Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

virus win 32

mrtatou

Par mrtatou
dans Analyses et éradication malwares

 Partager

Messages recommandés

mrtatou Power Member

mrtatou

Posté(e)
Posté(e)

Voila , j'ai passé un scan avec kasperspy remoove tools sur un pc equipé de windows xp donc voici le rapport, j'ai comme l'impression qu'il n'a pas put supprime le trojan win32 generic:

 

Analyse automatique: terminée : il y a 1 heure (évênements : 21, objets : 1019473, durée : 16:30:39)

22/11/2010 20:19:15 Supprimés: Trojan-Dropper.Win32.TDSS.jpx C:\Documents and Settings\Mathieu\Local Settings\Temp\1C8.tmp

22/11/2010 20:19:12 Supprimés: Trojan-Dropper.Win32.TDSS.jpx C:\Documents and Settings\Mathieu\Local Settings\Temp\1CA.tmp

22/11/2010 20:19:08 Supprimés: Trojan-Dropper.Win32.TDSS.jpx C:\Documents and Settings\Mathieu\Local Settings\Temp\1C6.tmp

22/11/2010 20:18:20 Supprimés: Trojan-Downloader.Java.Agent.hf C:\Documents and Settings\Mathieu\Application Data\Sun\Java\Deployment\cache\6.0\13\1b4f7dcd-544b2686/JavaUpdateManager.class

22/11/2010 20:18:21 Supprimés: Exploit.Java.Agent.du C:\Documents and Settings\Mathieu\Application Data\Sun\Java\Deployment\cache\6.0\53\7fa50935-450791d5/vmain.class

22/11/2010 20:18:20 Supprimés: Exploit.Java.Agent.dm C:\Documents and Settings\Mathieu\Application Data\Sun\Java\Deployment\cache\6.0\13\1b4f7dcd-544b2686/JavaUpdateApplication.class

23/11/2010 08:39:36 Réparés: Virus.Win32.TDSS.b C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP60\A0040205.sys

23/11/2010 08:39:36 Réparés: Virus.Win32.TDSS.b C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP60\A0040205.sys

23/11/2010 00:02:25 Réparés: Virus.Win32.TDSS.b C:\WINDOWS\system32\drivers\afd.sys

23/11/2010 00:02:19 Réparés: Virus.Win32.TDSS.b C:\WINDOWS\system32\drivers\afd.sys

22/11/2010 17:29:26 Lancement de la tâche

23/11/2010 10:00:05 Fin de la tâche

23/11/2010 08:39:34 Détectés: Virus.Win32.TDSS.b C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP60\A0040205.sys

23/11/2010 00:02:11 Détectés: Virus.Win32.TDSS.b C:\WINDOWS\system32\drivers\afd.sys

22/11/2010 20:18:54 Détectés: Trojan-Dropper.Win32.TDSS.jpx C:\Documents and Settings\Mathieu\Local Settings\Temp\1CA.tmp

22/11/2010 20:18:54 Détectés: Trojan-Dropper.Win32.TDSS.jpx C:\Documents and Settings\Mathieu\Local Settings\Temp\1C8.tmp

22/11/2010 20:18:54 Détectés: Trojan-Dropper.Win32.TDSS.jpx C:\Documents and Settings\Mathieu\Local Settings\Temp\1C6.tmp

22/11/2010 20:18:20 Détectés: Trojan-Downloader.Java.Agent.hf C:\Documents and Settings\Mathieu\Application Data\Sun\Java\Deployment\cache\6.0\13\1b4f7dcd-544b2686/JavaUpdateManager.class

23/11/2010 00:04:53 Détectés: HEUR:Trojan.Win32.Generic C:\WINDOWS\Temp\mpec\setup.exe/UPX

22/11/2010 20:18:19 Détectés: Exploit.Java.Agent.du C:\Documents and Settings\Mathieu\Application Data\Sun\Java\Deployment\cache\6.0\53\7fa50935-450791d5/vmain.class

22/11/2010 20:18:19 Détectés: Exploit.Java.Agent.dm C:\Documents and Settings\Mathieu\Application Data\Sun\Java\Deployment\cache\6.0\13\1b4f7dcd-544b2686/JavaUpdateApplication.class

bernard53 Godlike Member

bernard53

Posté(e)
Posté(e)

Bonjour

 

Effectivement tu as encore des intrus.

 

fait ceci dans cet ordre s.t.p

 

 

Télécharge >> TFC.exe << impérativement sur ton bureau

 

Ferme tous les programmes en cour de fonctionnement...

 

Valide START pour lancer TFC

 

Une demande va apparaitre pour te demander de redémarrer ton pc, cliques sur "YES" et laisse faire TFC.

 

 

Ensuite ceci::

 

Télécharge TDSSKiller ici puis fait un passage.

 

How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?

 

 

ensuite ceci .

 

* Télécharge >> OTL <<sur ton bureau.

 

* Fait un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

 

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

 

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal " soit cochée.

 

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL " Personnalisation"

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

vstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "Analyse" (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.

Cijoint.fr - Service gratuit de dépôt de fichiers

mrtatou Power Member

mrtatou

Posté(e)
  • Auteur
Posté(e)

ok je vais lancer tout ca, pour le moment j'ai lancé un scan minutieux avec malwarebyte's, peut etre faudrait il attendre la fin non?

Que me reste -t-il comme virus d'apres vous? juste le trojan win32 generic non?

mrtatou Power Member

mrtatou

Posté(e)
  • Auteur
Posté(e)

voila le log de malaware's bytes:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 5174

 

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

 

23/11/2010 14:36:24

mbam-log-2010-11-23 (14-36-24).txt

 

Type d'examen: Examen complet (C:\|D:\|)

Elément(s) analysé(s): 389838

Temps écoulé: 2 heure(s), 27 minute(s), 49 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 4

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mathieu\Local Settings\Temp\utt139.tmp.exe (Trojan.Pakes) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mathieu\Local Settings\Temp\pdfupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mathieu\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

 

 

Sinon TDSSKiller n'a rien trouvé lui...

Là, j'attends le rapport de OTL.

mrtatou Power Member

mrtatou

Posté(e)
  • Auteur
Posté(e)

voila les rapports d'OTL:

OTL Extras logfile created on: 23/11/2010 15:18:48 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Famille Sonnet\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 220,87 Gb Total Space | 40,82 Gb Free Space | 18,48% Space Free | Partition Type: NTFS

Drive D: | 12,00 Gb Total Space | 7,97 Gb Free Space | 66,41% Space Free | Partition Type: NTFS

Drive K: | 3,73 Gb Total Space | 1,00 Gb Free Space | 26,90% Space Free | Partition Type: FAT32

 

Computer Name: HP20881221992 | User Name: Famille Sonnet | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Virtual Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)

"C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype\Skype.exe" = C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe" = C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)

"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Disabled:Age of Empires II Expansion -- (Microsoft Corporation)

"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe" = C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Disabled:Microsoft Flight Simulator -- (Microsoft Corporation)

"C:\Program Files\EA GAMES\MOHDA\moh_Breakthrough.exe" = C:\Program Files\EA GAMES\MOHDA\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault Breakthrough -- (Electronic Arts Inc.)

"C:\Program Files\EA GAMES\MOHDA\moh_spearhead.exe" = C:\Program Files\EA GAMES\MOHDA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault Spearhead -- (Electronic Arts Inc.)

"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)

"C:\Program Files\EA GAMES\MOHDA\MOHAA.exe" = C:\Program Files\EA GAMES\MOHDA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault -- (Electronic Arts Inc.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FDE56E-F241-4974-A91F-F772A732F5B6}" = Lockheed Martin C-130J-30 for FS2004

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution

"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor débarquement allié

"{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1

"{14200F59-A161-42D3-BC04-1EB7FA71187E}" = Saab 35 Draken jet fighter v3.1 FS2004

"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig

"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1A9DEF19-760C-4e01-958F-D9B8E6C61B90}" = c5100_Help

"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver

"{1C3BDDB9-4823-4E42-87EF-471856632534}" = Robin R2160 Alpha 160A for FS2004

"{1CA456D7-C35D-41FE-9718-BDFB48E06556}" = Cessena 414A Chancellor For FS2004

"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{20C3A767-D969-4332-BB61-FB131F533A56}" = Airbus A380 Air France FS2004

"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{258B0638-7E2B-4947-BE52-78FF591AF55E}" = Concorde Collection FS2004

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{27148014-3B0A-402B-8130-6B056357D12D}" = BitDefender Internet Security 2009

"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228

"{2F44EACA-B7C1-413C-8329-CF790619319C}" = Fairchild C-123 K Provider Package FS2004

"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone

"{3A7E75A0-A07D-47B0-A160-6877F1062A7B}" = Project Tupolev Tu-154m 2.03 for FS2004

"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager

"{402BAA01-FC85-4668-9085-8C182E3BBAD0}" = LOCKHEED MARTIN F-16 Fighting Falcon (VIPER) FS2004

"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{47BCFB80-563C-409B-B5BE-5232DA4FEC5E}" = La flotte Air France 1.0.4

"{4E2E6EEF-B81E-46B1-B130-0F673D24C579}" = Lockheed Constellation (Alphasim) FS2004

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{52407EC6-936E-44F3-831B-2BE500E00657}" = Fouga Zéphyr CM175 v1.1 FS2004

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{555D4A32-829C-4EEA-ACD7-FA497E5D28D8}" = Sikorsky Pavehawk UH-60 Blackhawk FS2004

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5FF98A0D-8F16-4ACC-B506-F22017AE8263}" = Aero Vodochody L159A FS2004

"{60CA6A6D-F98C-4A54-B27E-BF3E43AAEB82}" = Ciel Gestion Commerciale 12.40

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{66EF4249-9224-4833-8B9B-082BDD441E2F}" = Tupolev TU-144 complete package 2.0 FS2004

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Les Sims 2

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Débarquement allié En Formation

"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder

"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Altiris Software Virtualization Agent

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Débarquement Allié l'Offensive

"{82CFCC6A-795A-48F5-8035-57D409002391}" = Ready For Pushback Boeing 747-200v2 FS2004

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4

"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007

"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy

"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack

"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{B0981417-29EC-4551-9B3C-7E15AC098358}" = Shorts SD3-30 FS2004

"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig

"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner

"{B3B9BC18-2A09-4728-9B46-12E85FF3F628}" = C5100

"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour

"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config

"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update

"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C19362F1-0874-4172-8127-E14F49EFF507}" = Dassault Falcon 7X for FS2004

"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{C802A493-797C-4391-9738-E86A9B311726}" = Piaggio PD-808RM FS2004 V2.0

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.2

"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas

"{D5B35376-6F9E-47B3-A9F8-791824EBFE0D}" = Samsung PC Studio 3

"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live

"{DD696C83-E762-48BB-B77F-7948692F90EC}" = Sikorsky S-55 Whirlwind FS2004

"{E149E957-F289-45E3-8645-1794A173F5AB}" = Pacific Fighters

"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch

"{EA0029FC-E059-4C42-ADBE-8DBB064448FD}" = DeHavilland DHC8-300 Package for FS2004

"{EBF093E3-F425-4D48-9F22-E9FF2A0854C8}" = Bombardier Canadair CL-215 FS2004

"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1

"{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}" = VirginMega.Fr Premium

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC

"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F3DDB842-848E-4986-BF19-35691458A639}" = Boeing 7072 Orion Supersonic transport FSX

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer

"{ORAHSS}.UninstallSuite" = Connexion Internet Orange

"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Package de pilotes Windows - Nokia Modem (06/09/2010 4.5)

"504244733D18C8F63FF584AEB290E3904E791693" = Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Age of Empires 2.0" = Microsoft Age of Empires II

"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II : The Conquerors Expansion

"Airbus A300-600ST Beluga" = Airbus A300-600ST Beluga

"Airbus A380-800 Palestinian Airlines" = Airbus A380-800 Palestinian Airlines

"Antonov 225 Sovjet Space Agency MRIYA/DREAM" = Antonov 225 Sovjet Space Agency MRIYA/DREAM

"Antonov AN-124 Antonov Airlines" = Antonov AN-124 Antonov Airlines

"Avions Futur" = Avions Futur

"B-52D" = B-52D

"Boeing 767-400 House Colours" = Boeing 767-400 House Colours

"Bombardier CL-415" = Bombardier CL-415

"CCleaner" = CCleaner

"Clavier+_is1" = Clavier+ 10.6.1

"Dassault Mirage 5 and 5 Modernized" = Dassault Mirage 5 and 5 Modernized

"Dauphin 365F" = Dauphin 365F

"DivX Setup.divx.com" = Configuration DivX

"EEEE705096F837B7907659F100C9FE6DA001970F" = Package de pilotes Windows - Nokia Modem (06/09/2010 7.01.0.7)

"Eurocopter EC145 REGA" = Eurocopter EC145 REGA

"Eurocopter_EC-145_Gendarmerie_française" = Eurocopter_EC-145_Gendarmerie_française

"F-14d_Tomcat&Porte_avion" = F-14d_Tomcat&Porte_avion

"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 Un siècle d'aviation

"Foxit Reader" = Foxit Reader

"GameSpy Arcade" = GameSpy Arcade

"Google Chrome" = Google Chrome

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Document Viewer" = HP Document Viewer 7.0

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Photo & Imaging" = HP Photosmart Premier Software 6.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0

"HPExtendedCapabilities" = HP Customer Participation Program 7.0

"HPOCR" = OCR Software by I.R.I.S 7.0

"ie8" = Windows Internet Explorer 8

"InstallShield_{51F24145-A833-4BD5-AA38-AFC5268928E5}" = PF+FB+AEP

"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4

"InstallShield_{E149E957-F289-45E3-8645-1794A173F5AB}" = Pacific Fighters

"Jaguar" = Jaguar

"L-410 UVP-T" = L-410 UVP-T

"LFMLSHOW" = LFMLSHOW

"LimeWire" = LimeWire 5.3.6

"MailNotifier" = Notification Mail

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MiG-31 Firefox" = MiG-31 Firefox

"Mozilla Firefox (2.0.0.15)" = Mozilla Firefox (2.0.0.15)

"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"ndjamena" = ndjamena

"Nokia PC Suite" = Nokia PC Suite

"OrangeToolbarFR" = barre d'outils Orange

"PB4Y-2_Privateer" = PB4Y-2_Privateer

"PDF Complete" = PDF Complete

"Princess Juliana" = Princess Juliana

"rafale" = rafale

"RocketDock_is1" = RocketDock 1.3.5

"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"SEA KING HAR3A" = SEA KING HAR3A

"ShockwaveFlash" = Adobe Flash Player 9 ActiveX

"Shuttle Launch 06" = Shuttle Launch 06

"ST4UNST #1" = LeTraducteur

"ST4UNST #2" = LeTraducteur (C:\Document\Mathieu\Mes docu\St Stani\Espagnol\)

"Stratojet Merlin" = Stratojet Merlin

"VLC media player" = VLC media player 1.0.1

"vmt_atlant_0GT" = vmt_atlant_0GT

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Lecteur Windows Media 11

"Windows XP Service" = Windows XP Service Pack 3

"WinRAR archiver" = Logiciel d'archivage WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{6D5D8D2B-16DC-4C2B-984C-88CF41FA9A86}" = Supermarine Spitfire Mk XIX FS2004 [Famille Sonnet]

"Alphajets Patrouille de France" = Alphajets Patrouille de France

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 19/11/2010 19:34:57 | Computer Name = HP20881221992 | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

Error - 20/11/2010 04:46:58 | Computer Name = HP20881221992 | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : The connection with the server was terminated abnormally

 

Error - 20/11/2010 04:46:58 | Computer Name = HP20881221992 | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

Error - 20/11/2010 05:15:59 | Computer Name = HP20881221992 | Source = Application Error | ID = 1000

Description = Application défaillante svchost.exe, version 5.1.2600.5512, module

défaillant ntdll.dll, version 5.1.2600.5755, adresse de défaillance 0x00023845.

 

Error - 22/11/2010 11:08:42 | Computer Name = HP20881221992 | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : The connection with the server was terminated abnormally

 

Error - 22/11/2010 11:08:42 | Computer Name = HP20881221992 | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

Error - 22/11/2010 11:24:04 | Computer Name = HP20881221992 | Source = Application Hang | ID = 1002

Description = Application bloquée firefox.exe, version 1.9.2.3951, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

 

Error - 22/11/2010 12:26:28 | Computer Name = HP20881221992 | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : The server name or address could not be resolved

 

Error - 22/11/2010 12:26:34 | Computer Name = HP20881221992 | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

Error - 22/11/2010 12:26:37 | Computer Name = HP20881221992 | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

[ OSession Events ]

Error - 28/02/2010 08:03:12 | Computer Name = HP20881221992 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7796

seconds with 120 seconds of active time. This session ended with a crash.

 

Error - 19/03/2010 15:27:42 | Computer Name = HP20881221992 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15292

seconds with 2040 seconds of active time. This session ended with a crash.

 

Error - 20/03/2010 18:26:50 | Computer Name = HP20881221992 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 49867

seconds with 540 seconds of active time. This session ended with a crash.

 

Error - 06/04/2010 15:51:35 | Computer Name = HP20881221992 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12472

seconds with 60 seconds of active time. This session ended with a crash.

 

Error - 16/04/2010 08:29:11 | Computer Name = HP20881221992 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15090

seconds with 480 seconds of active time. This session ended with a crash.

 

Error - 20/04/2010 10:58:47 | Computer Name = HP20881221992 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10399

seconds with 3120 seconds of active time. This session ended with a crash.

 

Error - 06/05/2010 09:27:13 | Computer Name = HP20881221992 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21461

seconds with 60 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 23/11/2010 07:07:15 | Computer Name = HP20881221992 | Source = Service Control Manager | ID = 7001

Description = Le service Client DNS dépend du service Pilote du protocole TCP/IP

qui n'a pas pu démarrer en raison de l'erreur : %%31

 

Error - 23/11/2010 07:07:15 | Computer Name = HP20881221992 | Source = Service Control Manager | ID = 7001

Description = Le service Assistance TCP/IP NetBIOS dépend du service AFD qui n'a

pas pu démarrer en raison de l'erreur : %%31

 

Error - 23/11/2010 07:07:15 | Computer Name = HP20881221992 | Source = Service Control Manager | ID = 7001

Description = Le service Apple Mobile Device dépend du service Pilote du protocole

TCP/IP qui n'a pas pu démarrer en raison de l'erreur : %%31

 

Error - 23/11/2010 07:07:15 | Computer Name = HP20881221992 | Source = Service Control Manager | ID = 7001

Description = Le service Service Bonjour dépend du service Pilote du protocole TCP/IP

qui n'a pas pu démarrer en raison de l'erreur : %%31

 

Error - 23/11/2010 07:07:15 | Computer Name = HP20881221992 | Source = Service Control Manager | ID = 7001

Description = Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas

pu démarrer en raison de l'erreur : %%31

 

Error - 23/11/2010 07:07:15 | Computer Name = HP20881221992 | Source = Service Control Manager | ID = 7026

Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se

charger : AFD bdftdif Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss StarOpen Tcpip

 

Error - 23/11/2010 07:24:14 | Computer Name = HP20881221992 | Source = DCOM | ID = 10005

Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc

avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 23/11/2010 07:24:17 | Computer Name = HP20881221992 | Source = DCOM | ID = 10005

Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman

avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}

 

Error - 23/11/2010 07:24:17 | Computer Name = HP20881221992 | Source = DCOM | ID = 10005

Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman

avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}

 

Error - 23/11/2010 09:36:46 | Computer Name = HP20881221992 | Source = DCOM | ID = 10005

Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem

avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

 

< End of report >

 

 

 

 

 

 

Le 2nd:

 

OTL logfile created on: 23/11/2010 15:18:48 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Famille Sonnet\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 220,87 Gb Total Space | 40,82 Gb Free Space | 18,48% Space Free | Partition Type: NTFS

Drive D: | 12,00 Gb Total Space | 7,97 Gb Free Space | 66,41% Space Free | Partition Type: NTFS

Drive K: | 3,73 Gb Total Space | 1,00 Gb Free Space | 26,90% Space Free | Partition Type: FAT32

 

Computer Name: HP20881221992 | User Name: Famille Sonnet | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Famille Sonnet\Bureau\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Documents and Settings\Famille Sonnet\Local Settings\Application Data\Clavier+\Clavier.exe (Guillaume Ryder (http://utilfr42.free.fr'>http://utilfr42.free.fr))

PRC - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)

PRC - C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)

PRC - C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe ()

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)

PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Orange\Connexion Internet Orange\Systray\SystrayApp.exe (France Telecom SA)

PRC - C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe (France Telecom SA)

PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)

PRC - C:\Program Files\Orange\Connexion Internet Orange\Connectivity\Corecom\OraConfigRecover.exe (France Telecom SA)

PRC - C:\Program Files\Orange\Connexion Internet Orange\Connectivity\Corecom\CoreCom.exe (France Telecom SA)

PRC - C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe (France Telecom SA)

PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe (France Telecom SA)

PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)

PRC - C:\Program Files\RocketDock\RocketDock.exe ()

PRC - C:\WINDOWS\SMINST\Scheduler.exe ()

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Famille Sonnet\Bureau\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\RocketDock\RocketDock.dll ()

MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)

SRV - (LIVESRV) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)

SRV - (scan) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)

SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (FTRTSVC) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)

SRV - (Arrakis3) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe ()

SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (VcommMgr) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys File not found

DRV - (VComm) -- C:\WINDOWS\System32\DRIVERS\VComm.sys File not found

DRV - (BT) -- C:\WINDOWS\System32\DRIVERS\btnetdrv.sys File not found

DRV - (AFD) -- C:\WINDOWS\System32\drivers\afd.sys ()

DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)

DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)

DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)

DRV - (Bdfndisf) -- C:\WINDOWS\system32\drivers\bdfndisf.sys (BitDefender LLC)

DRV - (bdftdif) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)

DRV - (btnetBUs) -- C:\WINDOWS\system32\drivers\btnetBus.sys ()

DRV - (BtHidBus) -- C:\WINDOWS\System32\Drivers\BtHidBus.sys (IVT Corporation.)

DRV - (PCAMPR5) -- C:\WINDOWS\system32\pcampr5.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (PCANDIS5) -- C:\WINDOWS\system32\pcandis5.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (IvtBtBUs) -- C:\WINDOWS\system32\drivers\IvtBtBus.sys (IVT Corporation.)

DRV - (Trufos) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)

DRV - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender S.R.L.)

DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)

DRV - (BDVEDISK) -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys (BitDefender S.R.L.)

DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)

DRV - (Profos) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys ()

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (FSLX) -- C:\WINDOWS\system32\drivers\fslx.sys (Altiris, Inc.)

DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)

DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()

DRV - (ssm_mdm) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys (MCCI)

DRV - (ssm_mdfl) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys (MCCI)

DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ssm_bus.sys (MCCI)

DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation)

DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation)

DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation)

DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation)

DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation)

DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation)

DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation)

DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation)

DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation)

DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation)

DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation)

DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)

DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation)

DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation)

DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation)

DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ac97intc) Service d'installation du pilote audio Intel® 82801 (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll ()

IE - HKCU\..\URLSearchHook: {AEEC3B59-CA98-4EBA-A140-57B94E283583} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.15\extensions\\Components: C:\Program Files\Virtual Firefox\components [2010/11/02 09:47:51 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.15\extensions\\Plugins: C:\Program Files\Virtual Firefox\plugins [2010/11/02 09:47:51 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2009/11/17 08:29:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{E6768F2A-D4C3-457D-A1A8-3472BF16267D}: C:\Program Files\Orange\ToolbarFR\FirefoxContainer\ [2010/06/16 16:58:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/11/03 20:30:27 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Virtual Firefox\components [2010/11/02 09:47:51 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Virtual Firefox\plugins [2010/11/02 09:47:51 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/10/16 08:48:16 | 000,000,000 | ---D | M]

 

[2009/10/16 19:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille Sonnet\Application Data\Mozilla\Extensions

[2010/11/19 10:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille Sonnet\Application Data\Mozilla\Firefox\Profiles\c593fvw5.default\extensions

[2010/09/24 11:48:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Famille Sonnet\Application Data\Mozilla\Firefox\Profiles\c593fvw5.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}

[2009/10/16 21:29:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Famille Sonnet\Application Data\Mozilla\Firefox\Profiles\c593fvw5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/09/15 17:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Famille Sonnet\Application Data\Mozilla\Firefox\Profiles\c593fvw5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/05/18 22:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille Sonnet\Application Data\Mozilla\Firefox\Profiles\c593fvw5.default\extensions\DivXWebPlayer@divx.com

[2010/09/24 11:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille Sonnet\Application Data\Mozilla\Firefox\Profiles\c593fvw5.default\extensions\staged-xpis

[2009/10/31 22:29:14 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\Famille Sonnet\Application Data\Mozilla\Firefox\Profiles\c593fvw5.default\searchplugins\recherche-de-vidos-youtube.xml

[2009/10/16 19:50:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/11/16 20:47:55 | 000,065,536 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll

 

O1 HOSTS File: ([2006/03/02 08:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)

O3 - HKLM\..\Toolbar: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (Orange)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (Orange)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [bDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)

O4 - HKLM..\Run: [bitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)

O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe (France Telecom SA)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()

O4 - HKLM..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()

O4 - HKLM..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)

O4 - HKCU..\Run: [Clavier+] C:\Documents and Settings\Famille Sonnet\Local Settings\Application Data\Clavier+\Clavier.exe (Guillaume Ryder (http://utilfr42.free.fr))

O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Famille Sonnet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Famille Sonnet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/11/23 15:16:30 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Famille Sonnet\Bureau\OTL.exe

[2010/11/23 14:58:27 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Famille Sonnet\Bureau\TFC.exe

[2010/11/23 11:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille Sonnet\Application Data\Malwarebytes

[2010/11/23 11:43:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/23 11:43:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/23 11:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/11/23 11:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/22 17:20:13 | 081,940,448 | ---- | C] ( ) -- C:\Documents and Settings\Famille Sonnet\Bureau\setup_9.0.0.722_27.10.2010_15-18.exe

[2010/11/22 16:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/11/22 16:16:37 | 000,000,000 | -HSD | C] -- C:\Recycled

[2010/11/16 22:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade

[2010/11/11 09:54:27 | 000,000,000 | ---D | C] -- C:\Données Ciel

[2010/11/11 09:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ciel

[2010/11/11 09:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Ciel

[2010/11/11 09:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ciel

[2010/11/11 09:21:50 | 000,171,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jit.dll

[2010/11/11 09:21:50 | 000,139,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaee.dll

[2010/11/11 09:21:50 | 000,046,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\setdebug.exe

[2010/11/11 09:21:49 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dx3j.dll

[2010/11/11 09:21:38 | 000,286,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vmhelper.dll

[2010/11/11 09:21:38 | 000,171,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wjview.exe

[2010/11/11 09:21:38 | 000,021,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjdbc10.dll

[2010/11/11 09:21:37 | 000,172,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jview.exe

[2010/11/11 09:21:37 | 000,154,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msawt.dll

[2010/11/11 09:21:36 | 000,404,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javart.dll

[2010/11/11 09:21:36 | 000,187,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javacypt.dll

[2010/11/11 09:21:36 | 000,063,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaprxy.dll

[2010/11/11 09:21:36 | 000,015,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jdbgmgr.exe

[2010/11/11 09:21:35 | 000,049,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clspack.exe

[2010/11/10 23:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple

[2010/11/04 19:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille Sonnet\Bureau\Gwen

[2010/11/03 20:42:18 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll

[2010/11/03 20:34:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille Sonnet\Application Data\PC Suite

[2010/11/03 20:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille Sonnet\Application Data\Nokia

[2010/11/03 20:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2010/11/03 20:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\PCSuite

[2010/11/03 20:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Nokia

[2010/11/03 20:30:09 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys

[2010/11/03 20:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution

[2010/11/03 20:29:00 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys

[2010/11/03 20:28:59 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys

[2010/11/03 20:28:58 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys

[2010/11/03 20:28:56 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll

[2010/11/03 20:28:56 | 000,662,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll

[2010/11/03 20:28:56 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys

[2010/11/03 20:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia

 

========== Files - Modified Within 30 Days ==========

 

[2010/11/23 15:17:06 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/23 15:15:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Famille Sonnet\Bureau\OTL.exe

[2010/11/23 15:11:49 | 000,000,439 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2010/11/23 15:11:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/23 15:11:29 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/23 15:11:23 | 2137,247,744 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/23 15:11:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/23 15:10:35 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin

[2010/11/23 15:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010/11/23 14:01:14 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Famille Sonnet\Bureau\TFC.exe

[2010/11/23 12:02:12 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Famille Sonnet\Bureau\Sans titre.bmp

[2010/11/23 11:50:45 | 000,510,742 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat

[2010/11/23 11:50:45 | 000,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/11/23 11:50:45 | 000,084,766 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat

[2010/11/23 11:50:45 | 000,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/11/23 11:50:34 | 000,000,212 | RHS- | M] () -- C:\boot.ini

[2010/11/23 11:43:51 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2010/11/23 00:02:25 | 000,138,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\afd.sys

[2010/11/22 16:24:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk

[2010/11/17 23:14:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/11/16 16:29:00 | 000,123,904 | ---- | M] () -- C:\Documents and Settings\Famille Sonnet\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/15 21:54:01 | 000,000,559 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml

[2010/11/11 10:24:13 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System32\CRUNX.BIN

[2010/11/11 09:24:45 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Ciel Gestion Commerciale.lnk

[2010/11/08 20:07:26 | 000,002,593 | ---- | M] () -- C:\Documents and Settings\Famille Sonnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk

[2010/11/08 18:58:37 | 000,002,547 | ---- | M] () -- C:\Documents and Settings\Famille Sonnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk

[2010/11/08 01:18:00 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk

[2010/11/03 20:42:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf

[2010/11/03 20:42:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2010/11/02 16:28:48 | 000,012,933 | ---- | M] () -- C:\Documents and Settings\Famille Sonnet\Mes documents\30 ans marco.docx

[2010/10/28 19:57:02 | 000,044,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\awxcteoq.sys

[2010/10/27 17:01:14 | 081,940,448 | ---- | M] ( ) -- C:\Documents and Settings\Famille Sonnet\Bureau\setup_9.0.0.722_27.10.2010_15-18.exe

[2010/10/26 14:40:04 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll

 

========== Files Created - No Company Name ==========

 

[2010/11/23 14:37:34 | 2137,247,744 | -HS- | C] () -- C:\hiberfil.sys

[2010/11/23 12:02:12 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Famille Sonnet\Bureau\Sans titre.bmp

[2010/11/23 11:43:51 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2010/11/22 16:24:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk

[2010/11/11 09:25:27 | 000,000,247 | ---- | C] () -- C:\WINDOWS\System32\CRUNX.BIN

[2010/11/11 09:22:12 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Ciel Gestion Commerciale.lnk

[2010/11/11 09:21:50 | 000,007,315 | ---- | C] () -- C:\WINDOWS\System32\javasup.vxd

[2010/11/11 09:21:49 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

[2010/11/11 09:21:39 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedon.reg

[2010/11/11 09:21:38 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedoff.reg

[2010/11/03 20:42:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf

[2010/11/03 20:42:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2010/11/02 16:28:47 | 000,012,933 | ---- | C] () -- C:\Documents and Settings\Famille Sonnet\Mes documents\30 ans marco.docx

[2010/10/28 16:01:14 | 000,044,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\awxcteoq.sys

[2010/09/29 15:11:22 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\Famille Sonnet\Local Settings\Application Data\X-Plane Installer.prf

[2010/09/29 13:54:45 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\Famille Sonnet\Local Settings\Application Data\x-plane_install.txt

[2010/04/21 19:11:42 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2010/04/21 19:11:42 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2010/04/02 15:27:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt

[2010/04/02 15:25:43 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2009/11/20 14:29:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI

[2009/11/02 11:55:21 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini

[2009/10/19 20:29:40 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2009/10/19 20:23:57 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2009/10/16 21:24:34 | 000,123,904 | ---- | C] () -- C:\Documents and Settings\Famille Sonnet\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/10/16 07:48:52 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Famille Sonnet\Local Settings\Application Data\fusioncache.dat

[2009/10/15 22:11:45 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll

[2009/10/15 22:04:45 | 000,000,986 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/10/15 11:09:53 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI

[2009/10/15 09:30:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/09/24 12:41:06 | 000,029,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys

[2008/10/09 15:31:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll

[2007/05/09 20:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll

[2006/05/08 17:21:30 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/04 07:14:16 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\afd.sys

[2001/07/07 02:00:00 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

[1997/06/14 09:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2006/03/02 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys

[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2009/10/16 14:15:01 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2009/10/16 14:15:01 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 

< MD5 for: AHCIX86.SYS >

[2007/10/26 13:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\ahcix86.sys

[2007/10/26 13:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\WINDOWS\DRIVERS\STORAGE\ahcix86.sys

 

< MD5 for: ATAPI.SYS >

[2006/03/02 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys

[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2009/10/16 14:15:01 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2009/10/16 14:15:01 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004/08/04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

 

< MD5 for: EVENTLOG.DLL >

[2004/08/20 00:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

[2009/01/20 18:16:14 | 000,001,536 | ---- | M] () MD5=58B81BFA8841E41639BDD81A7FEE2B8E -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll

 

< MD5 for: NETLOGON.DLL >

[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

[2004/08/20 00:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2009/02/06 19:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009/02/06 19:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

 

< MD5 for: NVGTS.SYS >

[2007/12/13 15:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\nvgts.sys

[2007/12/13 15:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\WINDOWS\DRIVERS\STORAGE\nvgts.sys

 

< MD5 for: SCECLI.DLL >

[2004/08/20 00:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< End of report >

bernard53 Godlike Member

bernard53

Posté(e)
Posté(e)

ok juste ceci pour la suite.

 

 

* Fait un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

 

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

 

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case " Rapport minimal" soit cochée.

 

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:OTL

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

:Files

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

 

:Commands

[emptytemp]

* Cliques sur l'icône Correction (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport s'ouvrir "OTL.Txt"

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.

Cijoint.fr - Service gratuit de dépôt de fichiers

 

 

ensuite fait analyser ce fichier car j'ai un doute dessus.

 

vas ici : VirusTotal - Free Online Virus, Malware and URL Scanner

Clique sur choisir un fichier et choisi ce dossier : C:\WINDOWS\System32\drivers\awxcteoq.sys

mrtatou Power Member

mrtatou

Posté(e)
  • Auteur
Posté(e)

bon virus total me dit que ce fichier a déjà été analysé par le passé, c'est le meme genre d'info d'info basique ....

voila pour le log sinon, tout semble bon,non? :

 

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.

Starting removal of ActiveX control Microsoft XML Parser for Java

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.

========== FILES ==========

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Famille Sonnet

->Temp folder emptied: 110393 bytes

->Temporary Internet Files folder emptied: 556588 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 3395393 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

 

User: Mathieu

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 483 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 4,00 mb

 

 

OTL by OldTimer - Version 3.2.17.3 log created on 11232010_220027

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...