Svchost a 50% et Syszpe32.exe

Galad7 · le 27 juin 2010

Bonjour!

Mon pc est très ralentit car un processus "svchost" prend 50% des ressources de mon UC.

Ce processus correspond au service DcomLaunch.

J'ai trouvé égalament dans msconfig l'executable syszpe32.exe qui se lance à chaque démarrage, il est indecochable et impossible à supprimer.

Je sort d'une desinfection réussi de plusieurs trojans et d'un rootkit grace a un helpeur du forum "comment ça marche", mais paradoxalement, c'est pendant la procédure de desinfection

que le problème du Svchost est apparu.

Le pc est très ralenti, et vu que je m'en sert dans le cadre de mon travail, je me permet de venir taper à plusieurs porte pour solliciter de l'aide.

Merci d'avance a qui aurait une idée de la procedure à suivre.

no.ppp · le 27 juin 2010

Salut,

Fais ceci uniquement si tu ne te fais pas aider ailleurs, sinon préviens-moi et continue où tu as commencé. Deux procédures différentes peuvent entrer en conflit et c'est pas cool :enerve:

Télécharge OTL sur ton Bureau

Double-clique sur OTL.exe pour le lancer.
Coche la case Tous les utilisateurs
Fais de même avec Recherche Lop et Recherche Purity.
Clique ensuite sur Analyse puis patiente pendant qu'il scanne le registre et les fichiers.
Quand l'analyse est terminée, deux fenêtres du Bloc-notes vont s'ouvrir. OTL.Txt et Extras.Txt. Ces fichiers sont sauvegardés au même endroit que OTL.
Copie-colle les dans ta prochaine réponse.

Galad7 · le 27 juin 2010

Bonjour,

non effectivement ce n'est pas cool, je ne me fait donc aidé qu'ici!

Voilà les rapports:

OTL logfile created on: 28/06/2010 00:51:21 - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Dom\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 38,09 Gb Total Space | 5,19 Gb Free Space | 13,63% Space Free | Partition Type: NTFS

Drive D: | 36,43 Gb Total Space | 0,62 Gb Free Space | 1,71% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 38,16 Gb Total Space | 0,23 Gb Free Space | 0,59% Space Free | Partition Type: NTFS

Drive G: | 25,44 Gb Total Space | 0,59 Gb Free Space | 2,32% Space Free | Partition Type: NTFS

Drive H: | 25,44 Gb Total Space | 0,57 Gb Free Space | 2,25% Space Free | Partition Type: NTFS

Drive I: | 25,44 Gb Total Space | 0,31 Gb Free Space | 1,20% Space Free | Partition Type: NTFS

Drive J: | 38,16 Gb Total Space | 0,14 Gb Free Space | 0,36% Space Free | Partition Type: NTFS

Drive L: | 14,92 Gb Total Space | 8,59 Gb Free Space | 57,56% Space Free | Partition Type: FAT32

Computer Name: GIAIME

Current User Name: Dom

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/28 00:50:26 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Bureau\OTL.exe

PRC - [2010/06/23 02:22:20 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/06/23 02:22:00 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2009/11/11 21:51:55 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe

PRC - [2009/02/10 22:57:13 | 000,201,992 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

PRC - [2009/01/16 23:04:42 | 000,034,304 | ---- | M] (www.revealerkeylogger.com) -- C:\Program Files\RKFree\rkfree.exe

PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/06/11 03:13:36 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2007/05/30 14:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

PRC - [2006/09/25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

PRC - [2001/07/03 10:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

PRC - [1999/03/21 01:54:56 | 007,151,661 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\EXCEL.EXE

========== Modules (SafeList) ==========

MOD - [2010/06/28 00:50:26 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Bureau\OTL.exe

MOD - [2008/04/14 04:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (C5EB6876)

SRV - File not found [Disabled | Stopped] -- -- (93710B6E)

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2009/11/11 21:51:55 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe -- (a2free)

SRV - [2009/02/10 22:57:13 | 000,201,992 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP)

SRV - [2008/07/10 00:37:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007/05/30 14:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)

SRV - [2007/05/16 09:27:28 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)

SRV - [2005/04/04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2004/08/23 14:49:56 | 000,040,960 | ---- | M] (France Telecom) [Auto | Stopped] -- C:\WINDOWS\system32\FTRTSVC.exe -- (FTRTSVC)

========== Driver Services (SafeList) ==========

DRV - [2010/04/06 03:34:38 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2009/02/10 22:57:14 | 000,213,520 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (TSP)

DRV - [2009/02/10 22:57:14 | 000,213,520 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)

DRV - [2009/02/10 22:57:14 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)

DRV - [2008/12/03 02:16:20 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2008/05/27 12:11:54 | 000,096,896 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2008/04/16 14:23:44 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)

DRV - [2008/04/13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Pilote USB audio (WDM)

DRV - [2008/04/13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)

DRV - [2008/04/13 20:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)

DRV - [2008/03/25 20:07:10 | 000,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)

DRV - [2007/05/30 14:10:42 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)

DRV - [2007/05/30 14:10:42 | 000,010,872 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)

DRV - [2007/01/04 01:18:42 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)

DRV - [2007/01/04 01:18:42 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)

DRV - [2007/01/04 01:18:42 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)

DRV - [2007/01/04 01:18:41 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)

DRV - [2007/01/04 01:18:41 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)

DRV - [2006/12/17 04:50:30 | 001,918,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/10/18 18:39:58 | 000,017,920 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)

DRV - [2006/10/17 21:22:26 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)

DRV - [2006/08/28 18:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)

DRV - [2006/08/28 18:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtictwl.sys -- (MagicTune)

DRV - [2006/07/24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2005/12/22 13:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2005/12/22 13:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2005/12/22 13:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2005/09/22 18:34:18 | 003,727,680 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2005/08/30 02:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)

DRV - [2005/08/30 02:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)

DRV - [2005/08/30 02:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)

DRV - [2005/08/10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2005/07/07 10:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)

DRV - [2005/06/29 02:38:00 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PzWDM.sys -- (PzWDM)

DRV - [2005/05/16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)

DRV - [2005/01/10 12:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2005/01/10 12:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2004/08/13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2003/08/04 15:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)

DRV - [2001/10/17 10:52:02 | 000,053,920 | ---- | M] (Alcatel Bell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)

DRV - [2001/10/17 10:51:46 | 000,590,416 | ---- | M] (Alcatel Bell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKU\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKU\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr

IE - HKU\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 14 B6 79 A1 64 CA 01 [binary data]

IE - HKU\S-1-5-21-776561741-1677128483-682003330-1004\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Wanadoo\SearchPageURL.dll ()

IE - HKU\S-1-5-21-776561741-1677128483-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-776561741-1677128483-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://fr.msn.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/23 02:22:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/23 23:36:23 | 000,000,000 | ---D | M]

[2008/07/18 02:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Mozilla\Extensions

[2010/06/27 23:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Mozilla\Firefox\Profiles\t4kn9rjv.default\extensions

[2010/04/29 00:12:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dom\Application Data\Mozilla\Firefox\Profiles\t4kn9rjv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/06/27 23:18:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/08/21 00:40:21 | 000,000,000 | ---D | M] (VideoGet FireFox extension) -- C:\Program Files\Mozilla Firefox\extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}

[2010/03/15 02:05:38 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/03/15 02:05:38 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/03/15 02:05:38 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2010/03/15 02:05:38 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/03/25 00:07:20 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/06/17 10:27:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()

O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll (Xi)

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-776561741-1677128483-682003330-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()

O4 - HKLM..\Run: [rkfree] C:\Program Files\RKFree\rkfree.exe (www.revealerkeylogger.com)

O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)

O4 - HKU\S-1-5-21-776561741-1677128483-682003330-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\Dom\Menu Démarrer\Programmes\Démarrage\siszpe32.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-776561741-1677128483-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0

O7 - HKU\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

O8 - Extra context menu item: Easy-WebPrint Impression rapide - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

O8 - Extra context menu item: Easy-WebPrint Imprimer - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)

O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.25\IExifMap.htm ()

O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html ()

O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html ()

O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.25\IExifCom.htm ()

O9 - Extra Button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)

O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)

O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)

O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab (Rawflow ICD Client)

O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab (SentinelVE3D Class)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/1/3/7/137B2AD3-D0EE-4A5F-AFA3-FFE8A389FF95/VirtualEarth3D.cab (SentinelProxy Class)

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.fr/s/v/55.16/uploader2.cab (UploadListView Class)

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.photoweb.fr/telechargement/telechargement-photoweb-5.5.6.0.cab (Image Uploader Control)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab (HouseCall Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} http://messenger.zone.msn.com/binary/Chess.cab57176.cab (ZoneChess Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skyline {3a4f9195-65a8-11d5-85c1-0001023952c1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll (Skyline software systems Inc.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Dom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/12/27 19:51:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/11/15 15:37:00 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009/11/15 15:37:00 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009/11/15 15:37:00 | 000,000,000 | R--D | M] - F:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009/11/15 15:37:00 | 000,000,000 | R--D | M] - G:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009/11/15 15:37:00 | 000,000,000 | R--D | M] - H:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009/11/15 15:37:00 | 000,000,000 | R--D | M] - I:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009/11/15 15:37:01 | 000,000,000 | R--D | M] - J:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009/11/15 14:37:02 | 000,000,000 | RHSD | M] - L:\autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{c4a154b9-4cdc-11dd-9719-0018f3150ee8}\Shell - "" = AutoRun

O33 - MountPoints2\{c4a154b9-4cdc-11dd-9719-0018f3150ee8}\Shell\AutoRun\command - "" = K:\setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/28 00:50:23 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dom\Bureau\OTL.exe

[2010/06/24 22:30:29 | 000,000,000 | ---D | C] -- C:\rsit

[2010/06/24 00:27:41 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tasklist.exe

[2010/06/21 22:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/06/21 22:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/06/21 22:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/06/21 22:33:55 | 096,768,824 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Dom\Bureau\iTunesSetup(2).exe

[2010/06/21 21:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/06/21 20:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2010/06/20 22:46:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/06/20 00:08:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2010/06/19 08:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Bureau\avenger

[2010/06/17 10:02:05 | 000,054,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys

[2010/06/17 09:58:16 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/06/17 09:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Google

[2010/06/17 00:25:25 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys

[2010/06/17 00:25:07 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys

[2010/06/15 23:23:41 | 000,000,000 | ---D | C] -- G:\Mes documents\My Downloaded Video

[2010/06/15 23:21:31 | 000,000,000 | ---D | C] -- G:\Mes documents\Regensoft

[2010/06/15 23:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Application Data\Regensoft

[2010/06/10 22:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Bureau\Bonne

[2010/06/10 22:32:03 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2010/06/01 00:44:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/06/01 00:44:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/06/01 00:43:20 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dom\Bureau\mbam-setup.exe

[2007/01/29 20:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Application Data\Dossier de téléchargement Share-to-Web

[2002/04/11 03:41:06 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\Documents and Settings\Dom\Bureau\*.tmp files -> C:\Documents and Settings\Dom\Bureau\*.tmp -> ]

[1 G:\Mes documents\*.tmp files -> G:\Mes documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/28 00:50:26 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Bureau\OTL.exe

[2010/06/28 00:16:00 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/27 23:18:48 | 000,000,435 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/06/27 21:49:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/27 21:48:27 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/27 21:48:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/27 21:48:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/27 00:57:03 | 000,002,551 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\Microsoft Word.lnk

[2010/06/27 00:17:59 | 000,017,920 | ---- | M] () -- G:\Mes documents\Planning CDD été 2010.xls

[2010/06/27 00:00:37 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\Microsoft Excel.lnk

[2010/06/26 01:48:17 | 017,825,792 | -H-- | M] () -- C:\Documents and Settings\Dom\NTUSER.DAT

[2010/06/26 01:48:16 | 006,246,944 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2010/06/26 01:48:16 | 001,105,952 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat

[2010/06/26 01:48:16 | 000,056,172 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2010/06/26 01:48:16 | 000,010,100 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx

[2010/06/26 01:15:06 | 000,102,400 | ---- | M] () -- C:\Documents and Settings\Dom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/25 21:20:55 | 000,001,559 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\AD-R.lnk

[2010/06/25 07:33:11 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\Classeur1.xls

[2010/06/24 02:09:12 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Dom\ntuser.ini

[2010/06/24 01:48:29 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\CCleaner.lnk

[2010/06/24 01:33:56 | 000,944,827 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\Audrey appart.zip

[2010/06/24 01:33:27 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/06/24 00:26:57 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tasklist.exe

[2010/06/23 23:07:13 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\Consignes 24_06_10.doc

[2010/06/23 22:55:48 | 000,030,720 | ---- | M] () -- G:\Mes documents\http.doc

[2010/06/23 10:39:33 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk

[2010/06/23 09:57:43 | 000,532,882 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat

[2010/06/23 09:57:43 | 000,441,166 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/06/23 09:57:43 | 000,093,450 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat

[2010/06/23 09:57:43 | 000,071,102 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/06/23 09:57:42 | 001,109,050 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/22 01:35:37 | 000,110,592 | ---- | M] () -- G:\Mes documents\FOSAMAX.doc

[2010/06/22 00:58:30 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\lien serie.doc

[2010/06/21 22:45:32 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk

[2010/06/21 22:31:18 | 096,768,824 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Dom\Bureau\iTunesSetup(2).exe

[2010/06/21 20:57:31 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/06/20 23:18:28 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\rapport AVP.xls

[2010/06/19 08:49:27 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\avenger.zip

[2010/06/17 10:27:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/06/17 09:58:35 | 000,000,286 | RHS- | M] () -- C:\boot.ini

[2010/06/11 08:45:19 | 001,517,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/06/11 00:41:39 | 003,864,064 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\CASERNE DE BONNE.doc

[2010/06/10 23:49:25 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT

[2010/06/10 23:48:50 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT

[2010/06/10 22:40:43 | 000,331,395 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\GRENOBLE%20Quartier%20ZAC%20de%20la%20Caserne.pdf

[2010/06/05 02:01:01 | 001,645,525 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\IMG_0139.jpg

[2010/06/01 00:44:04 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2010/06/01 00:43:20 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dom\Bureau\mbam-setup.exe

[2010/05/31 01:53:23 | 031,742,976 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\Pizzas.doc

[2010/05/31 01:05:06 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\Consignes 31_05_10.doc

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\Documents and Settings\Dom\Bureau\*.tmp files -> C:\Documents and Settings\Dom\Bureau\*.tmp -> ]

[1 G:\Mes documents\*.tmp files -> G:\Mes documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/27 00:17:59 | 000,017,920 | ---- | C] () -- G:\Mes documents\Planning CDD été 2010.xls

[2010/06/25 21:20:55 | 000,001,559 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\AD-R.lnk

[2010/06/24 01:48:29 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\CCleaner.lnk

[2010/06/24 01:33:59 | 000,944,827 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\Audrey appart.zip

[2010/06/23 23:07:13 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\Consignes 24_06_10.doc

[2010/06/23 22:55:47 | 000,030,720 | ---- | C] () -- G:\Mes documents\http.doc

[2010/06/21 22:51:58 | 000,110,592 | ---- | C] () -- G:\Mes documents\FOSAMAX.doc

[2010/06/21 22:50:27 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk

[2010/06/21 22:45:32 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk

[2010/06/20 23:18:27 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\rapport AVP.xls

[2010/06/19 08:49:24 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\avenger.zip

[2010/06/17 09:58:34 | 000,000,216 | ---- | C] () -- C:\Boot.bak

[2010/06/17 09:58:24 | 000,263,488 | ---- | C] () -- C:\cmldr

[2010/06/17 00:24:40 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\qcopjv.dat

[2010/06/11 00:21:32 | 003,864,064 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\CASERNE DE BONNE.doc

[2010/06/10 22:40:43 | 000,331,395 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\GRENOBLE%20Quartier%20ZAC%20de%20la%20Caserne.pdf

[2010/06/03 23:06:20 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\Classeur1.xls

[2010/06/01 00:44:04 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2010/05/31 01:05:06 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Dom\Bureau\Consignes 31_05_10.doc

[2010/05/13 00:11:20 | 000,000,173 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2009/07/02 22:19:17 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI

[2009/03/29 02:45:05 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtictwl.sys

[2008/10/28 01:43:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI

[2008/08/25 22:41:28 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2008/07/23 18:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008/07/23 18:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest

[2008/07/23 18:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest

[2008/07/23 18:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2007/12/24 02:43:55 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI

[2007/12/18 01:22:06 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2007/12/17 22:01:30 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2007/12/17 22:01:30 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2007/12/17 22:01:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2007/12/17 22:01:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll

[2007/10/07 04:27:53 | 000,000,009 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini

[2007/10/03 22:21:34 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys

[2007/09/23 17:38:02 | 000,005,600 | ---- | C] () -- C:\WINDOWS\System32\STCI.DLL

[2007/07/26 16:54:16 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007/07/09 21:54:14 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini

[2007/07/09 21:54:14 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2007/06/11 17:15:32 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\IlmImf.dll

[2007/06/11 17:15:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pmexr.dll

[2007/06/11 17:15:31 | 000,353,280 | ---- | C] () -- C:\WINDOWS\System32\pmtf2.dll

[2007/06/11 17:15:31 | 000,271,872 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib.dll

[2007/06/11 17:15:31 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib2.dll

[2007/06/11 17:15:31 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\pmjp.dll

[2007/06/11 17:15:31 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\pmtf1.dll

[2007/06/11 17:15:31 | 000,204,288 | ---- | C] () -- C:\WINDOWS\System32\pmtf3.dll

[2007/06/11 17:15:31 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib3.dll

[2007/06/11 17:15:31 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmbm.dll

[2007/05/14 23:17:56 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2007/04/17 23:29:11 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2007/04/15 23:19:54 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2007/04/15 23:19:52 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2007/04/03 02:57:02 | 000,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2007/04/02 03:33:58 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini

[2007/03/30 23:40:09 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll

[2007/03/30 23:40:09 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini

[2007/03/30 23:39:26 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini

[2007/02/26 04:41:20 | 000,000,161 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2007/02/11 00:58:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2007/02/05 15:47:48 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/02/05 15:47:48 | 000,016,704 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/02/05 15:47:40 | 000,016,042 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/01/01 15:19:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI

[2006/12/30 22:38:26 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3m.DLL

[2006/12/29 01:19:25 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/12/28 23:20:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll

[2006/12/28 23:20:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll

[2006/12/28 23:20:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll

[2006/12/28 23:20:11 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll

[2006/12/28 23:20:11 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll

[2006/12/27 19:58:18 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2006/12/27 19:57:16 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2006/12/27 19:57:11 | 000,013,906 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2006/12/27 19:57:10 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2005/05/03 13:38:42 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll

[2005/03/14 14:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2005/01/12 05:08:50 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\SafeIE.dll

[2003/10/02 12:48:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll

[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini

[2002/10/16 00:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini

[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll

[2000/04/14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll

[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini

[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

========== LOP Check ==========

[2009/03/28 02:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2007/06/01 12:53:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2008/10/23 13:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters

[2010/04/06 03:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2008/11/02 16:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2007/10/02 18:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft

[2008/11/02 16:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Importer

[2008/11/05 00:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jazz

[2007/08/12 01:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

[2008/10/27 23:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon

[2010/02/02 00:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy

[2009/01/16 00:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rkfree

[2006/12/29 01:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT

[2010/03/14 01:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skyline

[2008/11/02 16:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2010/06/21 21:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/12/01 11:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/10/20 23:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Axialis

[2010/06/24 01:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Azureus

[2007/01/22 03:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\CopyToDvd

[2008/07/09 01:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\DAEMON Tools

[2010/04/06 03:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\DAEMON Tools Lite

[2007/12/17 21:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\DataCast

[2007/01/29 20:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Dossier de téléchargement Share-to-Web

[2010/02/02 00:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\DxO Labs

[2009/10/07 00:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\gtk-2.0

[2007/05/15 23:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Imagenomic

[2006/12/29 22:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\InterTrust

[2009/05/27 01:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Morpheus Software

[2008/11/02 16:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Nikon

[2010/02/02 00:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\PACE Anti-Piracy

[2008/11/07 03:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Panasonic

[2009/12/03 00:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Red Kawa

[2010/06/15 23:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Regensoft

[2007/12/18 01:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Samsung

[2007/09/08 00:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\SecondLife

[2007/10/25 00:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Vso

[2007/09/30 14:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Windows Desktop Search

[2009/10/13 01:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Xi

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Application Data\rkfree:uninst

@Alternate Data Stream - 40 bytes -> C:\Program Files\RKFree\rkfree.exe:cfg

@Alternate Data Stream - 1418 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:95wzmUF0BsoR6kf08TAIDeGTW

@Alternate Data Stream - 1407 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:IFX3mGYcZg9RDYgv4N5ra75i

< End of report >

OTL Extras logfile created on: 28/06/2010 00:51:21 - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Dom\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 38,09 Gb Total Space | 5,19 Gb Free Space | 13,63% Space Free | Partition Type: NTFS

Drive D: | 36,43 Gb Total Space | 0,62 Gb Free Space | 1,71% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 38,16 Gb Total Space | 0,23 Gb Free Space | 0,59% Space Free | Partition Type: NTFS

Drive G: | 25,44 Gb Total Space | 0,59 Gb Free Space | 2,32% Space Free | Partition Type: NTFS

Drive H: | 25,44 Gb Total Space | 0,57 Gb Free Space | 2,25% Space Free | Partition Type: NTFS

Drive I: | 25,44 Gb Total Space | 0,31 Gb Free Space | 1,20% Space Free | Partition Type: NTFS

Drive J: | 38,16 Gb Total Space | 0,14 Gb Free Space | 0,36% Space Free | Partition Type: NTFS

Drive L: | 14,92 Gb Total Space | 8,59 Gb Free Space | 57,56% Space Free | Partition Type: FAT32

Computer Name: GIAIME

Current User Name: Dom

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"11113:TCP" = 11113:TCP:*:Enabled:emule tcp in

"11123:UDP" = 11123:UDP:*:Enabled:emule udp out

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)

"C:\Program Files\adslTV\adsltv.exe" = C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv -- (adsltv.org)

"C:\Program Files\adslTV\vlc.exe" = C:\Program Files\adslTV\vlc.exe:*:Enabled:VLC media player -- ()

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Xi\NetXfer\NetTransport.exe" = C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager -- (Xi)

"C:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe" = C:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional

"{0004040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 CD-ROM 2

"{0176AC71-9EDE-48A0-AC3B-94FEB38B1FFE}" = Noiseware Professional Plug-in

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300

"{17342E3B-0818-4A6F-BFF8-99476605ADD6}" = livebox

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy

"{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2}" = Client Windows Rights Management avec Service Pack 2

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 15

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Bêta)

"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}" = 3DMark05

"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{41F71B19-4F04-49A9-99BE-7348AA1EA665}" = ArcSoft Software Suite

"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer

"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer

"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV

"{5B25274F-088A-4A24-AE12-4AEE9278025A}" = SILKYPIX Developer Studio 2.0 SE

"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard

"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail

"{5E838F2B-2C25-4F0F-A8A6-072ECFB59B5D}" = Kit de Connexion Netissimo 2.5 USB

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup

"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009

"{685755F8-C74B-4613-8137-C90AF458228D}" = ATI Catalyst Control Center

"{687E87C0-E4C2-414A-B8A2-E2B9B83670AA}" = RealGrain Plug-in

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings

"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web

"{76F0FEBD-6C17-4D57-352A-734D0D95920D}" = Ultimate ZIP Cracker Trial version

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger

"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility

"{88D2DA61-9D98-4284-B1D7-9A6EF6D81C13}" = DxO Optics Pro 6

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}" = Adobe Setup

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A20A58C4-6784-4B4B-86CC-94E2E3671036}" = Nero 7

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5

"{BF794769-8875-4E01-B7BE-E00104604F4A}" = Adobe Photoshop CS3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio

"{C3FDA1E4-1E17-48D8-B4F0-C141E9FFB4BA}" = nullDC 1.0.0 Public Beta 1 Setup

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3

"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec

"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center

"{D301EE05-D1E1-4A58-B89C-A0EFDAB491E2}" = Portraiture Plug-in

"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen

"{E3A54A70-1CFA-4D79-ACD6-5AA2A98C212F}" = Samsung PC Studio 3

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer

"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer

"{EC905264-BCFE-423B-9C42-C3A106266790}" = SP2 de compatibilité descendante du client Windows Rights Management

"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA

"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro

"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings

"7-Zip" = 7-Zip 4.65

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Adobe_32e9033392a51340b32fdc6ad893ab7" = Adobe Photoshop CS3

"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings

"Ad-Remover" = Ad-Remover By C_XX

"adsl TV" = adsl TV

"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel

"a-squared Free_is1" = a-squared Free 2.1

"ATI Display Driver" = ATI Display Driver

"Audacity_is1" = Audacity 1.2.6

"AVGAntiSpyware75" = AVG Anti-Spyware 7.5

"AviSynth" = AviSynth 2.5

"Canon Camera WIA Driver PowerShot A40" = Canon PowerShot A40 WIA Driver

"Canon Setup Utility 2.3" = Canon Setup Utility 2.3

"Capture NX 2" = Capture NX 2

"CCleaner" = CCleaner

"CDex" = CDex extraction audio

"CodeStuff Starter" = CodeStuff Starter

"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"dBpowerAMP Music Converter" = dBpowerAMP Music Converter

"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint

"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox

"Easy-WebPrint" = Easy-WebPrint

"Enregistrement utilisateur de Canon iP4300" = Enregistrement utilisateur de Canon iP4300

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"FLVPlayer" = FLV Player 1.3.3

"FranceTelecomUninstall_FTBrowser" = Navigateur Orange

"GestionnaireInternet.exe" = Gestionnaire Internet

"Google Updater" = Outil de mise à jour Google

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"InstallShield_{5B25274F-088A-4A24-AE12-4AEE9278025A}" = SILKYPIX Developer Studio 2.0 SE

"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009

"Kill Process" = Kill Process 5.0.0.5 (désinstaller seulement)

"KLiteCodecPack_is1" = K-Lite Codec Pack 2.71 Full

"Magic Morph_is1" = Magic Morph 1.95b

"MagicDisc 2.7.97" = MagicDisc 2.7.97

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MediaNavigation.CDLabelPrint" = CD-LabelPrint

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Morpheus Photo Animation Suite_is1" = Morpheus Photo Animation Suite v3.00

"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NetXfer Vista(x86) (Multilingual)_is1" = NetXfer 2.82.450

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"ONES(F)" = ONES Trial (F)

"Opanda IExif_is1" = Opanda IExif 2.25

"OpenAL" = OpenAL

"PhotoFiltre Studio" = PhotoFiltre Studio

"Photomatix Pro_is1" = Photomatix Pro version 2.4.1

"Picasa 3" = Picasa 3

"Professional Screen Saver Producer" = Axialis Professional Screen Saver Producer 3.6

"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"simple1_is1" = Photomatix Tone Mapping Plug-In version 1.0

"TerraExplorer" = TerraExplorer

"VideoGet_is1" = VideoGet

"Videora iPhone Converter" = Videora iPhone Converter 5.03

"VobSub" = VobSub v2.22 (Remove Only)

"Vuze" = Vuze

"WIC" = Windows Imaging Component

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Lecteur Windows Media 11

"Windows XP Service" = Windows XP Service Pack 3

"WinGimp-2.0_is1" = The GIMP 2.2.17

"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment

"WinLiveSuite_Wave3" = Installation Windows Live

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xvid_is1" = Xvid 1.1.2 final uninstall

"YouTube Downloader App" = YouTube Downloader App 2.03

"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-776561741-1677128483-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"TV Orange 0.83 (Revu)" = TV Orange 0.83 (Revu)

"Vuze Launcher" = Vuze Launcher

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 23/06/2010 14:38:29 | Computer Name = GIAIME | Source = PerfNet | ID = 2004

Description = Impossible d'ouvrir le Service serveur. Les données de performance

du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD

0.

Error - 23/06/2010 17:34:34 | Computer Name = GIAIME | Source = Windows Search Service | ID = 3104

Description = Échec de l'énumération de sessions utilisateur en vue de générer des

pools de filtre. Détails : L'appel de procédure distante a échoué et ne s'est pas

exécuté. (0x800706bf)

Error - 23/06/2010 17:36:40 | Computer Name = GIAIME | Source = PerfNet | ID = 2004

Description = Impossible d'ouvrir le Service serveur. Les données de performance

du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD

0.

Error - 23/06/2010 19:11:59 | Computer Name = GIAIME | Source = PerfNet | ID = 2004

Description = Impossible d'ouvrir le Service serveur. Les données de performance

du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD

0.

Error - 24/06/2010 06:16:49 | Computer Name = GIAIME | Source = PerfNet | ID = 2004

Description = Impossible d'ouvrir le Service serveur. Les données de performance

du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD

0.

Error - 24/06/2010 16:25:50 | Computer Name = GIAIME | Source = PerfNet | ID = 2005

Description = Impossible de lire les données de performance du Service serveur. Aucune

donnée de performance du serveur ne sera renvoyée pour cet extrait. Le code d'erreur

renvoyé est la donnée DWORD 0, IOSB.Status est DWORD 1 et IOSB.Information est DWORD

2.

Error - 25/06/2010 01:18:28 | Computer Name = GIAIME | Source = PerfNet | ID = 2004

Description = Impossible d'ouvrir le Service serveur. Les données de performance

du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD

0.

Error - 25/06/2010 15:06:55 | Computer Name = GIAIME | Source = PerfNet | ID = 2004

Description = Impossible d'ouvrir le Service serveur. Les données de performance

du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD

0.

Error - 26/06/2010 15:14:08 | Computer Name = GIAIME | Source = PerfNet | ID = 2004

Description = Impossible d'ouvrir le Service serveur. Les données de performance

du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD

0.

Error - 27/06/2010 15:48:48 | Computer Name = GIAIME | Source = PerfNet | ID = 2004

Description = Impossible d'ouvrir le Service serveur. Les données de performance

du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD

0.

[ System Events ]

Error - 25/06/2010 15:21:13 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7034

Description = Le service Service Bonjour s'est terminé de façon inattendue pour

la 1ème fois.

Error - 25/06/2010 15:21:13 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7031

Description = Le service a-squared Free Service s'est terminé de manière inattendue.

Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans

0 millisecondes : Redémarrer le service.

Error - 25/06/2010 15:21:13 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7034

Description = Le service Service de la passerelle de la couche Application s'est

terminé de façon inattendue pour la 1ème fois.

Error - 25/06/2010 15:21:13 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7034

Description = Le service AVG Anti-Spyware Guard s'est terminé de façon inattendue

pour la 1ème fois.

Error - 25/06/2010 15:21:13 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7031

Description = Le service Recherche Windows s'est terminé de manière inattendue.

Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 30000

millisecondes : Redémarrer le service.

Error - 25/06/2010 15:21:13 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7034

Description = Le service Java Quick Starter s'est terminé de façon inattendue pour

la 1ème fois.

Error - 25/06/2010 15:21:15 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7034

Description = Le service Spouleur d'impression s'est terminé de façon inattendue

pour la 1ème fois.

Error - 25/06/2010 16:13:51 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7009

Description = Délai (30000 millisecondes) d'attente pour une connexion du service

France Telecom Routing Table Service.

Error - 26/06/2010 15:14:14 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7009

Description = Délai (30000 millisecondes) d'attente pour une connexion du service

France Telecom Routing Table Service.

Error - 27/06/2010 15:48:57 | Computer Name = GIAIME | Source = Service Control Manager | ID = 7009

Description = Délai (30000 millisecondes) d'attente pour une connexion du service

France Telecom Routing Table Service.

< End of report >

no.ppp · le 28 juin 2010

Salut,

Tu peux supprimer a-squared, réputé pour balancer de faux positifs et plus vraiment efficace face aux nouvelles variantes.

HéHé, azureus, emule .. tout ce qu'il faut pour être victime d'infection en tout genre

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"11113:TCP" = 11113:TCP:*:Enabled:emule tcp in

"11123:UDP" = 11123:UDP:*:Enabled:emule udp out

Sauvegarde ta Base de Registre : Sauvegarde de la base de registre

Relance OTL.exe.

Copie-colle le code suivant dans la fenêtre Personnalisation

:OTL
SRV - File not found [Disabled | Stopped] -- -- (C5EB6876)
SRV - File not found [Disabled | Stopped] -- -- (93710B6E)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\Dom\Menu Démarrer\Programmes\Démarrage\siszpe32.exe ()
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Dom\Bureau\*.tmp files -> C:\Documents and Settings\Dom\Bureau\*.tmp -> ]
[1 G:\Mes documents\*.tmp files -> G:\Mes documents\*.tmp -> ]
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Application Data\rkfree:uninst
@Alternate Data Stream - 40 bytes -> C:\Program Files\RKFree\rkfree.exe:cfg
@Alternate Data Stream - 1418 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:95wzmUF0BsoR6kf08TAIDeGTW
@Alternate Data Stream - 1407 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:IFX3mGYcZg9RDYgv4N5ra75i
:files
C:\Documents and Settings\Dom\Menu Démarrer\Programmes\Démarrage\siszpe32.exe
C:\Documents and Settings\LocalService\Application Data\qcopjv.dat
:services
:reg
:commands
[EmptyTemp]
[EmptyFlash]
[Purity]
[CREATERESTOREPOINT]
[ResetHosts]
[Reboot]
Clique ensuite sur Correction et patiente pendant que l'outil travaille.
Copie-colle le contenu du rapport qui s'ouvre (C\_OTL\MovedFiles) dans ta prochaine réponse.

Galad7 · le 28 juin 2010

Salut!

Juste une petite chose,

Avant de supprimer quoique ce soit j'ai oublié de te préciser que le Keylogger RKFREE est installé volontairement sur mon ordinateur, il me permet de surveiller l'activité de mes petits neuveux.

J'aimerais donc bien qu'il continu de fonctionner après tout ceci!

Merci d'avance!

no.ppp · le 28 juin 2010

Re,

Tu peux y aller sans problèmes ! :super:

Galad7 · le 28 juin 2010

Voilà le rapport, Mon svchost est retombé a 0 (cool), mais par contre ce que je craignais c'est produit.

Rkfree n'a pas démarré et refuse de se lancer même manuellement.

All processes killed

========== OTL ==========

Service C5EB6876 stopped successfully!

Service C5EB6876 deleted successfully!

Service 93710B6E stopped successfully!

Service 93710B6E deleted successfully!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

File move failed. C:\Documents and Settings\Dom\Menu Démarrer\Programmes\Démarrage\siszpe32.exe scheduled to be moved on reboot.

Starting removal of ActiveX control {00000055-9980-0010-8000-00AA00389B71}

C:\WINDOWS\Downloaded Program Files\fhg.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000055-9980-0010-8000-00AA00389B71}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000055-9980-0010-8000-00AA00389B71}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

C:\WINDOWS\System32\tmp1BC.tmp deleted successfully.

C:\WINDOWS\System32\tmp1BD.tmp deleted successfully.

C:\WINDOWS\System32\tmp95.tmp deleted successfully.

C:\WINDOWS\System32\tmp96.tmp deleted successfully.

C:\WINDOWS\002944_.tmp deleted successfully.

C:\WINDOWS\SET3.tmp deleted successfully.

C:\WINDOWS\SET4.tmp deleted successfully.

C:\WINDOWS\SET8.tmp deleted successfully.

C:\Documents and Settings\Dom\Bureau\~WRL1230.tmp deleted successfully.

C:\Documents and Settings\Dom\Bureau\~WRL3929.tmp deleted successfully.

G:\Mes documents\~WRD1451.tmp deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\rkfree:uninst deleted successfully.

ADS C:\Program Files\RKFree\rkfree.exe:cfg deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\Microsoft:95wzmUF0BsoR6kf08TAIDeGTW deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\Microsoft:IFX3mGYcZg9RDYgv4N5ra75i deleted successfully.

========== FILES ==========

File move failed. C:\Documents and Settings\Dom\Menu Démarrer\Programmes\Démarrage\siszpe32.exe scheduled to be moved on reboot.

C:\Documents and Settings\LocalService\Application Data\qcopjv.dat moved successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41 bytes

User: Dom

->Temp folder emptied: 341220374 bytes

->Temporary Internet Files folder emptied: 1106540 bytes

->Java cache emptied: 60701438 bytes

->FireFox cache emptied: 35742741 bytes

->Flash cache emptied: 37579 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 1507462 bytes

->Flash cache emptied: 405 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 2269 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 17228 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15258420 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 435,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

->Flash cache emptied: 0 bytes

User: Dom

->Flash cache emptied: 0 bytes

User: LocalService

->Flash cache emptied: 0 bytes

User: NetworkService

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Error starting restore point: System Restore is disabled.

Error closing restore point: System Restore is disabled.

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.7.0 log created on 06282010_223625

Files\Folders moved on Reboot...

C:\Documents and Settings\Dom\Menu Démarrer\Programmes\Démarrage\siszpe32.exe moved successfully.

Registry entries deleted on Reboot...

no.ppp · le 29 juin 2010

Salut,

Effectivement, je t'ai fait supprimé ces ADS :

C:\Documents and Settings\All Users\Application Data\rkfree:uninst
C:\Program Files\RKFree\rkfree.exe:cfg

D'où ton impossibilité de le démarrer. J'allais te proposer de revenir au point de restauration créé par OTL mais ta restauration est désactivé.

Peux-tu réinstaller Rkfree ?

Sinon, bonne nouvelle pour svchost :super:

Télécharge Malwarebytes' Anti-Malware (MBAM)

Double clique sur le fichier téléchargé pour lancer le processus d'installation.
Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
Sélectionne "Exécuter un examen rapide"
Clique sur "Rechercher"
L'analyse démarre, le scan est relativement long, c'est normal.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Galad7 · le 30 juin 2010

juste pour t'informer que je vais être un peu lent a faire les dernières manips, car je commence très tôt le travail et le fini très tard.

Je ferais ça vendredi soir ou samedi au plus tard, et merci encore.

Par contre pour "RKfree", je n'arrive pas à la réinstaller car il me dit qu'il detecte une version sur le pc et qu'il faut d'abords la désinstaller, mais il n'y a pourtant plus rien.

Bref, à samedi!

no.ppp · le 30 juin 2010

Salut,

On regarde tout çà ensemble Samedi, pas de problème :super:

Connexion

Pas encore inscrit ?

Svchost a 50% et Syszpe32.exe

Messages recommandés

Galad7

no.ppp

Galad7

no.ppp

Galad7

no.ppp

Galad7

no.ppp

Galad7

no.ppp

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer