Galad7

Salut ! J'ai bien peur que tu m'ait oublié!!!

Voilà voilà!! dsl pur le retard, mais je n'est pas pu faire plus vite. Voici le rapport: C:\_OTL\MovedFiles\06282010_223625\C_Documents and Settings\Dom\Menu Démarrer\Programmes\Démarrage\siszpe32.exe a variant of Win32/Kryptik.EXL trojan deleted - quarantined F:\rkfree_setup.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined G:\Mes documents\Documents Warez\rkfree_setup.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined H:\Emule\incoming\[????].O&O.Defrag11.keygen.rar probably a variant of Win32/Agent trojan deleted - quarantined J:\Adobe Photoshop CS3 Extended Francais\Adobe CS3 family Activation\Adobe.CS3.Design.Premium.Keygen_Activation\Adobe.CS3.Design.Premium.Keygen+Activation\Adobe.CS3.Design.Premium.Keygen.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined J:\Adobe Photoshop CS3 Extended Francais\Adobe CS3 family Activation\Adobe.CS3.Web.Premium.Keygen_Activation\Adobe.CS3.Web.Premium.Keygen+Activation\Adobe.Web.Premium.CS3.Keygen+Activation.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined J:\Adobe Photoshop CS3 Extended Francais\Adobe CS3 family Activation\Flash.CS3.Keygen_Activation\Flash.CS3.Keygen+Activation\Flash.CS3.Keygen+Activation.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined J:\Adobe Photoshop CS3 Extended Francais\Adobe CS3 family Activation\Photoshop.CS3.Keygen_Activation\Photoshop.CS3.Keygen+Activation\Photoshop.CS3.Keygen+Activation.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined

Salut, Voilà pour le rapport: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4273 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 04/07/2010 01:27:19 mbam-log-2010-07-04 (01-27-19).txt Type d'examen: Examen rapide Elément(s) analysé(s): 122785 Temps écoulé: 9 minute(s), 30 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

juste pour t'informer que je vais être un peu lent a faire les dernières manips, car je commence très tôt le travail et le fini très tard. Je ferais ça vendredi soir ou samedi au plus tard, et merci encore. Par contre pour "RKfree", je n'arrive pas à la réinstaller car il me dit qu'il detecte une version sur le pc et qu'il faut d'abords la désinstaller, mais il n'y a pourtant plus rien. Bref, à samedi!

Voilà le rapport, Mon svchost est retombé a 0 (cool), mais par contre ce que je craignais c'est produit. Rkfree n'a pas démarré et refuse de se lancer même manuellement. All processes killed ========== OTL ========== Service C5EB6876 stopped successfully! Service C5EB6876 deleted successfully! Service 93710B6E stopped successfully! Service 93710B6E deleted successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. File move failed. C:\Documents and Settings\Dom\Menu Démarrer\Programmes\Démarrage\siszpe32.exe scheduled to be moved on reboot. Starting removal of ActiveX control {00000055-9980-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\fhg.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000055-9980-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000055-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found. C:\WINDOWS\System32\CONFIG.TMP deleted successfully. C:\WINDOWS\System32\tmp1BC.tmp deleted successfully. C:\WINDOWS\System32\tmp1BD.tmp deleted successfully. C:\WINDOWS\System32\tmp95.tmp deleted successfully. C:\WINDOWS\System32\tmp96.tmp deleted successfully. C:\WINDOWS\002944_.tmp deleted successfully. C:\WINDOWS\SET3.tmp deleted successfully. C:\WINDOWS\SET4.tmp deleted successfully. C:\WINDOWS\SET8.tmp deleted successfully. C:\Documents and Settings\Dom\Bureau\~WRL1230.tmp deleted successfully. C:\Documents and Settings\Dom\Bureau\~WRL3929.tmp deleted successfully. G:\Mes documents\~WRD1451.tmp deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\rkfree:uninst deleted successfully. ADS C:\Program Files\RKFree\rkfree.exe:cfg deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\Microsoft:95wzmUF0BsoR6kf08TAIDeGTW deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\Microsoft:IFX3mGYcZg9RDYgv4N5ra75i deleted successfully. ========== FILES ========== File move failed. C:\Documents and Settings\Dom\Menu Démarrer\Programmes\Démarrage\siszpe32.exe scheduled to be moved on reboot. C:\Documents and Settings\LocalService\Application Data\qcopjv.dat moved successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Dom ->Temp folder emptied: 341220374 bytes ->Temporary Internet Files folder emptied: 1106540 bytes ->Java cache emptied: 60701438 bytes ->FireFox cache emptied: 35742741 bytes ->Flash cache emptied: 37579 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 1507462 bytes ->Flash cache emptied: 405 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 2269 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 17228 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15258420 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 435,00 mb [EMPTYFLASH] User: All Users User: Default User ->Flash cache emptied: 0 bytes User: Dom ->Flash cache emptied: 0 bytes User: LocalService ->Flash cache emptied: 0 bytes User: NetworkService ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb Error starting restore point: System Restore is disabled. Error closing restore point: System Restore is disabled. C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.7.0 log created on 06282010_223625 Files\Folders moved on Reboot... C:\Documents and Settings\Dom\Menu Démarrer\Programmes\Démarrage\siszpe32.exe moved successfully. Registry entries deleted on Reboot...

Salut! Juste une petite chose, Avant de supprimer quoique ce soit j'ai oublié de te préciser que le Keylogger RKFREE est installé volontairement sur mon ordinateur, il me permet de surveiller l'activité de mes petits neuveux. J'aimerais donc bien qu'il continu de fonctionner après tout ceci! Merci d'avance!

Bonjour, non effectivement ce n'est pas cool, je ne me fait donc aidé qu'ici! Voilà les rapports: OTL logfile created on: 28/06/2010 00:51:21 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Dom\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 38,09 Gb Total Space | 5,19 Gb Free Space | 13,63% Space Free | Partition Type: NTFS Drive D: | 36,43 Gb Total Space | 0,62 Gb Free Space | 1,71% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 38,16 Gb Total Space | 0,23 Gb Free Space | 0,59% Space Free | Partition Type: NTFS Drive G: | 25,44 Gb Total Space | 0,59 Gb Free Space | 2,32% Space Free | Partition Type: NTFS Drive H: | 25,44 Gb Total Space | 0,57 Gb Free Space | 2,25% Space Free | Partition Type: NTFS Drive I: | 25,44 Gb Total Space | 0,31 Gb Free Space | 1,20% Space Free | Partition Type: NTFS Drive J: | 38,16 Gb Total Space | 0,14 Gb Free Space | 0,36% Space Free | Partition Type: NTFS Drive L: | 14,92 Gb Total Space | 8,59 Gb Free Space | 57,56% Space Free | Partition Type: FAT32 Computer Name: GIAIME Current User Name: Dom Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/28 00:50:26 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Bureau\OTL.exe PRC - [2010/06/23 02:22:20 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010/06/23 02:22:00 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2009/11/11 21:51:55 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe PRC - [2009/02/10 22:57:13 | 000,201,992 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe PRC - [2009/01/16 23:04:42 | 000,034,304 | ---- | M] (www.revealerkeylogger.com) -- C:\Program Files\RKFree\rkfree.exe PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/06/11 03:13:36 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2007/05/30 14:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe PRC - [2006/09/25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe PRC - [2001/07/03 10:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe PRC - [1999/03/21 01:54:56 | 007,151,661 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\EXCEL.EXE ========== Modules (SafeList) ========== MOD - [2010/06/28 00:50:26 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Bureau\OTL.exe MOD - [2008/04/14 04:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (C5EB6876) SRV - File not found [Disabled | Stopped] -- -- (93710B6E) SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/11/11 21:51:55 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe -- (a2free) SRV - [2009/02/10 22:57:13 | 000,201,992 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP) SRV - [2008/07/10 00:37:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007/05/30 14:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard) SRV - [2007/05/16 09:27:28 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2005/04/04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004/08/23 14:49:56 | 000,040,960 | ---- | M] (France Telecom) [Auto | Stopped] -- C:\WINDOWS\system32\FTRTSVC.exe -- (FTRTSVC) ========== Driver Services (SafeList) ========== DRV - [2010/04/06 03:34:38 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2009/02/10 22:57:14 | 000,213,520 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (TSP) DRV - [2009/02/10 22:57:14 | 000,213,520 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif) DRV - [2009/02/10 22:57:14 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg) DRV - [2008/12/03 02:16:20 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2008/05/27 12:11:54 | 000,096,896 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus) DRV - [2008/04/16 14:23:44 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1) DRV - [2008/04/13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Pilote USB audio (WDM) DRV - [2008/04/13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer) DRV - [2008/04/13 20:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc) DRV - [2008/03/25 20:07:10 | 000,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2007/05/30 14:10:42 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver) DRV - [2007/05/30 14:10:42 | 000,010,872 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln) DRV - [2007/01/04 01:18:42 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm) DRV - [2007/01/04 01:18:42 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt) DRV - [2007/01/04 01:18:42 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex) DRV - [2007/01/04 01:18:41 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) DRV - [2007/01/04 01:18:41 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl) DRV - [2006/12/17 04:50:30 | 001,918,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006/10/18 18:39:58 | 000,017,920 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt) DRV - [2006/10/17 21:22:26 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32) DRV - [2006/08/28 18:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro) DRV - [2006/08/28 18:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtictwl.sys -- (MagicTune) DRV - [2006/07/24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen) DRV - [2005/12/22 13:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2005/12/22 13:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2005/12/22 13:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2005/09/22 18:34:18 | 003,727,680 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005/08/30 02:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm) DRV - [2005/08/30 02:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl) DRV - [2005/08/30 02:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) DRV - [2005/08/10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005/07/07 10:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17) DRV - [2005/06/29 02:38:00 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PzWDM.sys -- (PzWDM) DRV - [2005/05/16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2005/01/10 12:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2005/01/10 12:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2004/08/13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2003/08/04 15:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5) DRV - [2001/10/17 10:52:02 | 000,053,920 | ---- | M] (Alcatel Bell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) DRV - [2001/10/17 10:51:46 | 000,590,416 | ---- | M] (Alcatel Bell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr IE - HKU\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 14 B6 79 A1 64 CA 01 [binary data] IE - HKU\S-1-5-21-776561741-1677128483-682003330-1004\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Wanadoo\SearchPageURL.dll () IE - HKU\S-1-5-21-776561741-1677128483-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-776561741-1677128483-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://fr.msn.com/" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/23 02:22:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/23 23:36:23 | 000,000,000 | ---D | M] [2008/07/18 02:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Mozilla\Extensions [2010/06/27 23:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Mozilla\Firefox\Profiles\t4kn9rjv.default\extensions [2010/04/29 00:12:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dom\Application Data\Mozilla\Firefox\Profiles\t4kn9rjv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/06/27 23:18:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/08/21 00:40:21 | 000,000,000 | ---D | M] (VideoGet FireFox extension) -- C:\Program Files\Mozilla Firefox\extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB} [2010/03/15 02:05:38 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2010/03/15 02:05:38 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/03/15 02:05:38 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2010/03/15 02:05:38 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/03/25 00:07:20 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2010/06/17 10:27:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll (Xi) O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-776561741-1677128483-682003330-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll () O4 - HKLM..\Run: [rkfree] C:\Program Files\RKFree\rkfree.exe (www.revealerkeylogger.com) O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKU\S-1-5-21-776561741-1677128483-682003330-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\Dom\Menu Démarrer\Programmes\Démarrage\siszpe32.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-776561741-1677128483-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0 O7 - HKU\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint Impression rapide - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint Imprimer - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint Prévisualiser - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.25\IExifMap.htm () O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html () O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html () O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.25\IExifCom.htm () O9 - Extra Button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.) O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab (Rawflow ICD Client) O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab (SentinelVE3D Class) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/1/3/7/137B2AD3-D0EE-4A5F-AFA3-FFE8A389FF95/VirtualEarth3D.cab (SentinelProxy Class) O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.fr/s/v/55.16/uploader2.cab (UploadListView Class) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.photoweb.fr/telechargement/telechargement-photoweb-5.5.6.0.cab (Image Uploader Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab (HouseCall Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} http://messenger.zone.msn.com/binary/Chess.cab57176.cab (ZoneChess Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skyline {3a4f9195-65a8-11d5-85c1-0001023952c1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll (Skyline software systems Inc.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Dom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/12/27 19:51:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/11/15 15:37:00 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009/11/15 15:37:00 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009/11/15 15:37:00 | 000,000,000 | R--D | M] - F:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009/11/15 15:37:00 | 000,000,000 | R--D | M] - G:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009/11/15 15:37:00 | 000,000,000 | R--D | M] - H:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009/11/15 15:37:00 | 000,000,000 | R--D | M] - I:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009/11/15 15:37:01 | 000,000,000 | R--D | M] - J:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009/11/15 14:37:02 | 000,000,000 | RHSD | M] - L:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{c4a154b9-4cdc-11dd-9719-0018f3150ee8}\Shell - "" = AutoRun O33 - MountPoints2\{c4a154b9-4cdc-11dd-9719-0018f3150ee8}\Shell\AutoRun\command - "" = K:\setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/28 00:50:23 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dom\Bureau\OTL.exe [2010/06/24 22:30:29 | 000,000,000 | ---D | C] -- C:\rsit [2010/06/24 00:27:41 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tasklist.exe [2010/06/21 22:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/06/21 22:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/06/21 22:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/06/21 22:33:55 | 096,768,824 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Dom\Bureau\iTunesSetup(2).exe [2010/06/21 21:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/06/21 20:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010/06/20 22:46:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/06/20 00:08:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010/06/19 08:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Bureau\avenger [2010/06/17 10:02:05 | 000,054,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys [2010/06/17 09:58:16 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/06/17 09:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Google [2010/06/17 00:25:25 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys [2010/06/17 00:25:07 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys [2010/06/15 23:23:41 | 000,000,000 | ---D | C] -- G:\Mes documents\My Downloaded Video [2010/06/15 23:21:31 | 000,000,000 | ---D | C] -- G:\Mes documents\Regensoft [2010/06/15 23:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Application Data\Regensoft [2010/06/10 22:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Bureau\Bonne [2010/06/10 22:32:03 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010/06/01 00:44:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/06/01 00:44:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/06/01 00:43:20 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dom\Bureau\mbam-setup.exe [2007/01/29 20:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Application Data\Dossier de téléchargement Share-to-Web [2002/04/11 03:41:06 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Documents and Settings\Dom\Bureau\*.tmp files -> C:\Documents and Settings\Dom\Bureau\*.tmp -> ] [1 G:\Mes documents\*.tmp files -> G:\Mes documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/28 00:50:26 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Bureau\OTL.exe [2010/06/28 00:16:00 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/06/27 23:18:48 | 000,000,435 | ---- | M] () -- C:\WINDOWS\system.ini [2010/06/27 21:49:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/06/27 21:48:27 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/06/27 21:48:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/27 21:48:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/27 00:57:03 | 000,002,551 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\Microsoft Word.lnk [2010/06/27 00:17:59 | 000,017,920 | ---- | M] () -- G:\Mes documents\Planning CDD été 2010.xls [2010/06/27 00:00:37 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\Microsoft Excel.lnk [2010/06/26 01:48:17 | 017,825,792 | -H-- | M] () -- C:\Documents and Settings\Dom\NTUSER.DAT [2010/06/26 01:48:16 | 006,246,944 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010/06/26 01:48:16 | 001,105,952 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2010/06/26 01:48:16 | 000,056,172 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2010/06/26 01:48:16 | 000,010,100 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2010/06/26 01:15:06 | 000,102,400 | ---- | M] () -- C:\Documents and Settings\Dom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/25 21:20:55 | 000,001,559 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\AD-R.lnk [2010/06/25 07:33:11 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\Classeur1.xls [2010/06/24 02:09:12 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Dom\ntuser.ini [2010/06/24 01:48:29 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\CCleaner.lnk [2010/06/24 01:33:56 | 000,944,827 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\Audrey appart.zip [2010/06/24 01:33:27 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/06/24 00:26:57 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tasklist.exe [2010/06/23 23:07:13 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\Consignes 24_06_10.doc [2010/06/23 22:55:48 | 000,030,720 | ---- | M] () -- G:\Mes documents\http.doc [2010/06/23 10:39:33 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk [2010/06/23 09:57:43 | 000,532,882 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2010/06/23 09:57:43 | 000,441,166 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/23 09:57:43 | 000,093,450 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2010/06/23 09:57:43 | 000,071,102 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/23 09:57:42 | 001,109,050 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/22 01:35:37 | 000,110,592 | ---- | M] () -- G:\Mes documents\FOSAMAX.doc [2010/06/22 00:58:30 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\lien serie.doc [2010/06/21 22:45:32 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk [2010/06/21 22:31:18 | 096,768,824 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Dom\Bureau\iTunesSetup(2).exe [2010/06/21 20:57:31 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/06/20 23:18:28 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\rapport AVP.xls [2010/06/19 08:49:27 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\avenger.zip [2010/06/17 10:27:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/06/17 09:58:35 | 000,000,286 | RHS- | M] () -- C:\boot.ini [2010/06/11 08:45:19 | 001,517,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/06/11 00:41:39 | 003,864,064 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\CASERNE DE BONNE.doc [2010/06/10 23:49:25 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT [2010/06/10 23:48:50 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT [2010/06/10 22:40:43 | 000,331,395 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\GRENOBLE%20Quartier%20ZAC%20de%20la%20Caserne.pdf [2010/06/05 02:01:01 | 001,645,525 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\IMG_0139.jpg [2010/06/01 00:44:04 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk [2010/06/01 00:43:20 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dom\Bureau\mbam-setup.exe [2010/05/31 01:53:23 | 031,742,976 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\Pizzas.doc [2010/05/31 01:05:06 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\Consignes 31_05_10.doc [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Documents and Settings\Dom\Bureau\*.tmp files -> C:\Documents and Settings\Dom\Bureau\*.tmp -> ] [1 G:\Mes documents\*.tmp files -> G:\Mes documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/27 00:17:59 | 000,017,920 | ---- | C] () -- G:\Mes documents\Planning CDD été 2010.xls [2010/06/25 21:20:55 | 000,001,559 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\AD-R.lnk [2010/06/24 01:48:29 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\CCleaner.lnk [2010/06/24 01:33:59 | 000,944,827 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\Audrey appart.zip [2010/06/23 23:07:13 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\Consignes 24_06_10.doc [2010/06/23 22:55:47 | 000,030,720 | ---- | C] () -- G:\Mes documents\http.doc [2010/06/21 22:51:58 | 000,110,592 | ---- | C] () -- G:\Mes documents\FOSAMAX.doc [2010/06/21 22:50:27 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk [2010/06/21 22:45:32 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk [2010/06/20 23:18:27 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\rapport AVP.xls [2010/06/19 08:49:24 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\avenger.zip [2010/06/17 09:58:34 | 000,000,216 | ---- | C] () -- C:\Boot.bak [2010/06/17 09:58:24 | 000,263,488 | ---- | C] () -- C:\cmldr [2010/06/17 00:24:40 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\qcopjv.dat [2010/06/11 00:21:32 | 003,864,064 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\CASERNE DE BONNE.doc [2010/06/10 22:40:43 | 000,331,395 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\GRENOBLE%20Quartier%20ZAC%20de%20la%20Caserne.pdf [2010/06/03 23:06:20 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\Classeur1.xls [2010/06/01 00:44:04 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk [2010/05/31 01:05:06 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\Consignes 31_05_10.doc [2010/05/13 00:11:20 | 000,000,173 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009/07/02 22:19:17 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI [2009/03/29 02:45:05 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtictwl.sys [2008/10/28 01:43:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI [2008/08/25 22:41:28 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2008/07/23 18:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/07/23 18:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008/07/23 18:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008/07/23 18:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007/12/24 02:43:55 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI [2007/12/18 01:22:06 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007/12/17 22:01:30 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2007/12/17 22:01:30 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2007/12/17 22:01:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2007/12/17 22:01:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll [2007/10/07 04:27:53 | 000,000,009 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini [2007/10/03 22:21:34 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2007/09/23 17:38:02 | 000,005,600 | ---- | C] () -- C:\WINDOWS\System32\STCI.DLL [2007/07/26 16:54:16 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/07/09 21:54:14 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini [2007/07/09 21:54:14 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2007/06/11 17:15:32 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\IlmImf.dll [2007/06/11 17:15:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pmexr.dll [2007/06/11 17:15:31 | 000,353,280 | ---- | C] () -- C:\WINDOWS\System32\pmtf2.dll [2007/06/11 17:15:31 | 000,271,872 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib.dll [2007/06/11 17:15:31 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib2.dll [2007/06/11 17:15:31 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\pmjp.dll [2007/06/11 17:15:31 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\pmtf1.dll [2007/06/11 17:15:31 | 000,204,288 | ---- | C] () -- C:\WINDOWS\System32\pmtf3.dll [2007/06/11 17:15:31 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib3.dll [2007/06/11 17:15:31 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmbm.dll [2007/05/14 23:17:56 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2007/04/17 23:29:11 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007/04/15 23:19:54 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007/04/15 23:19:52 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2007/04/03 02:57:02 | 000,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2007/04/02 03:33:58 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini [2007/03/30 23:40:09 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll [2007/03/30 23:40:09 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini [2007/03/30 23:39:26 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini [2007/02/26 04:41:20 | 000,000,161 | ---- | C] () -- C:\WINDOWS\wininit.ini [2007/02/11 00:58:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2007/02/05 15:47:48 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/02/05 15:47:48 | 000,016,704 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2007/02/05 15:47:40 | 000,016,042 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/01/01 15:19:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI [2006/12/30 22:38:26 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3m.DLL [2006/12/29 01:19:25 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/12/28 23:20:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2006/12/28 23:20:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2006/12/28 23:20:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2006/12/28 23:20:11 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2006/12/28 23:20:11 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2006/12/27 19:58:18 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006/12/27 19:57:16 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2006/12/27 19:57:11 | 000,013,906 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2006/12/27 19:57:10 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2005/05/03 13:38:42 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll [2005/03/14 14:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2005/01/12 05:08:50 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\SafeIE.dll [2003/10/02 12:48:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll [2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini [2002/10/16 00:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini [2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll [2000/04/14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll [1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini [1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll [1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll ========== LOP Check ========== [2009/03/28 02:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus [2007/06/01 12:53:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2008/10/23 13:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters [2010/04/06 03:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2008/11/02 16:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp [2007/10/02 18:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2008/11/02 16:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Importer [2008/11/05 00:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jazz [2007/08/12 01:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus! [2008/10/27 23:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon [2010/02/02 00:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy [2009/01/16 00:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rkfree [2006/12/29 01:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT [2010/03/14 01:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skyline [2008/11/02 16:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15 [2010/06/21 21:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/12/01 11:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/10/20 23:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Axialis [2010/06/24 01:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Azureus [2007/01/22 03:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\CopyToDvd [2008/07/09 01:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\DAEMON Tools [2010/04/06 03:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\DAEMON Tools Lite [2007/12/17 21:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\DataCast [2007/01/29 20:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Dossier de téléchargement Share-to-Web [2007/01/29 20:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Dossier de téléchargement Share-to-Web [2010/02/02 00:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\DxO Labs [2009/10/07 00:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\gtk-2.0 [2007/05/15 23:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Imagenomic [2006/12/29 22:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\InterTrust [2009/05/27 01:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Morpheus Software [2008/11/02 16:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Nikon [2010/02/02 00:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\PACE Anti-Piracy [2008/11/07 03:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Panasonic [2009/12/03 00:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Red Kawa [2010/06/15 23:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Regensoft [2007/12/18 01:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Samsung [2007/09/08 00:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\SecondLife [2007/10/25 00:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Vso [2007/09/30 14:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Windows Desktop Search [2009/10/13 01:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Xi ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Application Data\rkfree:uninst @Alternate Data Stream - 40 bytes -> C:\Program Files\RKFree\rkfree.exe:cfg @Alternate Data Stream - 1418 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:95wzmUF0BsoR6kf08TAIDeGTW @Alternate Data Stream - 1407 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:IFX3mGYcZg9RDYgv4N5ra75i < End of report > OTL Extras logfile created on: 28/06/2010 00:51:21 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Dom\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 38,09 Gb Total Space | 5,19 Gb Free Space | 13,63% Space Free | Partition Type: NTFS Drive D: | 36,43 Gb Total Space | 0,62 Gb Free Space | 1,71% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 38,16 Gb Total Space | 0,23 Gb Free Space | 0,59% Space Free | Partition Type: NTFS Drive G: | 25,44 Gb Total Space | 0,59 Gb Free Space | 2,32% Space Free | Partition Type: NTFS Drive H: | 25,44 Gb Total Space | 0,57 Gb Free Space | 2,25% Space Free | Partition Type: NTFS Drive I: | 25,44 Gb Total Space | 0,31 Gb Free Space | 1,20% Space Free | Partition Type: NTFS Drive J: | 38,16 Gb Total Space | 0,14 Gb Free Space | 0,36% Space Free | Partition Type: NTFS Drive L: | 14,92 Gb Total Space | 8,59 Gb Free Space | 57,56% Space Free | Partition Type: FAT32 Computer Name: GIAIME Current User Name: Dom Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "11113:TCP" = 11113:TCP:*:Enabled:emule tcp in "11123:UDP" = 11123:UDP:*:Enabled:emule udp out ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.) "C:\Program Files\adslTV\adsltv.exe" = C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv -- (adsltv.org) "C:\Program Files\adslTV\vlc.exe" = C:\Program Files\adslTV\vlc.exe:*:Enabled:VLC media player -- () "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Xi\NetXfer\NetTransport.exe" = C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager -- (Xi) "C:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe" = C:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional "{0004040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 CD-ROM 2 "{0176AC71-9EDE-48A0-AC3B-94FEB38B1FFE}" = Noiseware Professional Plug-in "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300 "{17342E3B-0818-4A6F-BFF8-99476605ADD6}" = livebox "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy "{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2}" = Client Windows Rights Management avec Service Pack 2 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 15 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Bêta) "{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}" = 3DMark05 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{41F71B19-4F04-49A9-99BE-7348AA1EA665}" = ArcSoft Software Suite "{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer "{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer "{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV "{5B25274F-088A-4A24-AE12-4AEE9278025A}" = SILKYPIX Developer Studio 2.0 SE "{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard "{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail "{5E838F2B-2C25-4F0F-A8A6-072ECFB59B5D}" = Kit de Connexion Netissimo 2.5 USB "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup "{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009 "{685755F8-C74B-4613-8137-C90AF458228D}" = ATI Catalyst Control Center "{687E87C0-E4C2-414A-B8A2-E2B9B83670AA}" = RealGrain Plug-in "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1 "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web "{76F0FEBD-6C17-4D57-352A-734D0D95920D}" = Ultimate ZIP Cracker Trial version "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{88D2DA61-9D98-4284-B1D7-9A6EF6D81C13}" = DxO Optics Pro 6 "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}" = Adobe Setup "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A20A58C4-6784-4B4B-86CC-94E2E3671036}" = Nero 7 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{BF794769-8875-4E01-B7BE-E00104604F4A}" = Adobe Photoshop CS3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio "{C3FDA1E4-1E17-48D8-B4F0-C141E9FFB4BA}" = nullDC 1.0.0 Public Beta 1 Setup "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec "{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{D301EE05-D1E1-4A58-B89C-A0EFDAB491E2}" = Portraiture Plug-in "{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen "{E3A54A70-1CFA-4D79-ACD6-5AA2A98C212F}" = Samsung PC Studio 3 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{EC905264-BCFE-423B-9C42-C3A106266790}" = SP2 de compatibilité descendante du client Windows Rights Management "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "7-Zip" = 7-Zip 4.65 "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "Adobe_32e9033392a51340b32fdc6ad893ab7" = Adobe Photoshop CS3 "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings "Ad-Remover" = Ad-Remover By C_XX "adsl TV" = adsl TV "All ATI Software" = ATI - Utilitaire de désinstallation du logiciel "a-squared Free_is1" = a-squared Free 2.1 "ATI Display Driver" = ATI Display Driver "Audacity_is1" = Audacity 1.2.6 "AVGAntiSpyware75" = AVG Anti-Spyware 7.5 "AviSynth" = AviSynth 2.5 "Canon Camera WIA Driver PowerShot A40" = Canon PowerShot A40 WIA Driver "Canon Setup Utility 2.3" = Canon Setup Utility 2.3 "Capture NX 2" = Capture NX 2 "CCleaner" = CCleaner "CDex" = CDex extraction audio "CodeStuff Starter" = CodeStuff Starter "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18 "Creative Software AutoUpdate" = Creative Software AutoUpdate "dBpowerAMP Music Converter" = dBpowerAMP Music Converter "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox "Easy-WebPrint" = Easy-WebPrint "Enregistrement utilisateur de Canon iP4300" = Enregistrement utilisateur de Canon iP4300 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FLVPlayer" = FLV Player 1.3.3 "FranceTelecomUninstall_FTBrowser" = Navigateur Orange "GestionnaireInternet.exe" = Gestionnaire Internet "Google Updater" = Outil de mise à jour Google "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "InstallShield_{5B25274F-088A-4A24-AE12-4AEE9278025A}" = SILKYPIX Developer Studio 2.0 SE "InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009 "Kill Process" = Kill Process 5.0.0.5 (désinstaller seulement) "KLiteCodecPack_is1" = K-Lite Codec Pack 2.71 Full "Magic Morph_is1" = Magic Morph 1.95b "MagicDisc 2.7.97" = MagicDisc 2.7.97 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Morpheus Photo Animation Suite_is1" = Morpheus Photo Animation Suite v3.00 "Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NetXfer Vista(x86) (Multilingual)_is1" = NetXfer 2.82.450 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "ONES(F)" = ONES Trial (F) "Opanda IExif_is1" = Opanda IExif 2.25 "OpenAL" = OpenAL "PhotoFiltre Studio" = PhotoFiltre Studio "Photomatix Pro_is1" = Photomatix Pro version 2.4.1 "Picasa 3" = Picasa 3 "Professional Screen Saver Producer" = Axialis Professional Screen Saver Producer 3.6 "SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "simple1_is1" = Photomatix Tone Mapping Plug-In version 1.0 "TerraExplorer" = TerraExplorer "VideoGet_is1" = VideoGet "Videora iPhone Converter" = Videora iPhone Converter 5.03 "VobSub" = VobSub v2.22 (Remove Only) "Vuze" = Vuze "WIC" = Windows Imaging Component "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "Windows XP Service" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = The GIMP 2.2.17 "WinGTK-2_is1" = GTK+ 2.10.13 runtime environment "WinLiveSuite_Wave3" = Installation Windows Live "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xvid_is1" = Xvid 1.1.2 final uninstall "YouTube Downloader App" = YouTube Downloader App 2.03 "ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "TV Orange 0.83 (Revu)" = TV Orange 0.83 (Revu) "Vuze Launcher" = Vuze Launcher ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 23/06/2010 14:38:29 | Computer Name = GIAIME | Source = PerfNet | ID = 2004 Description = Impossible d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. Error - 23/06/2010 17:34:34 | Computer Name = GIAIME | Source = Windows Search Service | ID = 3104 Description = Échec de l'énumération de sessions utilisateur en vue de générer des pools de filtre. Détails : L'appel de procédure distante a échoué et ne s'est pas exécuté. (0x800706bf) Error - 23/06/2010 17:36:40 | Computer Name = GIAIME | Source = PerfNet | ID = 2004 Description = Impossible d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. Error - 23/06/2010 19:11:59 | Computer Name = GIAIME | Source = PerfNet | ID = 2004 Description = Impossible d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. Error - 24/06/2010 06:16:49 | Computer Name = GIAIME | Source = PerfNet | ID = 2004 Description = Impossible d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. Error - 24/06/2010 16:25:50 | Computer Name = GIAIME | Source = PerfNet | ID = 2005 Description = Impossible de lire les données de performance du Service serveur. Aucune donnée de performance du serveur ne sera renvoyée pour cet extrait. Le code d'erreur renvoyé est la donnée DWORD 0, IOSB.Status est DWORD 1 et IOSB.Information est DWORD 2. Error - 25/06/2010 01:18:28 | Computer Name = GIAIME | Source = PerfNet | ID = 2004 Description = Impossible d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. Error - 25/06/2010 15:06:55 | Computer Name = GIAIME | Source = PerfNet | ID = 2004 Description = Impossible d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. Error - 26/06/2010 15:14:08 | Computer Name = GIAIME | Source = PerfNet | ID = 2004 Description = Impossible d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. Error - 27/06/2010 15:48:48 | Computer Name = GIAIME | Source = PerfNet | ID = 2004 Description = Impossible d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. [ System Events ] Error - 25/06/2010 15:21:13 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7034 Description = Le service Service Bonjour s'est terminé de façon inattendue pour la 1ème fois. Error - 25/06/2010 15:21:13 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7031 Description = Le service a-squared Free Service s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 0 millisecondes : Redémarrer le service. Error - 25/06/2010 15:21:13 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7034 Description = Le service Service de la passerelle de la couche Application s'est terminé de façon inattendue pour la 1ème fois. Error - 25/06/2010 15:21:13 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7034 Description = Le service AVG Anti-Spyware Guard s'est terminé de façon inattendue pour la 1ème fois. Error - 25/06/2010 15:21:13 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7031 Description = Le service Recherche Windows s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service. Error - 25/06/2010 15:21:13 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7034 Description = Le service Java Quick Starter s'est terminé de façon inattendue pour la 1ème fois. Error - 25/06/2010 15:21:15 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7034 Description = Le service Spouleur d'impression s'est terminé de façon inattendue pour la 1ème fois. Error - 25/06/2010 16:13:51 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7009 Description = Délai (30000 millisecondes) d'attente pour une connexion du service France Telecom Routing Table Service. Error - 26/06/2010 15:14:14 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7009 Description = Délai (30000 millisecondes) d'attente pour une connexion du service France Telecom Routing Table Service. Error - 27/06/2010 15:48:57 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7009 Description = Délai (30000 millisecondes) d'attente pour une connexion du service France Telecom Routing Table Service. < End of report >

Bonjour! Mon pc est très ralentit car un processus "svchost" prend 50% des ressources de mon UC. Ce processus correspond au service DcomLaunch. J'ai trouvé égalament dans msconfig l'executable syszpe32.exe qui se lance à chaque démarrage, il est indecochable et impossible à supprimer. Je sort d'une desinfection réussi de plusieurs trojans et d'un rootkit grace a un helpeur du forum "comment ça marche", mais paradoxalement, c'est pendant la procédure de desinfection que le problème du Svchost est apparu. Le pc est très ralenti, et vu que je m'en sert dans le cadre de mon travail, je me permet de venir taper à plusieurs porte pour solliciter de l'aide. Merci d'avance a qui aurait une idée de la procedure à suivre.