Rapport Hijackthis après comboFix PRISE 2

[Cabotine]

Bonjour à vous !

 

Ayant posté un trop long post, je dois ici recommencer. Je vais mettre en pièce jointe le rapport de 1- ComboFix puis celui 2- d'Hijackthis et celui de 3- MalwareByte's

 

J'ai besoin de savoir si je suis encore infectée.. je dois aussi vous dire que mon ordi, malgré qu'il soit récent, perd beaucoup de vitesse et le démarrage est ultra lent... Après avoir réglé le prob de virus, pourriez-vous me diriger vers une ressource pouvant m'aider avec la lenteur de l'ordi svp ?

 

Merci beaucoup de prendre le temps de m'aider et au plaisir !

1- Cijoint.fr - Service gratuit de dépôt de fichiers

2- Cijoint.fr - Service gratuit de dépôt de fichiers

3- Cijoint.fr - Service gratuit de dépôt de fichiers

[lance_yien]

Bonjour Cabotine,

 

---

Très Important!

 

>>> A faire immédiatement:

En haut de ce message cliquer sur le bouton "Suivre ce sujet", en choisissant "Notification immédiate" => "Soumettre" tu seras avisé en temps réel pour les réponses apportées à ton sujet et de ce fait, ta machine sera nettoyée dans les meilleurs délais.

 

>>> Que faire durant ce nettoyage, merci de NE PAS utiliser, installer et/ou désinstaller aucun programme à part ceux qui sont proposés à chaque étape ce qui a pour but d'éviter tout problème d'incompatibilité entre les outils.

 

>>> Que faire à la réception de nouvelles instructions,

• Lire la totalité du message.
  
• Télécharger et enregistrer les utilitaires DIRECTEMENT sur le Bureau ou les déplacer (tout de suite après par un clic-droit dessus => "Couper" puis clic-droit sur le Bureau => "Coller".
  Certains programmes peuvent créer des problèmes s'ils ne sont pas lancés depuis le Bureau.
  
• Prendre l'habitude de désactiver tous les programmes de protection au début de chaque nouvelle étape et de les réactiver à la fin.
  
• Procéder toujours dans l'ordre donné et demander des clarifications si nécessaire AVANT de commencer.
  
• NE PAS hésiter à commenter et signaler tout changement (en bien ou en mal) dans le comportement de la machine ou par rapport au problème initial.
  

>>> Comment répondre: Cliquer sur le bouton car je n'ai pas besoin de relire mes messages précédents.

---

 

>>> Analyse de fichier(s):

• Copier la 1ère ligne de la liste suivante et aller sur le site Jotti.
   
  c:\windows\system32\drivers\rfhoaxd.sys
  c:\windows\system32\drivers\jfljamwo.sys
   
  
• Cliquer sur Parcourir....
  
• Dans la nouvelle fenêtre, cliquer-droit dans "Nom du fichier" => "Coller" puis cliquer sur "Ouvrir".
  
• Cliquer sur Envoyer et laisser faire l'analyse.
  
• A la fin cliquer-droit sur le bouton Votre lien permanent... => "Copier l'adresse du lien".
  Ouvrir le bloc-note et cliquer-droit => "Coller"
  
  

  
  

• Recommencer avec l'autre ligne de ma liste en cliquant sur le bouton "Prochain fichier" et coller l'adresse dans le bloc-note.
  

Copier le contenu du bloc-note et le coller dans la prochaine réponse.

Note: Si Jotti est surchargé aller sur Virustotal,

 

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau:

• OTL (par OldTimer) depuis ici ou ici.
• Security Check (par screen317) depuis ici ou ici.

>>> OTL Brancher et allumer tous les médias amovibles ayant servi à un quelconque transfert de données (clés USB...).

Fermer tout et double-cliquer sur OTL.exe (Vista/ Windows7, clic-droit dessus => Exécuter en tant qu'Admin).

Copiez/ Collez ces lignes (commençant par netsvcs) dans l'espace sous "Personnalisation":

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

Sans rien changer, cliquer sur le bouton bleu Analyse et laisser faire.

A la fin du scan, 2 rapports seront créés: OTL.txt (qui s'ouvre dans le bloc-note) et Extras.txt (qui sera minimisé dans la Barre des tâches).

 

Poster le contenu de chaque rapport, un seul par message parce qu'ils sont souvent très longs et dépassent la limite autorisée par le forum.

 

>>> SecurityCheck: Fermer tout et double-cliquer sur "SecurityCheck.exe" pour lancer le programme.

Appuyer sur une touche comme demandé et suivre les indications.

Note: Si un des programmes de sécurité demande la permission d'accéder à Internet depuis dig.exe, acceptez.

Le Rapport checkup.txt s'ouvre à la fin. Poster son contenu.

Ce rapport ne sera pas enregistré automatiquement. Si vous voulez en garder une copie, cliquez sur "Fichier" => "Enregistrer sous", choisissez un endroit (Bureau par exemple) et cliquez sur "Enregistrer" en bas à droite.

Poster son contenu.

 

Rapports demandés:

• Résultat de jotti
• OTL.txt
• Extras.txt
• checkup.txt

[Cabotine]

Bonjour Lance,

 

J'ai fait ce que tu as écrit pour Jotti, mais l'ordi ne trouve pas le dossier que je colle et ce, même si je vais jusqu'au répertoire.

 

Donc, voici les deux rapport d'OTL

OTL : Cijoint.fr - Service gratuit de dépôt de fichiers

Extra : Cijoint.fr - Service gratuit de dépôt de fichiers

 

Celui de Security Check

Checkup : Cijoint.fr - Service gratuit de dépôt de fichiers

 

Merci beaucoup de me venir en aide, c'est très apprécié

 

Cabo

 

PS: je joins plus bas les résultats, car celà semble difficile à lire lorsque je poste sur cijoint... Bref, tu me diras ce que tu préfères svp.

Modifié le 20 novembre 2010 par Cabotine

[Cabotine]

OTL :

OTL logfile created on: 2010-11-20 10:50:20 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\MicroC\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free

5,00 Gb Paging File | 4,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465,75 Gb Total Space | 315,61 Gb Free Space | 67,76% Space Free | Partition Type: NTFS

Drive E: | 465,76 Gb Total Space | 358,64 Gb Free Space | 77,00% Space Free | Partition Type: NTFS

Drive G: | 614,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Drive H: | 930,86 Gb Total Space | 792,86 Gb Free Space | 85,18% Space Free | Partition Type: NTFS

Drive K: | 149,05 Gb Total Space | 61,87 Gb Free Space | 41,51% Space Free | Partition Type: NTFS

 

Computer Name: NATHALIE | User Name: MicroC | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2010-11-20 10:46:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MicroC\Bureau\OTL.exe

PRC - [2010-10-22 16:47:26 | 000,524,288 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe

PRC - [2010-10-22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe

PRC - [2010-06-29 19:22:40 | 009,221,808 | ---- | M] (Druide informatique inc.) -- C:\Program Files\Druide\Antidote 7\Programmes32\antido32.exe

PRC - [2010-06-29 19:22:40 | 000,806,080 | ---- | M] (Druide informatique inc.) -- C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe

PRC - [2010-05-14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2010-03-18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010-03-18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2010-03-08 11:00:26 | 001,805,584 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe

PRC - [2010-02-15 18:06:56 | 010,358,056 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe

PRC - [2010-01-27 09:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

PRC - [2009-12-03 08:54:40 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe

PRC - [2009-10-30 06:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe

PRC - [2009-08-28 18:48:08 | 000,015,376 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe

PRC - [2009-08-28 18:48:02 | 000,245,288 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

PRC - [2009-08-28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2009-07-24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe

PRC - [2009-07-21 13:33:58 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009-07-20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe

PRC - [2009-07-13 12:50:42 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2009-07-10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe

PRC - [2009-06-26 16:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe

PRC - [2009-05-13 15:47:40 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009-03-02 12:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008-12-22 13:59:20 | 000,787,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe

PRC - [2008-04-14 07:00:00 | 000,979,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008-01-24 10:02:18 | 001,352,192 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe

PRC - [2008-01-23 21:53:16 | 000,613,376 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe

PRC - [2008-01-09 09:17:18 | 000,627,200 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe

PRC - [2007-12-10 20:49:36 | 001,412,608 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe

PRC - [2007-03-18 17:05:02 | 000,630,784 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010-11-20 10:46:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MicroC\Bureau\OTL.exe

MOD - [2010-08-23 11:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2009-07-20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll

MOD - [2009-07-12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll

MOD - [2007-03-18 17:04:22 | 000,069,632 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)

SRV - [2010-10-22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2010-05-14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2010-03-18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009-12-17 19:00:28 | 000,243,056 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)

SRV - [2009-11-01 14:58:05 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)

SRV - [2009-08-28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2009-08-05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2009-07-24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

SRV - [2009-07-21 13:33:58 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009-05-13 15:47:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008-11-04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2005-04-03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2004-03-18 15:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\jfljamwo.sys -- (pytg)

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\rfhoaxd.sys -- (ntfscx)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (InCDRm)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass)

DRV - File not found [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDFs)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MicroC\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2010-10-08 03:30:00 | 009,587,776 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2010-03-05 20:13:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010-01-05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

DRV - [2010-01-05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2010-01-05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2009-12-18 10:23:14 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)

DRV - [2009-12-02 14:34:14 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2009-12-02 14:34:13 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2009-11-25 11:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009-10-21 04:22:00 | 000,298,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2009-08-05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2009-06-26 16:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)

DRV - [2009-06-17 11:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2009-06-17 11:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)

DRV - [2009-06-17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2009-06-17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2009-06-17 11:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)

DRV - [2009-06-17 11:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)

DRV - [2009-06-17 11:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2009-05-11 09:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009-03-30 09:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009-03-19 22:53:48 | 000,154,664 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)

DRV - [2009-02-13 11:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008-12-07 11:24:23 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2008-12-07 11:23:48 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2008-04-14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008-04-13 11:45:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)

DRV - [2007-12-20 05:00:06 | 004,637,696 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007-12-17 04:14:05 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)

DRV - [2007-02-26 20:15:21 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)

DRV - [2004-08-13 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ca

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C A1 BE 5A 8A 37 CA 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live CA-EN Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2535290&SearchSource=13"

FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3

FF - prefs.js..extensions.enabledItems: {e1170235-2845-420c-acc3-42261a29dd46}:4.0.1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4

FF - prefs.js..extensions.enabledItems: {6d6b212b-2245-4898-8b16-9a11b81ff9e1}:2.5.6.0

FF - prefs.js..extensions.enabledItems: {437c4386-9237-441f-a940-009430030ee0}:2.5.8.6

FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2

FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&q="

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-09-26 16:52:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-09-26 16:52:00 | 000,000,000 | ---D | M]

 

[2009-10-24 08:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MicroC\Application Data\Mozilla\Extensions

[2009-09-21 16:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MicroC\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2010-11-15 14:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MicroC\Application Data\Mozilla\Firefox\Profiles\piv174ei.default\extensions

[2010-05-12 20:30:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\MicroC\Application Data\Mozilla\Firefox\Profiles\piv174ei.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010-05-11 07:13:08 | 000,000,000 | ---D | M] (Messenger Plus Live CA-EN Toolbar) -- C:\Documents and Settings\MicroC\Application Data\Mozilla\Firefox\Profiles\piv174ei.default\extensions\{437c4386-9237-441f-a940-009430030ee0}

[2010-03-06 08:54:35 | 000,000,000 | ---D | M] (Softonic France FF Toolbar) -- C:\Documents and Settings\MicroC\Application Data\Mozilla\Firefox\Profiles\piv174ei.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}

[2010-02-17 15:24:35 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\MicroC\Application Data\Mozilla\Firefox\Profiles\piv174ei.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}

[2010-02-17 15:24:35 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\MicroC\Application Data\Mozilla\Firefox\Profiles\piv174ei.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}

[2010-04-01 13:19:10 | 000,000,953 | ---- | M] () -- C:\Documents and Settings\MicroC\Application Data\Mozilla\Firefox\Profiles\piv174ei.default\searchplugins\conduit.xml

[2010-11-15 17:42:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010-09-26 16:51:57 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010-09-26 16:51:57 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010-09-26 16:51:57 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2010-09-26 16:51:57 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010-09-26 16:51:57 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2010-11-15 15:09:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [agentantidote.exe] C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe (Druide informatique inc.)

O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [ASUS Energy Saving] C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe ()

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()

O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe ()

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [searchSettings] C:\Program Files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)

O4 - HKLM..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)

O4 - Startup: C:\Documents and Settings\MicroC\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\MicroC\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)

O4 - Startup: C:\Documents and Settings\MicroC\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()

O4 - Startup: C:\Documents and Settings\MicroC\Menu Démarrer\Programmes\Démarrage\TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (AKSoftware)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Convertir en Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convertir en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)

O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} Page introuvable | Facebook (Facebook Photo Uploader 5 Control)

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_1_3.cab (Ma-Config control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\WINDOWS\BricoPack Wallpaper.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\BricoPack Wallpaper.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-09-30 22:05:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009-06-18 16:12:18 | 000,000,088 | R--- | M] () - G:\autorun.inf -- [ UDF ]

O32 - AutoRun File - [2009-03-11 14:22:42 | 000,341,520 | -H-- | M] (Ceedo Technologies Ltd.) - K:\AutoDetect.exe -- [ NTFS ]

O32 - AutoRun File - [2009-03-11 14:22:38 | 000,435,728 | ---- | M] (Ceedo Technologies Ltd.) - K:\Autorun.exe -- [ NTFS ]

O32 - AutoRun File - [2007-07-29 11:01:00 | 000,000,810 | RH-- | M] () - K:\Autorun.exe.manifest -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (16902053519425536)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010-11-20 10:46:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MicroC\Bureau\OTL.exe

[2010-11-19 21:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Application Data\KranX Productions

[2010-11-19 21:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Bureau\Artifacts of the Past - Les Mysteres des Temps Anciens

[2010-11-19 19:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Bureau\Dark Tales

[2010-11-15 17:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Application Data\Search Settings

[2010-11-15 17:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Spigot

[2010-11-15 17:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar

[2010-11-15 17:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater

[2010-11-15 15:44:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010-11-15 15:21:40 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\MicroC\Bureau\HJTInstall.exe

[2010-11-15 15:20:38 | 000,000,000 | ---D | C] -- C:\UsbFix

[2010-11-15 15:01:44 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010-11-11 20:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Local Settings\Application Data\Deadtime Stories

[2010-11-11 20:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Deadtime Stories

[2010-11-10 14:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Local Settings\Application Data\KodakGallery

[2010-11-10 14:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Application Data\Skinux

[2010-11-10 13:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Mes documents\My Print Creations

[2010-11-10 13:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Local Settings\Application Data\ArcSoft

[2010-11-10 13:49:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Application Data\ArcSoft

[2010-11-10 13:49:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft

[2010-11-10 13:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\ArcSoft

[2010-11-10 13:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft

[2010-11-10 13:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Kodak

[2010-11-10 13:45:37 | 000,467,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll

[2010-11-10 13:45:37 | 000,467,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2fs.dll

[2010-11-10 13:45:37 | 000,320,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll

[2010-11-10 13:45:37 | 000,320,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2.dll

[2010-11-10 13:45:37 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys

[2010-11-10 13:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak

[2010-11-10 13:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak

[2010-11-10 13:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Local Settings\Application Data\Downloaded Installations

[2010-11-08 23:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Application Data\ShaoLin

[2010-11-06 21:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Application Data\Anarchy

[2010-11-06 19:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Application Data\Enki Games

[2010-11-04 19:19:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MicroC\Recent

[2010-11-01 21:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Application Data\Aerohills

[2010-11-01 20:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Application Data\ERS Game Studios

[2010-11-01 20:36:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Bureau\Mystery of the Earl-fr

[2010-10-29 19:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Bureau\Haunted Hotel - Lonely Dream

[2010-10-24 22:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Application Data\SunRay Games

[2010-10-24 16:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Mes documents\Adobe

[2010-10-21 14:20:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Application Data\TOMI2.THE GATES OF FATE

[2010-10-21 12:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MicroC\Mes documents\DVDFab

[2009-05-07 18:02:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\MicroC\Application Data\pcouffin.sys

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010-11-20 10:46:17 | 000,869,086 | ---- | M] () -- C:\Documents and Settings\MicroC\Bureau\SecurityCheck.exe

[2010-11-20 10:46:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MicroC\Bureau\OTL.exe

[2010-11-20 10:41:00 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010-11-20 10:19:50 | 000,171,520 | ---- | M] () -- C:\Documents and Settings\MicroC\Bureau\2010 - TRSP - MB - Facture.xls

[2010-11-20 09:54:43 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8927F947-F6BD-4135-8544-6D7C02CB2EAB}.job

[2010-11-20 00:41:00 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010-11-19 22:06:57 | 032,841,728 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb

[2010-11-19 22:06:55 | 013,773,824 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb

[2010-11-19 06:50:24 | 000,210,432 | ---- | M] () -- C:\Documents and Settings\MicroC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-11-17 20:56:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010-11-15 22:56:45 | 000,002,593 | ---- | M] () -- C:\Documents and Settings\MicroC\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk

[2010-11-15 17:37:05 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Orbit.lnk

[2010-11-15 17:36:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-11-15 17:35:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-11-15 15:21:44 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\MicroC\Bureau\HijackThis.lnk

[2010-11-15 15:21:41 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\MicroC\Bureau\HJTInstall.exe

[2010-11-15 15:09:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010-11-15 15:01:48 | 000,000,328 | RHS- | M] () -- C:\boot.ini

[2010-11-15 14:53:39 | 003,910,081 | R--- | M] () -- C:\Documents and Settings\MicroC\Bureau\Nogash.exe

[2010-11-13 11:05:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\MicroC\Bureau\Raccourci vers nath.lnk

[2010-11-10 13:46:40 | 000,001,837 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk

[2010-11-10 13:46:40 | 000,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Kodak EasyShare.lnk

[2010-11-09 16:26:05 | 002,184,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-11-08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe

[2010-11-07 18:33:16 | 016,906,636 | ---- | M] () -- C:\Documents and Settings\MicroC\Bureau\PAC_Catalog_SkiDoo.pdf

[2010-11-07 11:44:33 | 000,001,268 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Encore plus de jeux.lnk

[2010-10-31 10:01:45 | 000,020,718 | ---- | M] () -- C:\Documents and Settings\MicroC\Mes documents\Quelques moyens de prévenir les vaginites.docx

[2010-10-29 15:18:54 | 003,550,575 | ---- | M] () -- C:\Documents and Settings\MicroC\Bureau\MagixVEHD-MP.rar

[2010-10-28 17:57:43 | 000,921,624 | ---- | M] () -- C:\img2-001.raw

[2010-10-28 17:32:07 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk

[2010-10-26 16:44:23 | 000,012,821 | ---- | M] () -- C:\Documents and Settings\MicroC\Mes documents\OFFRE D'ACHAT.docx

[2010-10-24 10:52:30 | 000,240,124 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010-10-24 10:52:30 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010-11-20 10:46:15 | 000,869,086 | ---- | C] () -- C:\Documents and Settings\MicroC\Bureau\SecurityCheck.exe

[2010-11-15 15:21:44 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\MicroC\Bureau\HijackThis.lnk

[2010-11-13 11:05:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\MicroC\Bureau\Raccourci vers nath.lnk

[2010-11-10 14:45:05 | 032,841,728 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb

[2010-11-10 14:45:05 | 013,773,824 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb

[2010-11-10 13:46:40 | 000,001,837 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk

[2010-11-10 13:46:40 | 000,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Kodak EasyShare.lnk

[2010-11-07 18:33:16 | 016,906,636 | ---- | C] () -- C:\Documents and Settings\MicroC\Bureau\PAC_Catalog_SkiDoo.pdf

[2010-11-07 11:44:33 | 000,001,268 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Encore plus de jeux.lnk

[2010-10-31 10:01:45 | 000,020,718 | ---- | C] () -- C:\Documents and Settings\MicroC\Mes documents\Quelques moyens de prévenir les vaginites.docx

[2010-10-29 15:18:54 | 003,550,575 | ---- | C] () -- C:\Documents and Settings\MicroC\Bureau\MagixVEHD-MP.rar

[2010-10-26 16:44:23 | 000,012,821 | ---- | C] () -- C:\Documents and Settings\MicroC\Mes documents\OFFRE D'ACHAT.docx

[2010-10-03 18:33:47 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2010-06-23 02:18:13 | 000,935,440 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010-02-20 11:00:41 | 000,002,816 | ---- | C] () -- C:\WINDOWS\lsrslt.ini

[2010-01-06 15:38:26 | 000,000,108 | ---- | C] () -- C:\WINDOWS\Antidote7.ini

[2009-11-28 22:34:06 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI

[2009-09-27 09:45:36 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2009-06-26 16:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini

[2009-05-07 18:02:29 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\MicroC\Application Data\pcouffin.log

[2009-05-07 18:02:25 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\MicroC\Application Data\pcouffin.cat

[2009-05-07 18:02:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\MicroC\Application Data\pcouffin.inf

[2009-02-18 19:20:24 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\Tracer.dll

[2009-02-18 19:20:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SheriffNet.dll

[2009-01-23 18:47:45 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2009-01-23 18:47:44 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009-01-07 16:01:09 | 000,004,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2008-12-21 18:25:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2008-12-09 20:50:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008-10-16 20:36:29 | 000,210,432 | ---- | C] () -- C:\Documents and Settings\MicroC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-10-03 17:04:10 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2008-10-02 17:29:17 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2008-09-30 22:32:55 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2008-09-30 22:32:55 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2008-09-30 22:32:53 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2008-09-30 22:32:53 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2008-09-30 22:22:19 | 000,031,291 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2008-09-30 22:22:09 | 000,030,985 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2008-09-30 22:22:08 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2008-09-30 22:22:01 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2008-09-30 16:57:07 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008-09-30 13:26:26 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\MicroC\Local Settings\Application Data\fusioncache.dat

[2008-09-30 12:03:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini

[2008-04-13 14:33:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2008-01-03 09:26:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll-nv2734

[2007-08-15 03:22:00 | 000,298,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\yk51x86.sys

[2004-01-27 07:13:02 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2010-11-15 15:45:53 | 000,013,435 | ---- | M] () -- C:\2010-11-15 - hijackthis.txt

[2008-09-30 22:05:25 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010-03-04 19:11:34 | 000,000,283 | ---- | M] () -- C:\Boot.bak

[2010-11-15 15:01:48 | 000,000,328 | RHS- | M] () -- C:\boot.ini

[2008-04-14 07:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2004-08-03 23:00:08 | 000,263,488 | RHS- | M] () -- C:\cmldr

[2010-11-15 15:11:35 | 000,169,501 | ---- | M] () -- C:\ComboFix.txt

[2008-09-30 22:05:25 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2010-04-18 18:49:53 | 000,001,200 | ---- | M] () -- C:\FindyKill_Upload_Me_NATHALIE.zip

[2004-02-06 17:19:02 | 000,016,384 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll

[2010-10-28 17:57:43 | 000,921,624 | ---- | M] () -- C:\img2-001.raw

[2008-09-30 22:05:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010-11-15 17:33:18 | 000,001,463 | ---- | M] () -- C:\mbam-log-2010-11-15 (17-32-57).txt

[2008-09-30 22:05:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008-04-14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008-04-14 07:00:00 | 000,252,240 | RHS- | M] () -- C:\ntldr

[2010-11-15 17:35:25 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2009-04-07 20:52:52 | 000,016,900 | ---- | M] () -- C:\Player Loader_log.txt

[2010-11-15 17:36:21 | 000,000,526 | ---- | M] () -- C:\RTHDCPL_Dump.txt

[2010-03-04 16:29:46 | 000,014,402 | ---- | M] () -- C:\SAFEBOOT_REPAIR.TXT

[2010-03-06 09:07:35 | 164,663,746 | ---- | M] () -- C:\Sauv.reg

[2010-03-06 09:08:44 | 000,001,652 | ---- | M] () -- C:\TCleaner.txt

[2010-06-29 22:38:54 | 000,000,668 | ---- | M] () -- C:\tintii.8bf.lnk

[2009-11-07 11:30:02 | 000,000,315 | R--- | M] () -- C:\YukonInstall.log

[2010-07-06 17:56:36 | 000,001,344 | ---- | M] () -- C:\_Sid.txt

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2010-03-04 13:55:18 | 004,337,664 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2010-03-04 18:10:48 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav

[2010-03-04 13:55:18 | 045,785,088 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2010-03-04 13:55:18 | 005,767,168 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

 

< %systemroot%\system32\drivers\*.sys /90 >

[2010-10-08 03:30:00 | 009,587,776 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys

[2010-08-26 08:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870649A4

@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DC0B1070

@Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3

@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6C6EB3B

@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA18D4E3

@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5

@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA1919C7

@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC30FDA5

@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3651A580

@Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CE15176

@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BFA43EB

@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C48A983C

@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5584049

@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:206470A5

@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71612023

@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6247E766

@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB

@Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECFD9449

@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DAB09BDB

@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8D58038

@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:008586AE

@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9742C5DF

@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69AF9D20

@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84

@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88A44CC1

@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F

@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1

@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5197985B

@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B2B96C

@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:737160C1

@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449

@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAF954B6

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAF8DAC8

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9FAC3AB

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA0CE093

@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF0C5444

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C76CFF82

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EC5D66C

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91DEEE71

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8F070C2

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AABCC5A7

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F52A6209

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83

 

< End of report >

Modifié le 20 novembre 2010 par Cabotine

[Cabotine]

Extra :

OTL Extras logfile created on: 2010-11-20 10:50:20 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\MicroC\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free

5,00 Gb Paging File | 4,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465,75 Gb Total Space | 315,61 Gb Free Space | 67,76% Space Free | Partition Type: NTFS

Drive E: | 465,76 Gb Total Space | 358,64 Gb Free Space | 77,00% Space Free | Partition Type: NTFS

Drive G: | 614,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Drive H: | 930,86 Gb Total Space | 792,86 Gb Free Space | 85,18% Space Free | Partition Type: NTFS

Drive K: | 149,05 Gb Total Space | 61,87 Gb Free Space | 41,51% Space Free | Partition Type: NTFS

 

Computer Name: NATHALIE | User Name: MicroC | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"48113:TCP" = 48113:TCP:LocalSubNet:Disabled:maconfig_tcp

"48113:UDP" = 48113:UDP:LocalSubNet:Disabled:maconfig_udp

"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)

"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)

"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)

"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)

"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe" = C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:*:Disabled:ANNO 1404 -- (Related Designs)

"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Disabled:ANNO 1404 Web -- ()

"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Disabled:maconfservice -- (CybelSoft)

"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18754BA4-4F0C-4E6E-888B-9496AFA05F43}" = Ma-Config.com

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare

"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{236BB7C4-4419-42FD-040C-1E257A25E34D}" = Adobe Photoshop CS2

"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland

"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 18

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite

"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics

"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404

"{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA

"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload

"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore

"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg

"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update

"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer

"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{56CDB4FE-895F-4E0D-8BB4-9A8D4310898D}" = Antidote HD

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext

"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{6530EB5E-F2BE-45D3-906B-E4AFFF2D1588}" = Gestionnaire de périphériques de Windows Live

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger

"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0

"{787414B3-146E-E8C9-55AD-1DC5C1171033}" = Nero 7 Ultra Edition

"{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb

"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes

"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer

"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007

"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007

"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007

"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007

"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0122-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse

"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1

"{9901E703-D169-7139-1EA3-11AA788D09E6}" = EA Download Manager UI

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack

"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects

"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen

"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2

"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan

"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Utilitaire d'identification du processeur Intel®

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook

"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B1BFDF6B-3C03-46fe-B5D7-BABB0063D8E0}" = pdfforge Toolbar v4.1

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 260.89

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 260.89

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Logiciel système PhysX 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc

"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation

"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director

"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Les Sims™ 3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar

"{CADDE354-C78C-46CB-A006-E2B178EFC271}" = Rise Of Legends

"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Logiciel Kodak EasyShare

"{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental

"{D7E7EC5E-4349-4E40-B37C-4342188B86EC}" = Monopoly

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page

"{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help

"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0

"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm

"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK

"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations

"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg

"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar

"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS

"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock

"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour

"3ivx D4 4.5.1 Decoder" = 3ivx D4 4.5.1 Decoder (remove only)

"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-040C-1E257A25E34D}" = Adobe Photoshop CS2

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BFGC" = Big Fish Games: Game Manager

"c1f2d82e6b4cd05da5a97014ef736eab-1829576157" = Healing Rhythms

"CCleaner" = CCleaner

"Christmas 3D Screensaver_is1" = Christmas 3D Screensaver 1.0

"CobBackup9" = Cobian Backup 9

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI

"Discovery 3D Screensaver_is1" = Discovery 3D Screensaver 1.1

"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.2.2

"Elixiris" = Elixiris

"Fantasy Moon 3D Screensaver_is1" = Fantasy Moon 3D Screensaver 1.3

"Fireplace 3D Screensaver_is1" = Fireplace 3D Screensaver 1.0

"FormatFactory" = FormatFactory 2.20

"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.81

"Free Video Converter_is1" = Free Video Converter V 2.8

"Halloween 3D Screensaver_is1" = Halloween 3D Screensaver 1.1

"HijackThis" = HijackThis 2.0.2

"HP Photo & Imaging" = HP Image Zone 4.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}" = Rise Of Legends

"IrfanView" = IrfanView (remove only)

"Koi Fish 3D Screensaver_is1" = Koi Fish 3D Screensaver 1.0

"Lagoon 3D Screensaver_is1" = Lagoon 3D Screensaver 1.0

"LimeWire" = LimeWire 5.5.8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Marvell Miniport Driver" = Marvell Miniport Driver

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"mv61xxDriver" = marvell 61xx

"Nature 3D Screensaver_is1" = Nature 3D Screensaver 1.1

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"Orbit_is1" = Orbit Downloader

"Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0

"Photo To Sketch_is1" = Photo To Sketch 3.51

"PosteRazor_is1" = PosteRazor

"PROPLUS" = Microsoft Office Professional Plus 2007

"SeaStorm 3D Screensaver_is1" = SeaStorm 3D Screensaver 1.5

"Spirit of Fire 3D Screensaver_is1" = Spirit of Fire 3D Screensaver 2.4

"tintii" = indii.org/tintii

"UltraISO_is1" = UltraISO Premium V9.36

"uTorrent" = µTorrent

"Vérification Internet" = Vérification Internet

"VLC media player" = VLC media player 1.0.3

"Watermill 3D Screensaver_is1" = Watermill 3D Screensaver 2.0

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Lecteur Windows Media 11

"WinGimp-2.0_is1" = GIMP 2.6.6

"WinLiveSuite_Wave3" = Installation Windows Live

"WinRAR archiver" = Archiveur WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XRECODE_is1" = XRECODE

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"CopyTrans Suite" = CopyTrans Suite désinstallation uniquement

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2010-10-06 16:27:49 | Computer Name = NATHALIE | Source = Application Hang | ID = 1002

Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

 

Error - 2010-10-18 22:48:01 | Computer Name = NATHALIE | Source = NVIDIA OpenGL Driver | ID = 1

Description = NVIDIA display driver files from different (incompatible) versions

of the driver have been detected. NVIDIA OpenGL acceleration is disabled in order

to maintain system stability. To resolve this problem, update the NVIDIA display

driver. The latest driver is available at Welcome to NVIDIA - World Leader in Visual Computing Technologies Error code: 5

 

Error - 2010-10-18 22:48:07 | Computer Name = NATHALIE | Source = NVIDIA OpenGL Driver | ID = 1

Description = NVIDIA display driver files from different (incompatible) versions

of the driver have been detected. NVIDIA OpenGL acceleration is disabled in order

to maintain system stability. To resolve this problem, update the NVIDIA display

driver. The latest driver is available at Welcome to NVIDIA - World Leader in Visual Computing Technologies Error code: 5

 

Error - 2010-10-26 16:45:24 | Computer Name = NATHALIE | Source = Application Hang | ID = 1002

Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

 

Error - 2010-11-06 23:01:40 | Computer Name = NATHALIE | Source = Application Hang | ID = 1002

Description = Application bloquée Redrum 2 - Time Lies.exe, version 1.0.0.0, module

bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

 

Error - 2010-11-15 23:56:50 | Computer Name = NATHALIE | Source = Microsoft Office 12 | ID = 2001

Description = Rejected Safe Mode action : Microsoft Office Word.

 

Error - 2010-11-17 19:16:03 | Computer Name = NATHALIE | Source = MsiInstaller | ID = 11706

Description = Produit : Adobe Acrobat 7.0 Professional - English, Français, Deutsch

-- Erreur 1706. Package d'installation pour le produit Adobe Acrobat 7.0 Professional

- English, Français, Deutsch introuvable. Réessayez d'exécuter Windows Installer

avec un package d'installation valide AcroPro.msi.

 

Error - 2010-11-19 23:00:48 | Computer Name = NATHALIE | Source = Application Hang | ID = 1002

Description = Application bloquée Photoshop.exe, version 9.0.2.0, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

 

Error - 2010-11-20 10:54:12 | Computer Name = NATHALIE | Source = MsiInstaller | ID = 11706

Description = Produit : Adobe Acrobat 7.0 Professional - English, Français, Deutsch

-- Erreur 1706. Package d'installation pour le produit Adobe Acrobat 7.0 Professional

- English, Français, Deutsch introuvable. Réessayez d'exécuter Windows Installer

avec un package d'installation valide AcroPro.msi.

 

Error - 2010-11-20 10:54:26 | Computer Name = NATHALIE | Source = MsiInstaller | ID = 11706

Description = Produit : Adobe Acrobat 7.0 Professional - English, Français, Deutsch

-- Erreur 1706. Package d'installation pour le produit Adobe Acrobat 7.0 Professional

- English, Français, Deutsch introuvable. Réessayez d'exécuter Windows Installer

avec un package d'installation valide AcroPro.msi.

 

[ OSession Events ]

Error - 2009-11-19 18:55:10 | Computer Name = NATHALIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 750

seconds with 240 seconds of active time. This session ended with a crash.

 

Error - 2010-02-04 11:22:15 | Computer Name = NATHALIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2010-02-10 19:55:33 | Computer Name = NATHALIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2010-02-15 10:26:25 | Computer Name = NATHALIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2010-02-15 10:26:38 | Computer Name = NATHALIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2010-02-15 20:51:51 | Computer Name = NATHALIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2010-02-16 11:19:53 | Computer Name = NATHALIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2010-03-07 00:26:48 | Computer Name = NATHALIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2010-06-24 16:11:05 | Computer Name = NATHALIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2010-07-04 21:11:10 | Computer Name = NATHALIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12

seconds with 0 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 2010-11-15 13:55:16 | Computer Name = NATHALIE | Source = Service Control Manager | ID = 7000

Description = Le service adfs n'a pas pu démarrer en raison de l'erreur : %%2

 

Error - 2010-11-15 13:55:17 | Computer Name = NATHALIE | Source = sptd | ID = 262148

Description = Le pilote a détecté une erreur interne dans ses structures de données

pour .

 

Error - 2010-11-15 13:56:38 | Computer Name = NATHALIE | Source = Service Control Manager | ID = 7022

Description = Le service MSCamSvc est en attente de démarrage.

 

Error - 2010-11-15 13:56:38 | Computer Name = NATHALIE | Source = Service Control Manager | ID = 7026

Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se

charger : sptd

 

 

< End of report >

[Cabotine]

Checkup :

Results of screen317's Security Check version 0.99.6

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Avira AntiVir Personal - Free Antivirus

Antivirus up to date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

CCleaner

Java 6 Update 18

Out of date Java installed!

Adobe Flash Player 10.0.45.2

Mozilla Firefox (3.6.9)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

 

``````````End of Log````````````

[lance_yien]

Bonjour,

 

OK pour les fichiers à faire analyser, on supprimera leur Services.

Tu peux coller le contenu des rapports sauf indications spécifiques (dans certains cas).

--

 

>>> Programmes à désinstaller depuis "Ajout/ Suppression de programmes" (si présents):

- LimeWire et tout autre programme P2P: (Lire attentivement Le danger des P2P). Les programmes suivants sont réputés pour avoir des fonctionnalités spyware et modifier certains paramètres sont demander l'avis de l'utilisateur.

- Search Settings

- Spigot

- pdfforge Toolbar

- Application Updater

 

>>> OTL: Lancer OTL et copier la liste suivante (commençant par :OTL) et la coller dans l'espace sous "Personnalisation".

 

:OTL

PRC - [2010-10-22 16:47:26 | 000,524,288 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe

PRC - [2010-10-22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\jfljamwo.sys -- (pytg)

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\rfhoaxd.sys -- (ntfscx)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (InCDRm)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass)

DRV - File not found [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDFs)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MicroC\LOCALS~1\Temp\catchme.sys -- (catchme)

IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012

FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live CA-EN Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2535290&SearchSource=13"

FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2

FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&q="

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)

O4 - HKLM..\Run: [] File not found

O4 - Startup: C:\Documents and Settings\MicroC\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870649A4

@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DC0B1070

@Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3

@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6C6EB3B

@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA18D4E3

@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5

@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA1919C7

@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC30FDA5

@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3651A580

@Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CE15176

@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BFA43EB

@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C48A983C

@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5584049

@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:206470A5

@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71612023

@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6247E766

@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB

@Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECFD9449

@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DAB09BDB

@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8D58038

@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:008586AE

@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9742C5DF

@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69AF9D20

@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84

@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88A44CC1

@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F

@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1

@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5197985B

@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B2B96C

@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:737160C1

@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449

@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAF954B6

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAF8DAC8

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9FAC3AB

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA0CE093

@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF0C5444

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C76CFF82

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EC5D66C

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91DEEE71

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8F070C2

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AABCC5A7

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F52A6209

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83

 

:Services

pytg

ntfscx

MRESP50a64

MREMP50a64

InCDRm

InCDPass

InCDFs

catchme

 

:Reg

 

:Files

C:\Documents and Settings\MicroC\Application Data\Search Settings

C:\Program Files\Fichiers communs\Spigot

C:\Program Files\pdfforge Toolbar

C:\Program Files\Application Updater

C:\UsbFix

C:\Program Files\LimeWire

/MD5START

wuauclt.exe

explorer.exe

/MD5STOP

 

:Commands

[EMPTYTEMP]

[REBOOT]

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme vous demandera de redémarrer la machine pour finir le processus, cliquer sur Oui.

A la fin un rapport s'ouvre dans le bloc-note. Copier tout son contenu et le coller dans ta prochaine réponse. Fermer le rapport et OTL.

 

- As-tu encore des soucis quelconques?

- As-tu le CD/DVD d'installation de Windows ou une partition de recouvrement (pour réparer certains fichiers système si nécessaire)?.