = 10010 Description = Le serveur {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} ne s'est pas enregistré sur DCOM avant la fin du temps imparti. Error - 2010-06-19 14:00:26 | Computer Name = ORDISALON | Source = DCOM | ID = 10010 Description = Le serveur {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} ne s'est pas enregistré sur DCOM avant la fin du temps imparti. Error - 2010-06-19 16:53:55 | Computer Name = ORDISALON | Source = ACPI | ID = 327685 Description = AMLI : le BIOS ACPI tente de lire une adresse de port E/S non autorisée (0x70) dans la gamme d'adresses protégées 0x70 - 0x71. Cela peut provoquer l'instabilité du système. Contactez le fabricant de votre ordinateur pour une assistance technique. Error - 2010-06-19 16:53:55 | Computer Name = ORDISALON | Source = ACPI | ID = 327684 Description = AMLI : le BIOS ACPI tente de lire à partir d'une adresse de port E/S non autorisée (0x71) dans la plage d'adresses protégées 0x70 - 0x71. Cela peut provoquer l'instabilité du système. Contactez le fabricant de votre ordinateur pour une assistance technique. Error - 2010-06-19 16:55:54 | Computer Name = ORDISALON | Source = Service Control Manager | ID = 7000 Description = Le service NetGroup Packet Filter Driver n'a pas pu démarrer en raison de l'erreur : %%2 Error - 2010-06-19 17:07:12 | Computer Name = ORDISALON | Source = Service Control Manager | ID = 7034 Description = Le service Machine Debug Manager s'est terminé de façon inattendue pour la 1ème fois. Error - 2010-06-19 17:07:18 | Computer Name = ORDISALON | Source = Service Control Manager | ID = 7034 Description = Le service Service Bonjour s'est terminé de façon inattendue pour la 1ème fois. < End of report > ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "D:\Program Files\Opera\opera.exe" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "UpdatesDisableNotify" = 0 "UacDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Program Files\Opera\opera.exe" = D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.) "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG) "D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe" = D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI -- File not found "D:\Install\P2P\utorrent.exe" = D:\Install\P2P\utorrent.exe:*:Enabled:µTorrent -- () "C:\Documents and Settings\FKB\Bureau\Raccourcis du Bureau\P2P\utorrent.exe" = C:\Documents and Settings\FKB\Bureau\Raccourcis du Bureau\P2P\utorrent.exe:*:Enabled:µTorrent -- () "D:\Program Files\Activity Monitor\swatcher.exe" = D:\Program Files\Activity Monitor\swatcher.exe:*:Enabled:Activity Monitor -- File not found "D:\Program Files\Net-Orbit\Admin\netorbit.exe" = D:\Program Files\Net-Orbit\Admin\netorbit.exe:*:Enabled:netorbit -- File not found "C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0463B519-E4C8-4C16-84AA-4743D1ED91B5}" = Labtec WebCam "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery "{0F8C8B5A-B076-4400-8262-41D6131099ED}" = ImpôtRapide 2009 "{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 19 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision "{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA "{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57CDBAE6-0896-4E78-88F0-C673E4BB44FD}" = Lock Folder XP 3.6 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12 "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007 "{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007 "{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007 "{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007 "{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003 "{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003 "{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007 "{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95FC1DEC-34C4-4293-9C2F-89CC06BFE520}" = Pure Networks Platform "{995BF1A7-30E5-49E5-A0E4-AD3213D9E330}" = Labtec WebCam "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C3576AC-61CA-4A61-8D39-9502AF46F8B6}" = Acapela Synthèse de la Parole pour le WordQ 2 Fr (français canadien) "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call "{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7 "{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF097717-F174-4144-954A-FBC4BF301036}" = Nero 7 Premium "{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1" = Bit Che "{DC2314C9-5CF6-487F-9A90-A091AC2BE595}" = WordQ 2 Fr "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F8653A81-1A97-4A2A-8ECE-D2B895B4D796}" = Acapela Synthèse de la Parole pour le WordQ 2 Fr (Noyau) "{F8EAD05C-6EA9-4444-89A5-89BA1FDE921C}" = Network Magic "{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6 "Ace DivX Player_is1" = Ace DivX Player v2.1 "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALZip_is1" = ALZip "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Big Kahuna Reef 2 - Chain Reaction_is1" = Big Kahuna Reef 2 - Chain Reaction "CanoCraft CS-P 3.7" = Canon CanoCraft CS-P 3.7 "Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS "CCleaner" = CCleaner "Clean Virus MSN_is1" = Clean Virus MSN "CloneCD" = CloneCD "DataPro Standard Edition" = DataPro Standard Edition 14.1.16 "Defraggler" = Defraggler "FLVPlayer" = FLV Player 1.3.3 "FormatFactory" = FormatFactory 2.20 "FrontPageExpress" = Microsoft FrontPage Express "FTP Expert 3" = FTP Expert 3 "Glary Utilities_is1" = Glary Utilities 2.23.0.923 "ie8" = Windows Internet Explorer 8 "LG USB Drivers" = LG USB Drivers "lvdrivers_11.80" = Coffret de pilotes Logitech QuickCam "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "mIRC" = mIRC "Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Multi Virus Cleaner 2010_is1" = Multi Virus Cleaner 2010 "Network MagicUninstall" = Network Magic "PROPLUS" = Microsoft Office Professional Plus 2007 "PUBLISHERR" = Microsoft Office Publisher 2007 "QcDrv" = Programme de gestion Camera de Labtec® "TomTom HOME" = TomTom HOME 2.7.4.1962 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "WinLiveSuite_Wave3" = Installation Windows Live "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "XP Codec Pack" = XP Codec Pack "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "XWebDesignor" = XWebDesignor "Yahoo! Companion" = Yahoo! Barre d'outils "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "MétéoÉclair" = MétéoÉclair "Notification de cadeaux MSN" = Notification de cadeaux MSN "PhotoFiltre Studio X" = PhotoFiltre Studio X ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2010-06-19 20:25:38 | Computer Name = ORDISALON | Source = crypt32 | ID = 131077 Description = Échec de la récupération de la mise à jour automatique du certificat racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt> avec l'erreur : Cette connexion réseau n'existe pas. Error - 2010-06-19 20:25:38 | Computer Name = ORDISALON | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette connexion réseau n'existe pas. Error - 2010-06-19 20:25:39 | Computer Name = ORDISALON | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette connexion réseau n'existe pas. Error - 2010-06-19 20:25:39 | Computer Name = ORDISALON | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette connexion réseau n'existe pas. Error - 2010-06-19 20:25:39 | Computer Name = ORDISALON | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette connexion réseau n'existe pas. Error - 2010-06-19 20:25:39 | Computer Name = ORDISALON | Source = crypt32 | ID = 131077 Description = Échec de la récupération de la mise à jour automatique du certificat racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt> avec l'erreur : Cette connexion réseau n'existe pas. Error - 2010-06-19 20:25:39 | Computer Name = ORDISALON | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette connexion réseau n'existe pas. Error - 2010-06-19 20:25:40 | Computer Name = ORDISALON | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette connexion réseau n'existe pas. Error - 2010-06-19 20:25:40 | Computer Name = ORDISALON | Source = crypt32 | ID = 131077 Description = Échec de la récupération de la mise à jour automatique du certificat racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt> avec l'erreur : Cette connexion réseau n'existe pas. Error - 2010-06-19 20:25:40 | Computer Name = ORDISALON | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette connexion réseau n'existe pas. [ System Events ] Error - 2010-06-19 11:21:20 | Computer Name = ORDISALON | Source = Service Control Manager | ID = 7034 Description = Le service Service Bonjour s'est terminé de façon inattendue pour la 1ème fois. Error - 2010-06-19 11:48:11 | Computer Name = ORDISALON | Source = DCOM | ID = 10010 Description = Le serveur {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} ne s'est pas enregistré sur DCOM avant la fin du temps imparti. Error - 2010-06-19 12:25:35 | Computer Name = ORDISALON | Source = DCOM | ID = 10010 Description = Le serveur {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} ne s'est pas enregistré sur DCOM avant la fin du temps imparti. Error - 2010-06-19 12:35:27 | Computer Name = ORDISALON | Source = DCOM | ID = 10010 Description = Le serveur {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} ne s'est pas enregistré sur DCOM avant la fin du temps imparti. Error - 2010-06-19 14:00:26 | Computer Name = ORDISALON | Source = DCOM | ID = 10010 Description = Le serveur {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} ne s'est pas enregistré sur DCOM avant la fin du temps imparti. Error - 2010-06-19 16:53:55 | Computer Name = ORDISALON | Source = ACPI | ID = 327685 Description = AMLI : le BIOS ACPI tente de lire une adresse de port E/S non autorisée (0x70) dans la gamme d'adresses protégées 0x70 - 0x71. Cela peut provoquer l'instabilité du système. Contactez le fabricant de votre ordinateur pour une assistance technique. Error - 2010-06-19 16:53:55 | Computer Name = ORDISALON | Source = ACPI | ID = 327684 Description = AMLI : le BIOS ACPI tente de lire à partir d'une adresse de port E/S non autorisée (0x71) dans la plage d'adresses protégées 0x70 - 0x71. Cela peut provoquer l'instabilité du système. Contactez le fabricant de votre ordinateur pour une assistance technique. Error - 2010-06-19 16:55:54 | Computer Name = ORDISALON | Source = Service Control Manager | ID = 7000 Description = Le service NetGroup Packet Filter Driver n'a pas pu démarrer en raison de l'erreur : %%2 Error - 2010-06-19 17:07:12 | Computer Name = ORDISALON | Source = Service Control Manager | ID = 7034 Description = Le service Machine Debug Manager s'est terminé de façon inattendue pour la 1ème fois. Error - 2010-06-19 17:07:18 | Computer Name = ORDISALON | Source = Service Control Manager | ID = 7034 Description = Le service Service Bonjour s'est terminé de façon inattendue pour la 1ème fois. < End of report > ------------------------------------------------------------------------------------------ Merci Speck41

Bonjour a vous tous, Vraiment réussie la nouvelle image de votre forum, j'aime beaucoup. Bon, pour ce qui est de mon problème, j'ai des fenêtres internet explorer qui s'ouvrent toutes seule, ( de ce genre : http://c5.mt-50.com/5611401432.cmp ), pourtant je n'utilise pas internet explorer, il y a mon antivirus qui trouve un cheval de troie : TR/crypt.xpack.gen que je supprime et qui revient aussitot. Il y a aussi dans le gestionnaire des taches des applications du genre ''IBATIA.exe '', ''IJD.exe'' que je ne connais pas. Je vous remercis à l'avance de l'aide que vous pourrez m'apporter. Speck41