Ralentsissement PC et pop-up intempestifs
Anthony
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
depuis environ une semaine, mon ordi "rame" : par exemple, lorsque je joue au seigneur des anneaux, le jeu est ralenti (déplacements, commandes), on lorsque je navigue sur internet (temps d'ouverture des fenêtres long).
De plus, un pop-up s'ouvre pratiquement à chaque fois que j'ouvre une nouvelle page.
Comme demandé, je vous joins les contenus de log.txt et info.txt.
Merci et bonnes fêtes.
Anthony
depuis environ une semaine, mon ordi "rame" : par exemple, lorsque je joue au seigneur des anneaux, le jeu est ralenti (déplacements, commandes), on lorsque je navigue sur internet (temps d'ouverture des fenêtres long).
De plus, un pop-up s'ouvre pratiquement à chaque fois que j'ouvre une nouvelle page.
Comme demandé, je vous joins les contenus de log.txt et info.txt.
Merci et bonnes fêtes.
Anthony
A voir également:
- Ralentsissement PC et pop-up intempestifs
- Reinitialiser pc - Guide
- Pop up mcafee - Accueil - Piratage
- Pc lent - Guide
- Test performance pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
13 réponses
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
▶ Télécharge :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
voici le rapport après scan :
Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3402
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11
21/12/2009 15:10:15
mbam-log-2009-12-21 (15-10-15).txt
Type de recherche: Examen rapide
Eléments examinés: 118838
Temps écoulé: 34 minute(s), 45 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3402
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11
21/12/2009 15:10:15
mbam-log-2009-12-21 (15-10-15).txt
Type de recherche: Examen rapide
Eléments examinés: 118838
Temps écoulé: 34 minute(s), 45 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
▶ Double clic sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:services
Boonty Games
:OTL
IE - HKU\S-1-5-21-1894360077-4071360050-4040625548-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} http://www.trendmicro.com/spyware-scan/as4web.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game10.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} https://www.ea.com/ea-studios/popcap (Reg Error: Key error.)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84964847
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"HP Software Update"=-
"NeroFilterCheck"=-
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=-
:files
C:\Documents and Settings\All Users\Application Data\118300.34
C:\Documents and Settings\All Users\Application Data\BOONTY
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:services
Boonty Games
:OTL
IE - HKU\S-1-5-21-1894360077-4071360050-4040625548-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} http://www.trendmicro.com/spyware-scan/as4web.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game10.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} https://www.ea.com/ea-studios/popcap (Reg Error: Key error.)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84964847
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"HP Software Update"=-
"NeroFilterCheck"=-
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=-
:files
C:\Documents and Settings\All Users\Application Data\118300.34
C:\Documents and Settings\All Users\Application Data\BOONTY
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
Voici le rapport :
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
========== SERVICES/DRIVERS ==========
Service Boonty Games stopped successfully!
Service Boonty Games deleted successfully!
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1894360077-4071360050-4040625548-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCDrProfiler deleted successfully.
Starting removal of ActiveX control {B1826A9F-4AA0-4510-BA77-9013E74E4B9B}
C:\WINDOWS\Downloaded Program Files\SpyMD.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}\ not found.
Starting removal of ActiveX control {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
C:\WINDOWS\Downloaded Program Files\ZylomGamesPlayer.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}\ not found.
Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
C:\WINDOWS\Downloaded Program Files\popcaploader.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwfile-8876480\ deleted successfully.
Invalid CLSID key: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:84964847 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\118300.34 moved successfully.
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BOONTY folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4562293 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10691580 bytes
User: HP_Propriétaire
->Temp folder emptied: 1607146 bytes
->Temporary Internet Files folder emptied: 3710653 bytes
->Java cache emptied: 2498789 bytes
User: LocalService
->Temp folder emptied: 115348 bytes
->Temporary Internet Files folder emptied: 13725401 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 795 bytes
%systemroot%\System32 .tmp files removed: 23017984 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23998041 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 80,00 mb
OTL by OldTimer - Version 3.1.19.0 log created on 12212009_165909
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat moved successfully.
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
========== SERVICES/DRIVERS ==========
Service Boonty Games stopped successfully!
Service Boonty Games deleted successfully!
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1894360077-4071360050-4040625548-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCDrProfiler deleted successfully.
Starting removal of ActiveX control {B1826A9F-4AA0-4510-BA77-9013E74E4B9B}
C:\WINDOWS\Downloaded Program Files\SpyMD.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}\ not found.
Starting removal of ActiveX control {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
C:\WINDOWS\Downloaded Program Files\ZylomGamesPlayer.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}\ not found.
Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
C:\WINDOWS\Downloaded Program Files\popcaploader.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwfile-8876480\ deleted successfully.
Invalid CLSID key: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:84964847 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\118300.34 moved successfully.
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BOONTY folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4562293 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10691580 bytes
User: HP_Propriétaire
->Temp folder emptied: 1607146 bytes
->Temporary Internet Files folder emptied: 3710653 bytes
->Java cache emptied: 2498789 bytes
User: LocalService
->Temp folder emptied: 115348 bytes
->Temporary Internet Files folder emptied: 13725401 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 795 bytes
%systemroot%\System32 .tmp files removed: 23017984 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23998041 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 80,00 mb
OTL by OldTimer - Version 3.1.19.0 log created on 12212009_165909
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat moved successfully.
Registry entries deleted on Reboot...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent
▶ Télécharge List&Kill'em et enregistre le sur ton bureau (car il est detecté a tort comme infection)
Il ne necessite pas d'installation
▶ Lien XP : dezippe-le , (clic droit/ extraire.....) puis double-clique pour le lancer
▶ Lien Vista/7 : clic droit "executer en temps qu'administrateur" pour le lancer
choisis la langue puis choisis l'option 1 = Mode Recherche
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
(si le premier lien ne fonctionne pas pour XP , Prends celui de Vista :</souline>
▶ Télécharge List&Kill'em et enregistre le sur ton bureau (car il est detecté a tort comme infection)
Il ne necessite pas d'installation
▶ Lien XP : dezippe-le , (clic droit/ extraire.....) puis double-clique pour le lancer
▶ Lien Vista/7 : clic droit "executer en temps qu'administrateur" pour le lancer
choisis la langue puis choisis l'option 1 = Mode Recherche
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
(si le premier lien ne fonctionne pas pour XP , Prends celui de Vista :</souline>
Voici le rapport :
List'em by g3n-h@ckm@n 1.1.5.2
Thx to Chiquitine29.....& CCM team
User : HP_Propriétaire (Administrateurs) # ANTHONY
Update on 14/12/2009 by g3n-h@ckm@n ::::: 00:00
Start at: 18:05:37 | 21/12/2009
Contact : g3n-h@ckm@n sur CCM
AMD Athlon(tm) 64 Processor 3500+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.11
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1351 [VPS 091221-0] 4.8.1351 [ (!) Disabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006
C:\ -> Disque fixe local | 180,45 Go (53,71 Go free) [HP_PAVILION] | NTFS
D:\ -> Disque fixe local | 5,84 Go (553,12 Mo free) [HP_RECOVERY] | FAT32
E:\ -> Disque CD-ROM | 4,2 Go (0 Mo free) [LOTRBFME2EP1] | UDF
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe 672
C:\WINDOWS\system32\csrss.exe 748
C:\WINDOWS\system32\winlogon.exe 776
C:\WINDOWS\system32\services.exe 820
C:\WINDOWS\system32\lsass.exe 832
C:\WINDOWS\system32\Ati2evxx.exe 984
C:\WINDOWS\system32\svchost.exe 1000
C:\WINDOWS\system32\svchost.exe 1088
C:\WINDOWS\System32\svchost.exe 1176
C:\WINDOWS\system32\svchost.exe 1240
C:\WINDOWS\system32\svchost.exe 1424
C:\WINDOWS\system32\Ati2evxx.exe 1540
C:\WINDOWS\Explorer.EXE 1644
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1672
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1756
C:\WINDOWS\system32\spoolsv.exe 224
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe 260
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe 308
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe 452
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe 460
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe 484
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 520
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 596
C:\WINDOWS\system32\ctfmon.exe 604
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe 632
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 652
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe 692
C:\PROGRA~1\Wanadoo\ComComp.exe 728
C:\Program Files\Messenger\msmsgs.exe 900
C:\WINDOWS\system32\svchost.exe 948
C:\PROGRA~1\Wanadoo\Toaster.exe 1140
C:\PROGRA~1\Wanadoo\Inactivity.exe 1148
C:\PROGRA~1\Wanadoo\PollingModule.exe 1160
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE 1208
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe 1452
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 1472
C:\WINDOWS\System32\FTRTSVC.exe 1460
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe 1816
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe 2052
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2148
C:\Program Files\Logitech\QuickCam10\COCIManager.exe 2700
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2888
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2972
C:\PROGRA~1\Wanadoo\Watch.exe 3924
C:\WINDOWS\System32\alg.exe 3940
C:\WINDOWS\System32\svchost.exe 3240
C:\HP\KBD\KBD.EXE 3664
C:\WINDOWS\ALCXMNTR.EXE 3920
C:\WINDOWS\system32\wuauclt.exe 2276
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe 1156
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 3872
c:\windows\system\hpsysdrv.exe 356
C:\WINDOWS\system32\svchost.exe 212
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe 3696
C:\Documents and Settings\HP_Propriétaire\Bureau\List_Kill'em.exe 3900
C:\WINDOWS\system32\cmd.exe 668
C:\WINDOWS\system32\wbem\wmiprvse.exe 1788
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\B7.tmp\pv.exe 3976
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WOOKIT REG_SZ C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
LDM REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HPHUPD08 REG_SZ c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
HPBootOp REG_SZ "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
OpwareSE2 REG_SZ "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
WOOWATCH REG_SZ C:\PROGRA~1\Wanadoo\Watch.exe
WOOTASKBARICON REG_SZ C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_BINARY 95000000
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BackupNoCDBurning REG_DWORD 0 (0x0)
HonorAutoRunSetting REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} REG_SZ AVG Anti-Spyware 7.5
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe REG_SZ C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema
C:\Program Files\CyberLink\PowerCinema\PCMService.exe REG_SZ C:\Program Files\CyberLink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Warcraft III\Warcraft III.exe REG_SZ C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\WINDOWS\system32\rundll32.exe REG_SZ C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL France
C:\Program Files\WINSOS\winsos.exe REG_SZ C:\Program Files\Winsos\winsos.exe:*:Enabled:Winsos
C:\Program Files\WINSOS\anti-spy.exe REG_SZ C:\Program Files\Winsos\anti-spy.exe:*:Enabled:anti-spy Winsos
C:\Program Files\WINSOS\help.exe REG_SZ C:\Program Files\Winsos\help.exe:*:Enabled:Winsos Help
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
C:\Program Files\Azureus\Azureus.exe REG_SZ C:\Program Files\Azureus\Azureus.exe:*:Disabled:Azureus
C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat REG_SZ C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:*:Enabled:La Bataille pour la Terre du Milieu(tm)
C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat REG_SZ C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:*:Enabled:La Bataille pour la Terre du Milieu ™ II
C:\Program Files\BitComet\BitComet.exe REG_SZ C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat REG_SZ C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:*:Enabled:LSDA, L'Avènement du Roi-sorcier™
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
J:\PES2009\Crack\pes2009.exe REG_SZ J:\PES2009\Crack\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\patchget.dat REG_SZ C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\patchget.dat:*:Enabled:patchgrabber
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
D:\Autorun.inf :
----------------
[AUTORUN]
ShellExecute=Info.exe protect.ed 480 480
E:\Autorun.inf :
----------------
[autorun]
open=Autorun.exe
Icon=LotRIcon.exe
Name=The Lord of the Rings, The Rise of the Witch-king
[Special]
Disk=1
ProductGuiID={B931FB80-537A-4600-00AD-AC5DEDB6C25B}
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
180 Go total, 53,71 Go libre (29%), 22% fragment‚ (fragmentation du fichier 43%)
Vous devriez d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\WINDOWS\System32\_psisdecd.dll
C:\WINDOWS\System32\404Fix.exe
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\WINDOWS\System32\drivers\Sonyhcp.dll
C:\WINDOWS\System32\dumphive.exe
C:\WINDOWS\System32\IEDFix.exe
C:\WINDOWS\System32\Process.exe
C:\WINDOWS\System32\ps2.bat
C:\WINDOWS\System32\SrchSTS.exe
C:\WINDOWS\System32\tmp.reg
C:\WINDOWS\System32\VACFix.exe
C:\WINDOWS\System32\VCCLSID.exe
C:\WINDOWS\System32\WS2Fix.exe
C:\WINDOWS\winstart.bat
C:\Documents and Settings\HP_Propri‚taire\Application Data\GDIPFONTCACHEV1.DAT
C:\Documents and Settings\HP_Propri‚taire\Application Data\wklnhst.dat
C:\Documents and Settings\HP_Propri‚taire\RefEdit.exd
¤¤¤¤¤¤¤¤¤¤ Keys :
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKLM\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}
================
Other infections
================
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 18:07:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:9a,0b,85,81,b3,a4,28,a9,ea,9c,83,35,61,c5,1e,0d,46,1f,6d,aa,a9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:9a,0b,85,81,b3,a4,28,a9,ea,9c,83,35,61,c5,1e,0d,46,1f,6d,aa,a9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:69cff75b
"s2"=dword:f8f26918
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:9a,0b,85,81,b3,a4,28,a9,ea,9c,83,35,61,c5,1e,0d,46,1f,6d,aa,a9,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
Programs
==========
Adobe
Ahead
Alcohol Soft
Alwil Software
AntivirusFirewall
ArcSoft
Atari
ATI Technologies
Canon
CCleaner
ComPlus Applications
EA GAMES
Electronic Arts
eMule
Fichiers communs
File Scanner Library (Spybot - Search & Destroy)
Google
Grisoft
Hewlett-Packard
HP
IEAK
InstallShield Installation Information
Internet Explorer
Inventel
Lavasoft
Logitech
LucasArts
Malwarebytes' Anti-Malware
Messenger
Microsoft
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft SQL Server
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Works
Misc. Support Library (Spybot - Search & Destroy)
Movie Maker
MSBuild
MSN
MSN Gaming Zone
MSN Messenger
MSXML 4.0
MSXML 6.0
Music Manager
muvee Technologies
NetMeeting
Online Services
Orange
ORKTools
Outlook Express
PC-Doctor 5 for Windows
PopCap Games
QuickTime
Real
Reference Assemblies
Samsung
ScanSoft
Services en ligne
Sonic
Sony Corporation
SpeedRam2
Spybot - Search & Destroy
SymplisIT
TeaTimer (Spybot - Search & Destroy)
Trend Micro
Uninstall Information
VideoLAN
Wanadoo
Warcraft III
Windows Live
Windows Live SkyDrive
Windows Live Toolbar
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
WinX DVD Author
xerox
Yahoo!
Zylom Games
============
Lecteur C:
============
8873da7dfb617edd09
Audio CD (E)
AUTOEXEC.BAT
BOOT.BAK
boot.ini
Bootfont.bin
CanonMP
cmdcons
cmldr
Config.Msi
CONFIG.SYS
Documents and Settings
Downloads
Drivers
hiberfil.sys
hp
IO.SYS
IPH.PH
Kill'em
List'em.txt
MSDOS.SYS
MSOCache
NTDETECT.COM
ntldr
pagefile.sys
playground.log
Program Files
Python22
RECYCLER
rsit
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmdata03.sqm
sqmdata04.sqm
sqmdata05.sqm
sqmdata06.sqm
sqmdata07.sqm
sqmdata08.sqm
sqmdata09.sqm
sqmdata10.sqm
sqmdata11.sqm
sqmdata12.sqm
sqmdata13.sqm
sqmdata14.sqm
sqmdata15.sqm
sqmdata16.sqm
sqmdata17.sqm
sqmdata18.sqm
sqmdata19.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
sqmnoopt03.sqm
sqmnoopt04.sqm
sqmnoopt05.sqm
sqmnoopt06.sqm
sqmnoopt07.sqm
sqmnoopt08.sqm
sqmnoopt09.sqm
sqmnoopt10.sqm
sqmnoopt11.sqm
sqmnoopt12.sqm
sqmnoopt13.sqm
sqmnoopt14.sqm
sqmnoopt15.sqm
sqmnoopt16.sqm
sqmnoopt17.sqm
sqmnoopt18.sqm
sqmnoopt19.sqm
System Volume Information
system.sav
temp
UNWISE.EXE
WINDOWS
_OTL
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
C:\Documents and Settings\HP_Propri‚taire\Mes documents\Anthony HAELEWYN\SmitfraudFix\o4Patch.exe
C:\Documents and Settings\HP_Propri‚taire\Mes documents\Jeux codes&crack\le seigneur des anneaux la bataille pour la terre du milieu 2 crack NoCd Keygen.rar
C:\Documents and Settings\HP_Propri‚taire\Mes documents\Jeux codes&crack\Warcraft_3_1.20c_NO-CD_Crack.rar
C:\hp\KBD\Install.exe
C:\hp\PATCHES\62WW1NDR\CPC_UPD\OwnerPatch.exe
C:\hp\recovery\bin\PE_Patch.exe
C:\WINDOWS\system32\o4Patch.exe
D:\MiniNT\system32\OwnerPatch.exe
D:\I386\APPS\APP18523\src\MSWorks\Install.exe
D:\I386\DRV\APP04036\Install.exe
D:\I386\DRV\APP04036\src\Install.exe
D:\I386\SYSTEM32\OwnerPatch.exe
D:\HP\PATCHES\62WW1NDR\CPC_UPD\OwnerPatch.exe
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
List'em by g3n-h@ckm@n 1.1.5.2
Thx to Chiquitine29.....& CCM team
User : HP_Propriétaire (Administrateurs) # ANTHONY
Update on 14/12/2009 by g3n-h@ckm@n ::::: 00:00
Start at: 18:05:37 | 21/12/2009
Contact : g3n-h@ckm@n sur CCM
AMD Athlon(tm) 64 Processor 3500+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.11
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1351 [VPS 091221-0] 4.8.1351 [ (!) Disabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006
C:\ -> Disque fixe local | 180,45 Go (53,71 Go free) [HP_PAVILION] | NTFS
D:\ -> Disque fixe local | 5,84 Go (553,12 Mo free) [HP_RECOVERY] | FAT32
E:\ -> Disque CD-ROM | 4,2 Go (0 Mo free) [LOTRBFME2EP1] | UDF
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe 672
C:\WINDOWS\system32\csrss.exe 748
C:\WINDOWS\system32\winlogon.exe 776
C:\WINDOWS\system32\services.exe 820
C:\WINDOWS\system32\lsass.exe 832
C:\WINDOWS\system32\Ati2evxx.exe 984
C:\WINDOWS\system32\svchost.exe 1000
C:\WINDOWS\system32\svchost.exe 1088
C:\WINDOWS\System32\svchost.exe 1176
C:\WINDOWS\system32\svchost.exe 1240
C:\WINDOWS\system32\svchost.exe 1424
C:\WINDOWS\system32\Ati2evxx.exe 1540
C:\WINDOWS\Explorer.EXE 1644
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1672
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1756
C:\WINDOWS\system32\spoolsv.exe 224
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe 260
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe 308
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe 452
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe 460
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe 484
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 520
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 596
C:\WINDOWS\system32\ctfmon.exe 604
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe 632
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 652
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe 692
C:\PROGRA~1\Wanadoo\ComComp.exe 728
C:\Program Files\Messenger\msmsgs.exe 900
C:\WINDOWS\system32\svchost.exe 948
C:\PROGRA~1\Wanadoo\Toaster.exe 1140
C:\PROGRA~1\Wanadoo\Inactivity.exe 1148
C:\PROGRA~1\Wanadoo\PollingModule.exe 1160
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE 1208
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe 1452
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 1472
C:\WINDOWS\System32\FTRTSVC.exe 1460
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe 1816
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe 2052
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2148
C:\Program Files\Logitech\QuickCam10\COCIManager.exe 2700
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2888
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2972
C:\PROGRA~1\Wanadoo\Watch.exe 3924
C:\WINDOWS\System32\alg.exe 3940
C:\WINDOWS\System32\svchost.exe 3240
C:\HP\KBD\KBD.EXE 3664
C:\WINDOWS\ALCXMNTR.EXE 3920
C:\WINDOWS\system32\wuauclt.exe 2276
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe 1156
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 3872
c:\windows\system\hpsysdrv.exe 356
C:\WINDOWS\system32\svchost.exe 212
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe 3696
C:\Documents and Settings\HP_Propriétaire\Bureau\List_Kill'em.exe 3900
C:\WINDOWS\system32\cmd.exe 668
C:\WINDOWS\system32\wbem\wmiprvse.exe 1788
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\B7.tmp\pv.exe 3976
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WOOKIT REG_SZ C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
LDM REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HPHUPD08 REG_SZ c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
HPBootOp REG_SZ "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
OpwareSE2 REG_SZ "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
WOOWATCH REG_SZ C:\PROGRA~1\Wanadoo\Watch.exe
WOOTASKBARICON REG_SZ C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_BINARY 95000000
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BackupNoCDBurning REG_DWORD 0 (0x0)
HonorAutoRunSetting REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} REG_SZ AVG Anti-Spyware 7.5
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe REG_SZ C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema
C:\Program Files\CyberLink\PowerCinema\PCMService.exe REG_SZ C:\Program Files\CyberLink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Warcraft III\Warcraft III.exe REG_SZ C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\WINDOWS\system32\rundll32.exe REG_SZ C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL France
C:\Program Files\WINSOS\winsos.exe REG_SZ C:\Program Files\Winsos\winsos.exe:*:Enabled:Winsos
C:\Program Files\WINSOS\anti-spy.exe REG_SZ C:\Program Files\Winsos\anti-spy.exe:*:Enabled:anti-spy Winsos
C:\Program Files\WINSOS\help.exe REG_SZ C:\Program Files\Winsos\help.exe:*:Enabled:Winsos Help
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
C:\Program Files\Azureus\Azureus.exe REG_SZ C:\Program Files\Azureus\Azureus.exe:*:Disabled:Azureus
C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat REG_SZ C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:*:Enabled:La Bataille pour la Terre du Milieu(tm)
C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat REG_SZ C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:*:Enabled:La Bataille pour la Terre du Milieu ™ II
C:\Program Files\BitComet\BitComet.exe REG_SZ C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat REG_SZ C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:*:Enabled:LSDA, L'Avènement du Roi-sorcier™
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
J:\PES2009\Crack\pes2009.exe REG_SZ J:\PES2009\Crack\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\patchget.dat REG_SZ C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\patchget.dat:*:Enabled:patchgrabber
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
D:\Autorun.inf :
----------------
[AUTORUN]
ShellExecute=Info.exe protect.ed 480 480
E:\Autorun.inf :
----------------
[autorun]
open=Autorun.exe
Icon=LotRIcon.exe
Name=The Lord of the Rings, The Rise of the Witch-king
[Special]
Disk=1
ProductGuiID={B931FB80-537A-4600-00AD-AC5DEDB6C25B}
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
180 Go total, 53,71 Go libre (29%), 22% fragment‚ (fragmentation du fichier 43%)
Vous devriez d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\WINDOWS\System32\_psisdecd.dll
C:\WINDOWS\System32\404Fix.exe
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\WINDOWS\System32\drivers\Sonyhcp.dll
C:\WINDOWS\System32\dumphive.exe
C:\WINDOWS\System32\IEDFix.exe
C:\WINDOWS\System32\Process.exe
C:\WINDOWS\System32\ps2.bat
C:\WINDOWS\System32\SrchSTS.exe
C:\WINDOWS\System32\tmp.reg
C:\WINDOWS\System32\VACFix.exe
C:\WINDOWS\System32\VCCLSID.exe
C:\WINDOWS\System32\WS2Fix.exe
C:\WINDOWS\winstart.bat
C:\Documents and Settings\HP_Propri‚taire\Application Data\GDIPFONTCACHEV1.DAT
C:\Documents and Settings\HP_Propri‚taire\Application Data\wklnhst.dat
C:\Documents and Settings\HP_Propri‚taire\RefEdit.exd
¤¤¤¤¤¤¤¤¤¤ Keys :
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKLM\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}
================
Other infections
================
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 18:07:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:9a,0b,85,81,b3,a4,28,a9,ea,9c,83,35,61,c5,1e,0d,46,1f,6d,aa,a9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:9a,0b,85,81,b3,a4,28,a9,ea,9c,83,35,61,c5,1e,0d,46,1f,6d,aa,a9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:69cff75b
"s2"=dword:f8f26918
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:9a,0b,85,81,b3,a4,28,a9,ea,9c,83,35,61,c5,1e,0d,46,1f,6d,aa,a9,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
Programs
==========
Adobe
Ahead
Alcohol Soft
Alwil Software
AntivirusFirewall
ArcSoft
Atari
ATI Technologies
Canon
CCleaner
ComPlus Applications
EA GAMES
Electronic Arts
eMule
Fichiers communs
File Scanner Library (Spybot - Search & Destroy)
Grisoft
Hewlett-Packard
HP
IEAK
InstallShield Installation Information
Internet Explorer
Inventel
Lavasoft
Logitech
LucasArts
Malwarebytes' Anti-Malware
Messenger
Microsoft
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft SQL Server
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Works
Misc. Support Library (Spybot - Search & Destroy)
Movie Maker
MSBuild
MSN
MSN Gaming Zone
MSN Messenger
MSXML 4.0
MSXML 6.0
Music Manager
muvee Technologies
NetMeeting
Online Services
Orange
ORKTools
Outlook Express
PC-Doctor 5 for Windows
PopCap Games
QuickTime
Real
Reference Assemblies
Samsung
ScanSoft
Services en ligne
Sonic
Sony Corporation
SpeedRam2
Spybot - Search & Destroy
SymplisIT
TeaTimer (Spybot - Search & Destroy)
Trend Micro
Uninstall Information
VideoLAN
Wanadoo
Warcraft III
Windows Live
Windows Live SkyDrive
Windows Live Toolbar
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
WinX DVD Author
xerox
Yahoo!
Zylom Games
============
Lecteur C:
============
8873da7dfb617edd09
Audio CD (E)
AUTOEXEC.BAT
BOOT.BAK
boot.ini
Bootfont.bin
CanonMP
cmdcons
cmldr
Config.Msi
CONFIG.SYS
Documents and Settings
Downloads
Drivers
hiberfil.sys
hp
IO.SYS
IPH.PH
Kill'em
List'em.txt
MSDOS.SYS
MSOCache
NTDETECT.COM
ntldr
pagefile.sys
playground.log
Program Files
Python22
RECYCLER
rsit
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmdata03.sqm
sqmdata04.sqm
sqmdata05.sqm
sqmdata06.sqm
sqmdata07.sqm
sqmdata08.sqm
sqmdata09.sqm
sqmdata10.sqm
sqmdata11.sqm
sqmdata12.sqm
sqmdata13.sqm
sqmdata14.sqm
sqmdata15.sqm
sqmdata16.sqm
sqmdata17.sqm
sqmdata18.sqm
sqmdata19.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
sqmnoopt03.sqm
sqmnoopt04.sqm
sqmnoopt05.sqm
sqmnoopt06.sqm
sqmnoopt07.sqm
sqmnoopt08.sqm
sqmnoopt09.sqm
sqmnoopt10.sqm
sqmnoopt11.sqm
sqmnoopt12.sqm
sqmnoopt13.sqm
sqmnoopt14.sqm
sqmnoopt15.sqm
sqmnoopt16.sqm
sqmnoopt17.sqm
sqmnoopt18.sqm
sqmnoopt19.sqm
System Volume Information
system.sav
temp
UNWISE.EXE
WINDOWS
_OTL
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
C:\Documents and Settings\HP_Propri‚taire\Mes documents\Anthony HAELEWYN\SmitfraudFix\o4Patch.exe
C:\Documents and Settings\HP_Propri‚taire\Mes documents\Jeux codes&crack\le seigneur des anneaux la bataille pour la terre du milieu 2 crack NoCd Keygen.rar
C:\Documents and Settings\HP_Propri‚taire\Mes documents\Jeux codes&crack\Warcraft_3_1.20c_NO-CD_Crack.rar
C:\hp\KBD\Install.exe
C:\hp\PATCHES\62WW1NDR\CPC_UPD\OwnerPatch.exe
C:\hp\recovery\bin\PE_Patch.exe
C:\WINDOWS\system32\o4Patch.exe
D:\MiniNT\system32\OwnerPatch.exe
D:\I386\APPS\APP18523\src\MSWorks\Install.exe
D:\I386\DRV\APP04036\Install.exe
D:\I386\DRV\APP04036\src\Install.exe
D:\I386\SYSTEM32\OwnerPatch.exe
D:\HP\PATCHES\62WW1NDR\CPC_UPD\OwnerPatch.exe
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
desole c est une ancienne version que je n ai pas retiré :
supprime le et retelecharge-le d'ici :
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe
supprime le et retelecharge-le d'ici :
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe
OK, voici le nouveau rapport :
List'em by g3n-h@ckm@n 1.1.6.0
Thx to Chiquitine29.....& CCM team
User : HP_Propriétaire (Administrateurs) # ANTHONY
Update on 18/12/2009 by g3n-h@ckm@n ::::: 20:30
Start at: 08:02:49 | 22/12/2009
Contact : g3n-h@ckm@n sur CCM
AMD Athlon(tm) 64 Processor 3500+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.11
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1351 [VPS 091222-0] 4.8.1351 [ (!) Disabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006
C:\ -> Disque fixe local | 180,45 Go (53,7 Go free) [HP_PAVILION] | NTFS
D:\ -> Disque fixe local | 5,84 Go (553,12 Mo free) [HP_RECOVERY] | FAT32
E:\ -> Disque CD-ROM | 4,2 Go (0 Mo free) [LOTRBFME2EP1] | UDF
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe 672
C:\WINDOWS\system32\csrss.exe 748
C:\WINDOWS\system32\winlogon.exe 776
C:\WINDOWS\system32\services.exe 820
C:\WINDOWS\system32\lsass.exe 832
C:\WINDOWS\system32\Ati2evxx.exe 984
C:\WINDOWS\system32\svchost.exe 1000
C:\WINDOWS\system32\svchost.exe 1088
C:\WINDOWS\System32\svchost.exe 1176
C:\WINDOWS\system32\svchost.exe 1240
C:\WINDOWS\system32\svchost.exe 1424
C:\WINDOWS\system32\Ati2evxx.exe 1540
C:\WINDOWS\Explorer.EXE 1644
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1672
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1756
C:\WINDOWS\system32\spoolsv.exe 224
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe 260
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe 308
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe 452
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe 460
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe 484
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 520
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 596
C:\WINDOWS\system32\ctfmon.exe 604
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe 632
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 652
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe 692
C:\PROGRA~1\Wanadoo\ComComp.exe 728
C:\Program Files\Messenger\msmsgs.exe 900
C:\WINDOWS\system32\svchost.exe 948
C:\PROGRA~1\Wanadoo\Toaster.exe 1140
C:\PROGRA~1\Wanadoo\Inactivity.exe 1148
C:\PROGRA~1\Wanadoo\PollingModule.exe 1160
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE 1208
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe 1452
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 1472
C:\WINDOWS\System32\FTRTSVC.exe 1460
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe 1816
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe 2052
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2148
C:\Program Files\Logitech\QuickCam10\COCIManager.exe 2700
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2888
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2972
C:\PROGRA~1\Wanadoo\Watch.exe 3924
C:\WINDOWS\System32\alg.exe 3940
C:\WINDOWS\System32\svchost.exe 3240
C:\HP\KBD\KBD.EXE 3664
C:\WINDOWS\ALCXMNTR.EXE 3920
C:\WINDOWS\system32\wuauclt.exe 2276
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe 1156
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 3872
c:\windows\system\hpsysdrv.exe 356
C:\WINDOWS\system32\svchost.exe 212
C:\WINDOWS\system32\mmc.exe 1172
C:\WINDOWS\system32\DfrgNtfs.exe 12664
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe 22012
C:\Program Files\List_Kill'em\List_Kill'em.exe 16152
C:\WINDOWS\system32\cmd.exe 8932
C:\WINDOWS\system32\wbem\wmiprvse.exe 11068
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\BF.tmp\pv.exe 6644
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WOOKIT REG_SZ C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
LDM REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HPHUPD08 REG_SZ c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
HPBootOp REG_SZ "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
OpwareSE2 REG_SZ "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
WOOWATCH REG_SZ C:\PROGRA~1\Wanadoo\Watch.exe
WOOTASKBARICON REG_SZ C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_BINARY 95000000
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BackupNoCDBurning REG_DWORD 0 (0x0)
HonorAutoRunSetting REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} REG_SZ AVG Anti-Spyware 7.5
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe REG_SZ C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema
C:\Program Files\CyberLink\PowerCinema\PCMService.exe REG_SZ C:\Program Files\CyberLink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Warcraft III\Warcraft III.exe REG_SZ C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\WINDOWS\system32\rundll32.exe REG_SZ C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL France
C:\Program Files\WINSOS\winsos.exe REG_SZ C:\Program Files\Winsos\winsos.exe:*:Enabled:Winsos
C:\Program Files\WINSOS\anti-spy.exe REG_SZ C:\Program Files\Winsos\anti-spy.exe:*:Enabled:anti-spy Winsos
C:\Program Files\WINSOS\help.exe REG_SZ C:\Program Files\Winsos\help.exe:*:Enabled:Winsos Help
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
C:\Program Files\Azureus\Azureus.exe REG_SZ C:\Program Files\Azureus\Azureus.exe:*:Disabled:Azureus
C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat REG_SZ C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:*:Enabled:La Bataille pour la Terre du Milieu(tm)
C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat REG_SZ C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:*:Enabled:La Bataille pour la Terre du Milieu ™ II
C:\Program Files\BitComet\BitComet.exe REG_SZ C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat REG_SZ C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:*:Enabled:LSDA, L'Avènement du Roi-sorcier™
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
J:\PES2009\Crack\pes2009.exe REG_SZ J:\PES2009\Crack\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\patchget.dat REG_SZ C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\patchget.dat:*:Enabled:patchgrabber
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
D:\Autorun.inf :
----------------
[AUTORUN]
ShellExecute=Info.exe protect.ed 480 480
E:\Autorun.inf :
----------------
[autorun]
open=Autorun.exe
Icon=LotRIcon.exe
Name=The Lord of the Rings, The Rise of the Witch-king
[Special]
Disk=1
ProductGuiID={B931FB80-537A-4600-00AD-AC5DEDB6C25B}
=======
Drive :
=======
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\WINDOWS\System32\_psisdecd.dll
C:\WINDOWS\System32\404Fix.exe
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\WINDOWS\System32\drivers\Sonyhcp.dll
C:\WINDOWS\System32\dumphive.exe
C:\WINDOWS\System32\IEDFix.exe
C:\WINDOWS\System32\Process.exe
C:\WINDOWS\System32\ps2.bat
C:\WINDOWS\System32\SrchSTS.exe
C:\WINDOWS\System32\tmp.reg
C:\WINDOWS\System32\VACFix.exe
C:\WINDOWS\System32\VCCLSID.exe
C:\WINDOWS\System32\WS2Fix.exe
C:\WINDOWS\winstart.bat
C:\Documents and Settings\HP_Propri‚taire\Application Data\GDIPFONTCACHEV1.DAT
C:\Documents and Settings\HP_Propri‚taire\Application Data\wklnhst.dat
C:\Documents and Settings\HP_Propri‚taire\RefEdit.exd
¤¤¤¤¤¤¤¤¤¤ Keys :
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
================
Other infections
================
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-22 08:04:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:9a,0b,85,81,b3,a4,28,a9,ea,9c,83,35,61,c5,1e,0d,46,1f,6d,aa,a9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:9a,0b,85,81,b3,a4,28,a9,ea,9c,83,35,61,c5,1e,0d,46,1f,6d,aa,a9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:69cff75b
"s2"=dword:f8f26918
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:9a,0b,85,81,b3,a4,28,a9,ea,9c,83,35,61,c5,1e,0d,46,1f,6d,aa,a9,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
Programs
==========
Adobe
Ahead
Alcohol Soft
Alwil Software
AntivirusFirewall
ArcSoft
Atari
ATI Technologies
Canon
CCleaner
ComPlus Applications
EA GAMES
Electronic Arts
eMule
Fichiers communs
File Scanner Library (Spybot - Search & Destroy)
Google
Grisoft
Hewlett-Packard
HP
IEAK
InstallShield Installation Information
Internet Explorer
Inventel
Lavasoft
List_Kill'em
Logitech
LucasArts
Malwarebytes' Anti-Malware
Messenger
Microsoft
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft SQL Server
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Works
Misc. Support Library (Spybot - Search & Destroy)
Movie Maker
MSBuild
MSN
MSN Gaming Zone
MSN Messenger
MSXML 4.0
MSXML 6.0
Music Manager
muvee Technologies
NetMeeting
Online Services
Orange
ORKTools
Outlook Express
PC-Doctor 5 for Windows
PopCap Games
QuickTime
Real
Reference Assemblies
Samsung
ScanSoft
Services en ligne
Sonic
Sony Corporation
SpeedRam2
Spybot - Search & Destroy
SymplisIT
TeaTimer (Spybot - Search & Destroy)
Trend Micro
Uninstall Information
VideoLAN
Wanadoo
Warcraft III
Windows Live
Windows Live SkyDrive
Windows Live Toolbar
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
WinX DVD Author
xerox
Yahoo!
Zylom Games
============
Lecteur C:
============
8873da7dfb617edd09
Audio CD (E)
AUTOEXEC.BAT
BOOT.BAK
boot.ini
Bootfont.bin
CanonMP
cmdcons
cmldr
Config.Msi
CONFIG.SYS
Documents and Settings
Downloads
Drivers
hiberfil.sys
hp
IO.SYS
IPH.PH
Kill'em
List'em.txt
MSDOS.SYS
MSOCache
NTDETECT.COM
ntldr
pagefile.sys
playground.log
Program Files
Python22
RECYCLER
rsit
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmdata03.sqm
sqmdata04.sqm
sqmdata05.sqm
sqmdata06.sqm
sqmdata07.sqm
sqmdata08.sqm
sqmdata09.sqm
sqmdata10.sqm
sqmdata11.sqm
sqmdata12.sqm
sqmdata13.sqm
sqmdata14.sqm
sqmdata15.sqm
sqmdata16.sqm
sqmdata17.sqm
sqmdata18.sqm
sqmdata19.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
sqmnoopt03.sqm
sqmnoopt04.sqm
sqmnoopt05.sqm
sqmnoopt06.sqm
sqmnoopt07.sqm
sqmnoopt08.sqm
sqmnoopt09.sqm
sqmnoopt10.sqm
sqmnoopt11.sqm
sqmnoopt12.sqm
sqmnoopt13.sqm
sqmnoopt14.sqm
sqmnoopt15.sqm
sqmnoopt16.sqm
sqmnoopt17.sqm
sqmnoopt18.sqm
sqmnoopt19.sqm
System Volume Information
system.sav
temp
UNWISE.EXE
WINDOWS
_OTL
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
C:\Documents and Settings\HP_Propri‚taire\Mes documents\Jeux codes&crack\Serial - Le Seigneur Des Anneaux - Bataille Pour La Terre Du Milieu.txt
C:\Documents and Settings\HP_Propri‚taire\Mes documents\Jeux codes&crack\le seigneur des anneaux la bataille pour la terre du milieu 2 crack NoCd+Keygen\KEYGEN\Keygen Le Seigneur Des Anneaux La Bataille Pour La Terre Du Milieu 2.exe
C:\Program Files\Warcraft III\Patch.txt
C:\Documents and Settings\HP_Propri‚taire\Mes documents\Anthony HAELEWYN\SmitfraudFix\o4Patch.exe
C:\Documents and Settings\HP_Propri‚taire\Mes documents\Jeux codes&crack\le seigneur des anneaux la bataille pour la terre du milieu 2 crack NoCd Keygen.rar
C:\Documents and Settings\HP_Propri‚taire\Mes documents\Jeux codes&crack\Warcraft_3_1.20c_NO-CD_Crack.rar
C:\hp\KBD\Install.exe
C:\hp\PATCHES\62WW1NDR\CPC_UPD\OwnerPatch.exe
C:\hp\recovery\bin\PE_Patch.exe
C:\WINDOWS\system32\o4Patch.exe
D:\MiniNT\system32\OwnerPatch.exe
D:\I386\APPS\APP18523\src\MSWorks\Install.exe
D:\I386\DRV\APP04036\Install.exe
D:\I386\DRV\APP04036\src\Install.exe
D:\I386\SYSTEM32\OwnerPatch.exe
D:\HP\PATCHES\62WW1NDR\CPC_UPD\OwnerPatch.exe
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
List'em by g3n-h@ckm@n 1.1.6.0
Thx to Chiquitine29.....& CCM team
User : HP_Propriétaire (Administrateurs) # ANTHONY
Update on 18/12/2009 by g3n-h@ckm@n ::::: 20:30
Start at: 08:02:49 | 22/12/2009
Contact : g3n-h@ckm@n sur CCM
AMD Athlon(tm) 64 Processor 3500+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.11
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1351 [VPS 091222-0] 4.8.1351 [ (!) Disabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006
C:\ -> Disque fixe local | 180,45 Go (53,7 Go free) [HP_PAVILION] | NTFS
D:\ -> Disque fixe local | 5,84 Go (553,12 Mo free) [HP_RECOVERY] | FAT32
E:\ -> Disque CD-ROM | 4,2 Go (0 Mo free) [LOTRBFME2EP1] | UDF
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe 672
C:\WINDOWS\system32\csrss.exe 748
C:\WINDOWS\system32\winlogon.exe 776
C:\WINDOWS\system32\services.exe 820
C:\WINDOWS\system32\lsass.exe 832
C:\WINDOWS\system32\Ati2evxx.exe 984
C:\WINDOWS\system32\svchost.exe 1000
C:\WINDOWS\system32\svchost.exe 1088
C:\WINDOWS\System32\svchost.exe 1176
C:\WINDOWS\system32\svchost.exe 1240
C:\WINDOWS\system32\svchost.exe 1424
C:\WINDOWS\system32\Ati2evxx.exe 1540
C:\WINDOWS\Explorer.EXE 1644
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1672
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1756
C:\WINDOWS\system32\spoolsv.exe 224
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe 260
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe 308
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe 452
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe 460
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe 484
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 520
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 596
C:\WINDOWS\system32\ctfmon.exe 604
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe 632
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 652
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe 692
C:\PROGRA~1\Wanadoo\ComComp.exe 728
C:\Program Files\Messenger\msmsgs.exe 900
C:\WINDOWS\system32\svchost.exe 948
C:\PROGRA~1\Wanadoo\Toaster.exe 1140
C:\PROGRA~1\Wanadoo\Inactivity.exe 1148
C:\PROGRA~1\Wanadoo\PollingModule.exe 1160
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE 1208
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe 1452
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 1472
C:\WINDOWS\System32\FTRTSVC.exe 1460
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe 1816
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe 2052
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2148
C:\Program Files\Logitech\QuickCam10\COCIManager.exe 2700
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2888
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2972
C:\PROGRA~1\Wanadoo\Watch.exe 3924
C:\WINDOWS\System32\alg.exe 3940
C:\WINDOWS\System32\svchost.exe 3240
C:\HP\KBD\KBD.EXE 3664
C:\WINDOWS\ALCXMNTR.EXE 3920
C:\WINDOWS\system32\wuauclt.exe 2276
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe 1156
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 3872
c:\windows\system\hpsysdrv.exe 356
C:\WINDOWS\system32\svchost.exe 212
C:\WINDOWS\system32\mmc.exe 1172
C:\WINDOWS\system32\DfrgNtfs.exe 12664
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe 22012
C:\Program Files\List_Kill'em\List_Kill'em.exe 16152
C:\WINDOWS\system32\cmd.exe 8932
C:\WINDOWS\system32\wbem\wmiprvse.exe 11068
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\BF.tmp\pv.exe 6644
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WOOKIT REG_SZ C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
LDM REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HPHUPD08 REG_SZ c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
HPBootOp REG_SZ "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
OpwareSE2 REG_SZ "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
WOOWATCH REG_SZ C:\PROGRA~1\Wanadoo\Watch.exe
WOOTASKBARICON REG_SZ C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_BINARY 95000000
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BackupNoCDBurning REG_DWORD 0 (0x0)
HonorAutoRunSetting REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} REG_SZ AVG Anti-Spyware 7.5
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe REG_SZ C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema
C:\Program Files\CyberLink\PowerCinema\PCMService.exe REG_SZ C:\Program Files\CyberLink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Warcraft III\Warcraft III.exe REG_SZ C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\WINDOWS\system32\rundll32.exe REG_SZ C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL France
C:\Program Files\WINSOS\winsos.exe REG_SZ C:\Program Files\Winsos\winsos.exe:*:Enabled:Winsos
C:\Program Files\WINSOS\anti-spy.exe REG_SZ C:\Program Files\Winsos\anti-spy.exe:*:Enabled:anti-spy Winsos
C:\Program Files\WINSOS\help.exe REG_SZ C:\Program Files\Winsos\help.exe:*:Enabled:Winsos Help
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
C:\Program Files\Azureus\Azureus.exe REG_SZ C:\Program Files\Azureus\Azureus.exe:*:Disabled:Azureus
C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat REG_SZ C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:*:Enabled:La Bataille pour la Terre du Milieu(tm)
C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat REG_SZ C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:*:Enabled:La Bataille pour la Terre du Milieu ™ II
C:\Program Files\BitComet\BitComet.exe REG_SZ C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat REG_SZ C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:*:Enabled:LSDA, L'Avènement du Roi-sorcier™
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
J:\PES2009\Crack\pes2009.exe REG_SZ J:\PES2009\Crack\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\patchget.dat REG_SZ C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\patchget.dat:*:Enabled:patchgrabber
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
D:\Autorun.inf :
----------------
[AUTORUN]
ShellExecute=Info.exe protect.ed 480 480
E:\Autorun.inf :
----------------
[autorun]
open=Autorun.exe
Icon=LotRIcon.exe
Name=The Lord of the Rings, The Rise of the Witch-king
[Special]
Disk=1
ProductGuiID={B931FB80-537A-4600-00AD-AC5DEDB6C25B}
=======
Drive :
=======
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\WINDOWS\System32\_psisdecd.dll
C:\WINDOWS\System32\404Fix.exe
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\WINDOWS\System32\drivers\Sonyhcp.dll
C:\WINDOWS\System32\dumphive.exe
C:\WINDOWS\System32\IEDFix.exe
C:\WINDOWS\System32\Process.exe
C:\WINDOWS\System32\ps2.bat
C:\WINDOWS\System32\SrchSTS.exe
C:\WINDOWS\System32\tmp.reg
C:\WINDOWS\System32\VACFix.exe
C:\WINDOWS\System32\VCCLSID.exe
C:\WINDOWS\System32\WS2Fix.exe
C:\WINDOWS\winstart.bat
C:\Documents and Settings\HP_Propri‚taire\Application Data\GDIPFONTCACHEV1.DAT
C:\Documents and Settings\HP_Propri‚taire\Application Data\wklnhst.dat
C:\Documents and Settings\HP_Propri‚taire\RefEdit.exd
¤¤¤¤¤¤¤¤¤¤ Keys :
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
================
Other infections
================
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-22 08:04:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:9a,0b,85,81,b3,a4,28,a9,ea,9c,83,35,61,c5,1e,0d,46,1f,6d,aa,a9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:9a,0b,85,81,b3,a4,28,a9,ea,9c,83,35,61,c5,1e,0d,46,1f,6d,aa,a9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:69cff75b
"s2"=dword:f8f26918
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:9a,0b,85,81,b3,a4,28,a9,ea,9c,83,35,61,c5,1e,0d,46,1f,6d,aa,a9,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
Programs
==========
Adobe
Ahead
Alcohol Soft
Alwil Software
AntivirusFirewall
ArcSoft
Atari
ATI Technologies
Canon
CCleaner
ComPlus Applications
EA GAMES
Electronic Arts
eMule
Fichiers communs
File Scanner Library (Spybot - Search & Destroy)
Grisoft
Hewlett-Packard
HP
IEAK
InstallShield Installation Information
Internet Explorer
Inventel
Lavasoft
List_Kill'em
Logitech
LucasArts
Malwarebytes' Anti-Malware
Messenger
Microsoft
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft SQL Server
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Works
Misc. Support Library (Spybot - Search & Destroy)
Movie Maker
MSBuild
MSN
MSN Gaming Zone
MSN Messenger
MSXML 4.0
MSXML 6.0
Music Manager
muvee Technologies
NetMeeting
Online Services
Orange
ORKTools
Outlook Express
PC-Doctor 5 for Windows
PopCap Games
QuickTime
Real
Reference Assemblies
Samsung
ScanSoft
Services en ligne
Sonic
Sony Corporation
SpeedRam2
Spybot - Search & Destroy
SymplisIT
TeaTimer (Spybot - Search & Destroy)
Trend Micro
Uninstall Information
VideoLAN
Wanadoo
Warcraft III
Windows Live
Windows Live SkyDrive
Windows Live Toolbar
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
WinX DVD Author
xerox
Yahoo!
Zylom Games
============
Lecteur C:
============
8873da7dfb617edd09
Audio CD (E)
AUTOEXEC.BAT
BOOT.BAK
boot.ini
Bootfont.bin
CanonMP
cmdcons
cmldr
Config.Msi
CONFIG.SYS
Documents and Settings
Downloads
Drivers
hiberfil.sys
hp
IO.SYS
IPH.PH
Kill'em
List'em.txt
MSDOS.SYS
MSOCache
NTDETECT.COM
ntldr
pagefile.sys
playground.log
Program Files
Python22
RECYCLER
rsit
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmdata03.sqm
sqmdata04.sqm
sqmdata05.sqm
sqmdata06.sqm
sqmdata07.sqm
sqmdata08.sqm
sqmdata09.sqm
sqmdata10.sqm
sqmdata11.sqm
sqmdata12.sqm
sqmdata13.sqm
sqmdata14.sqm
sqmdata15.sqm
sqmdata16.sqm
sqmdata17.sqm
sqmdata18.sqm
sqmdata19.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
sqmnoopt03.sqm
sqmnoopt04.sqm
sqmnoopt05.sqm
sqmnoopt06.sqm
sqmnoopt07.sqm
sqmnoopt08.sqm
sqmnoopt09.sqm
sqmnoopt10.sqm
sqmnoopt11.sqm
sqmnoopt12.sqm
sqmnoopt13.sqm
sqmnoopt14.sqm
sqmnoopt15.sqm
sqmnoopt16.sqm
sqmnoopt17.sqm
sqmnoopt18.sqm
sqmnoopt19.sqm
System Volume Information
system.sav
temp
UNWISE.EXE
WINDOWS
_OTL
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
C:\Documents and Settings\HP_Propri‚taire\Mes documents\Jeux codes&crack\Serial - Le Seigneur Des Anneaux - Bataille Pour La Terre Du Milieu.txt
C:\Documents and Settings\HP_Propri‚taire\Mes documents\Jeux codes&crack\le seigneur des anneaux la bataille pour la terre du milieu 2 crack NoCd+Keygen\KEYGEN\Keygen Le Seigneur Des Anneaux La Bataille Pour La Terre Du Milieu 2.exe
C:\Program Files\Warcraft III\Patch.txt
C:\Documents and Settings\HP_Propri‚taire\Mes documents\Anthony HAELEWYN\SmitfraudFix\o4Patch.exe
C:\Documents and Settings\HP_Propri‚taire\Mes documents\Jeux codes&crack\le seigneur des anneaux la bataille pour la terre du milieu 2 crack NoCd Keygen.rar
C:\Documents and Settings\HP_Propri‚taire\Mes documents\Jeux codes&crack\Warcraft_3_1.20c_NO-CD_Crack.rar
C:\hp\KBD\Install.exe
C:\hp\PATCHES\62WW1NDR\CPC_UPD\OwnerPatch.exe
C:\hp\recovery\bin\PE_Patch.exe
C:\WINDOWS\system32\o4Patch.exe
D:\MiniNT\system32\OwnerPatch.exe
D:\I386\APPS\APP18523\src\MSWorks\Install.exe
D:\I386\DRV\APP04036\Install.exe
D:\I386\DRV\APP04036\src\Install.exe
D:\I386\SYSTEM32\OwnerPatch.exe
D:\HP\PATCHES\62WW1NDR\CPC_UPD\OwnerPatch.exe
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
▶ Relance List&Kill'em ,avec le raccourci sur ton bureau ,
mais cette fois-ci :
▶ choisis l'option 2 = Mode Destruction
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
mais cette fois-ci :
▶ choisis l'option 2 = Mode Destruction
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
Voici le rapport après destruction :
Kill'em by g3n-h@ckm@n 1.1.6.0
User : HP_Propriétaire (Administrateurs) # ANTHONY
Update on 18/12/2009 by g3n-h@ckm@n ::::: 20:30
Start at: 18:54:01 | 22/12/2009
Contact : g3n-h@ckm@n sur CCM
AMD Athlon(tm) 64 Processor 3500+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1351 [VPS 091222-1] 4.8.1351 [ Enabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006
C:\ -> Disque fixe local | 180,45 Go (53,46 Go free) [HP_PAVILION] | NTFS
D:\ -> Disque fixe local | 5,84 Go (553,1 Mo free) [HP_RECOVERY] | FAT32
E:\ -> Disque CD-ROM | 4,2 Go (0 Mo free) [LOTRBFME2EP1] | UDF
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe 684
C:\WINDOWS\system32\csrss.exe 744
C:\WINDOWS\system32\winlogon.exe 772
C:\WINDOWS\system32\services.exe 816
C:\WINDOWS\system32\lsass.exe 828
C:\WINDOWS\system32\Ati2evxx.exe 984
C:\WINDOWS\system32\svchost.exe 1000
C:\WINDOWS\system32\svchost.exe 1088
C:\WINDOWS\System32\svchost.exe 1176
C:\WINDOWS\system32\svchost.exe 1240
C:\WINDOWS\system32\svchost.exe 1428
C:\WINDOWS\system32\Ati2evxx.exe 1548
C:\WINDOWS\Explorer.EXE 1644
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1676
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1728
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe 1940
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe 1968
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe 1976
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 1984
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe 1996
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe 208
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 420
C:\WINDOWS\system32\ctfmon.exe 428
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe 436
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 460
C:\Program Files\Messenger\msmsgs.exe 488
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 508
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe 588
C:\WINDOWS\system32\spoolsv.exe 1208
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe 1300
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe 1408
C:\PROGRA~1\Wanadoo\ComComp.exe 1492
C:\PROGRA~1\Wanadoo\Toaster.exe 1568
C:\PROGRA~1\Wanadoo\Inactivity.exe 1592
C:\PROGRA~1\Wanadoo\PollingModule.exe 1576
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE 1772
C:\WINDOWS\system32\svchost.exe 2140
C:\WINDOWS\System32\FTRTSVC.exe 2188
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe 2236
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2344
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3048
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3128
C:\Program Files\Logitech\QuickCam10\COCIManager.exe 3728
C:\WINDOWS\System32\alg.exe 3872
C:\PROGRA~1\Wanadoo\Watch.exe 4036
C:\WINDOWS\System32\svchost.exe 2440
C:\WINDOWS\system32\wuauclt.exe 3520
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe 1024
C:\HP\KBD\KBD.EXE 3764
C:\WINDOWS\ALCXMNTR.EXE 2836
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 2748
c:\windows\system\hpsysdrv.exe 304
C:\Program Files\List_Kill'em\List_Kill'em.exe 1232
C:\WINDOWS\system32\cmd.exe 3504
C:\WINDOWS\system32\wbem\wmiprvse.exe 2856
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\F.tmp\pv.exe 4012
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\WINDOWS\System32\_psisdecd.dll
"C:\WINDOWS\system32\404Fix.exe"
"C:\WINDOWS\System32\drivers\etc\hosts.msn"
"C:\WINDOWS\system32\drivers\Sonyhcp.dll"
"C:\WINDOWS\system32\dumphive.exe"
"C:\WINDOWS\system32\IEDFix.exe"
"C:\WINDOWS\system32\Process.exe"
"C:\WINDOWS\system32\ps2.bat"
"C:\WINDOWS\system32\SrchSTS.exe"
"C:\WINDOWS\system32\tmp.reg"
"C:\WINDOWS\system32\VACFix.exe"
"C:\WINDOWS\system32\VCCLSID.exe"
"C:\WINDOWS\system32\WS2Fix.exe"
"C:\WINDOWS\winstart.bat"
"C:\Documents and Settings\HP_Propri‚taire\RefEdit.exd"
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
404Fix.exe.Kill'em
dumphive.exe.Kill'em
hosts.msn.Kill'em
IEDFix.exe.Kill'em
Process.exe.Kill'em
ps2.bat.Kill'em
RefEdit.exd.Kill'em
Sonyhcp.dll.Kill'em
SrchSTS.exe.Kill'em
tmp.reg.Kill'em
VACFix.exe.Kill'em
VCCLSID.exe.Kill'em
winstart.bat.Kill'em
WS2Fix.exe.Kill'em
_psisdecd.dll.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
============
Disk Cleaned
============
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Kill'em by g3n-h@ckm@n 1.1.6.0
User : HP_Propriétaire (Administrateurs) # ANTHONY
Update on 18/12/2009 by g3n-h@ckm@n ::::: 20:30
Start at: 18:54:01 | 22/12/2009
Contact : g3n-h@ckm@n sur CCM
AMD Athlon(tm) 64 Processor 3500+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1351 [VPS 091222-1] 4.8.1351 [ Enabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006
C:\ -> Disque fixe local | 180,45 Go (53,46 Go free) [HP_PAVILION] | NTFS
D:\ -> Disque fixe local | 5,84 Go (553,1 Mo free) [HP_RECOVERY] | FAT32
E:\ -> Disque CD-ROM | 4,2 Go (0 Mo free) [LOTRBFME2EP1] | UDF
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe 684
C:\WINDOWS\system32\csrss.exe 744
C:\WINDOWS\system32\winlogon.exe 772
C:\WINDOWS\system32\services.exe 816
C:\WINDOWS\system32\lsass.exe 828
C:\WINDOWS\system32\Ati2evxx.exe 984
C:\WINDOWS\system32\svchost.exe 1000
C:\WINDOWS\system32\svchost.exe 1088
C:\WINDOWS\System32\svchost.exe 1176
C:\WINDOWS\system32\svchost.exe 1240
C:\WINDOWS\system32\svchost.exe 1428
C:\WINDOWS\system32\Ati2evxx.exe 1548
C:\WINDOWS\Explorer.EXE 1644
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1676
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1728
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe 1940
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe 1968
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe 1976
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 1984
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe 1996
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe 208
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 420
C:\WINDOWS\system32\ctfmon.exe 428
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe 436
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 460
C:\Program Files\Messenger\msmsgs.exe 488
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 508
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe 588
C:\WINDOWS\system32\spoolsv.exe 1208
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe 1300
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe 1408
C:\PROGRA~1\Wanadoo\ComComp.exe 1492
C:\PROGRA~1\Wanadoo\Toaster.exe 1568
C:\PROGRA~1\Wanadoo\Inactivity.exe 1592
C:\PROGRA~1\Wanadoo\PollingModule.exe 1576
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE 1772
C:\WINDOWS\system32\svchost.exe 2140
C:\WINDOWS\System32\FTRTSVC.exe 2188
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe 2236
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2344
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3048
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3128
C:\Program Files\Logitech\QuickCam10\COCIManager.exe 3728
C:\WINDOWS\System32\alg.exe 3872
C:\PROGRA~1\Wanadoo\Watch.exe 4036
C:\WINDOWS\System32\svchost.exe 2440
C:\WINDOWS\system32\wuauclt.exe 3520
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe 1024
C:\HP\KBD\KBD.EXE 3764
C:\WINDOWS\ALCXMNTR.EXE 2836
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 2748
c:\windows\system\hpsysdrv.exe 304
C:\Program Files\List_Kill'em\List_Kill'em.exe 1232
C:\WINDOWS\system32\cmd.exe 3504
C:\WINDOWS\system32\wbem\wmiprvse.exe 2856
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\F.tmp\pv.exe 4012
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\WINDOWS\System32\_psisdecd.dll
"C:\WINDOWS\system32\404Fix.exe"
"C:\WINDOWS\System32\drivers\etc\hosts.msn"
"C:\WINDOWS\system32\drivers\Sonyhcp.dll"
"C:\WINDOWS\system32\dumphive.exe"
"C:\WINDOWS\system32\IEDFix.exe"
"C:\WINDOWS\system32\Process.exe"
"C:\WINDOWS\system32\ps2.bat"
"C:\WINDOWS\system32\SrchSTS.exe"
"C:\WINDOWS\system32\tmp.reg"
"C:\WINDOWS\system32\VACFix.exe"
"C:\WINDOWS\system32\VCCLSID.exe"
"C:\WINDOWS\system32\WS2Fix.exe"
"C:\WINDOWS\winstart.bat"
"C:\Documents and Settings\HP_Propri‚taire\RefEdit.exd"
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
404Fix.exe.Kill'em
dumphive.exe.Kill'em
hosts.msn.Kill'em
IEDFix.exe.Kill'em
Process.exe.Kill'em
ps2.bat.Kill'em
RefEdit.exd.Kill'em
Sonyhcp.dll.Kill'em
SrchSTS.exe.Kill'em
tmp.reg.Kill'em
VACFix.exe.Kill'em
VCCLSID.exe.Kill'em
winstart.bat.Kill'em
WS2Fix.exe.Kill'em
_psisdecd.dll.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
============
Disk Cleaned
============
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Résultat OTL :
l'EXTRA
OTL Extras logfile created on: 22/12/2009 19:47:10 - Run 2
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\HP_Propriétaire\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
958,00 Mb Total Physical Memory | 285,00 Mb Available Physical Memory | 30,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180,45 Gb Total Space | 53,48 Gb Free Space | 29,64% Space Free | Partition Type: NTFS
Drive D: | 5,84 Gb Total Space | 0,54 Gb Free Space | 9,24% Space Free | Partition Type: FAT32
Drive E: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ANTHONY
Current User Name: HP_Propriétaire
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard
[color=#E56717]========== Extra Registry (All) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe" %1 ()
https [open] -- "C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe" %1 ()
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"4662:TCP" = 4662:TCP:*:Enabled:emule
"4672:UDP" = 4672:UDP:*:Enabled:emule udp
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10824:TCP" = 10824:TCP:*:Enabled:TCP
"10834:TCP" = 10834:TCP:*:Enabled:UDP
"6346:TCP" = 6346:TCP:*:Disabled:SHAREAZA
"6346:UDP" = 6346:UDP:*:Disabled:SHAREAZA
"7394:TCP" = 7394:TCP:*:Enabled:BitComet 7394 TCP
"7394:UDP" = 7394:UDP:*:Enabled:BitComet 7394 UDP
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" = C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema -- File not found
"C:\Program Files\CyberLink\PowerCinema\PCMService.exe" = C:\Program Files\CyberLink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- ()
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL France -- File not found
"C:\Program Files\WINSOS\winsos.exe" = C:\Program Files\Winsos\winsos.exe:*:Enabled:Winsos -- File not found
"C:\Program Files\WINSOS\anti-spy.exe" = C:\Program Files\Winsos\anti-spy.exe:*:Enabled:anti-spy Winsos -- File not found
"C:\Program Files\WINSOS\help.exe" = C:\Program Files\Winsos\help.exe:*:Enabled:Winsos Help -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Disabled:Azureus -- File not found
"C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat" = C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:*:Enabled:La Bataille pour la Terre du Milieu(tm) -- ()
"C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat" = C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:*:Enabled:La Bataille pour la Terre du Milieu ™ II -- (Electronic Arts Inc.)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat" = C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:*:Enabled:LSDA, L'Avènement du Roi-sorcier™ -- (Electronic Arts Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"J:\PES2009\Crack\pes2009.exe" = J:\PES2009\Crack\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- File not found
"C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\patchget.dat" = C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = Panneau de contrôle ATI
"{0CA6047C-D28B-4295-834A-07C52BA20C2D}" = Extension de Windows Live Toolbar (Windows Live Toolbar)
"{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}" = Menus intelligents (Windows Live Toolbar)
"{10110FE9-1EE8-4A3D-ADFD-1294F86BE5FC}" = Logitech QuickCam
"{151A0119-BAB2-44DD-A778-3CE9C96C018B}_is1" = List_Kill'em 1.1.6.0
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Amélioration de nos services
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = La Bataille pour la Terre du Milieu™ II
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = La Bataille pour la Terre du Milieu(tm)
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4E074808-1B86-4230-A9EB-0904942EC4AE}" = LEGO Star Wars II
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Services Internet
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Connexion Facile à Internet
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90240409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Resource Kit
"{90260409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage
"{9084040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A059DE09-1B49-4450-B340-7AE097EC3F04}" = Microsoft Works
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1 - Français
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = L'Avènement du Roi-sorcier™
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C514C594-23AA-4F13-A070-DB8BDB27594F}" = Windows Live Mail
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Appareils photos Photosmart 5.0
"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E073D315-3C54-44BF-A1B2-B5583AEA618C}" = muvee autoProducer 4.5
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E31C348B-63A9-4CBF-8D7F-D932ABB63244}" = Ad-Aware 2007
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E916E61F-DE9D-4EAF-91E1-CEB50016326A}" = Navigation par onglets (Windows Live Toolbar)
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}" = Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"CSCLIB" = Canon Camera Support Core Library
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"eMule" = eMule
"EOS Utility" = Canon Utilities EOS Utility
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FranceTelecomUninstall_FTBrowser" = Navigateur Orange
"GestionnaireInternet.exe" = Gestionnaire Internet
"Google Updater" = Outil de mise à jour Google
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IEAK5" = Microsoft Internet Explorer Administration Kit 5
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Amélioration de nos services
"InstallShield_{4E074808-1B86-4230-A9EB-0904942EC4AE}" = LEGO Star Wars II
"InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Services Internet
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Connexion Facile à Internet
"Language pack for Ad-Aware SE" = Language pack for Ad-Aware SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator 2.0" = Canon MP Navigator 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PhotoStitch" = Canon Utilities PhotoStitch
"PS2" = PS2
"QcDrv" = Programme de gestion Camera de Logitech®
"QuickTime" = QuickTime
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SpeedRam2" = SpeedRam2
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"VLC media player" = VideoLAN VLC media player 0.8.1
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"Zuma Deluxe" = Zuma Deluxe
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-1894360077-4071360050-4040625548-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Antivirus Events ]
Error - 05/01/2007 03:43:23 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\WDP-ASH-UPDSCRIPT.VBS failed, 00000005.
Error - 05/01/2007 07:44:34 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\WDP-ASH-UPDSCRIPT.VBS failed, 00000005.
Error - 05/01/2007 07:44:34 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\WDP-ASH-UPDSCRIPT.VBS failed, 00000005.
Error - 05/10/2008 12:10:09 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\Autorun.exe failed, 0000A474.
Error - 09/05/2009 13:47:28 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
J:\lol sophie marceau\Laughing.Out.Loud.FRENCH.TS.MD.XViD-RaCcOoN.avi failed, 0000A420.
Error - 22/05/2009 12:40:18 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\DCIM\100CANON\IMG_1169.JPG failed, 00000005.
Error - 21/06/2009 15:17:01 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
K:\Le Dessous Des Cartes - France Politique Etrangere.avi failed, 0000001E.
Error - 21/06/2009 15:17:39 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
K:\le monde selon monsanto(reportage arte) ok le bon en xvid.avi failed, 0000A420.
Error - 07/11/2009 15:32:48 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\IZTU59SO\search[1]
failed, 0000A413.
Error - 08/11/2009 10:24:50 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.fr/complete/search?hl=fr&pq=les%20lorientaises&q=les%20lorientaises%20cros&cp=21
failed, 0000A413.
[ Application Events ]
Error - 21/11/2009 13:38:24 | Computer Name = ANTHONY | Source = Application Error | ID = 1000
Description = Application défaillante legostarwarsii.exe, version 1.0.0.0, module
défaillant legostarwarsii.exe, version 1.0.0.0, adresse de défaillance 0x00197aac.
Error - 22/11/2009 07:17:01 | Computer Name = ANTHONY | Source = Application Hang | ID = 1002
Description = Application bloquée uiemaw.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.
Error - 27/11/2009 15:42:10 | Computer Name = ANTHONY | Source = MsiInstaller | ID = 10005
Description = Produit : Windows Live Mail -- Windows Installer a rencontré une erreur
inattendue lors de l'installation de ce package. Il s'agit peut-être d'un problème
lié au package. Le code d'erreur est 2762. Les arguments sont : , ,
Error - 27/11/2009 15:42:14 | Computer Name = ANTHONY | Source = MsiInstaller | ID = 10005
Description = Produit : Windows Live Communications Platform -- Windows Installer
a rencontré une erreur inattendue lors de l'installation de ce package. Il s'agit
peut-être d'un problème lié au package. Le code d'erreur est 2762. Les arguments
sont : , ,
Error - 27/11/2009 15:42:14 | Computer Name = ANTHONY | Source = MsiInstaller | ID = 10005
Description = Produit : Windows Live Communications Platform -- Windows Installer
a rencontré une erreur inattendue lors de l'installation de ce package. Il s'agit
peut-être d'un problème lié au package. Le code d'erreur est 2762. Les arguments
sont : , ,
Error - 09/12/2009 12:47:21 | Computer Name = ANTHONY | Source = Application Error | ID = 1000
Description = Application défaillante woobrowser.exe, version 5.9.2.0, module défaillant
styleihm.dll, version 11.0.0.0, adresse de défaillance 0x000659f2.
Error - 09/12/2009 12:47:24 | Computer Name = ANTHONY | Source = Application Error | ID = 1000
Description = Application défaillante woobrowser.exe, version 5.9.2.0, module défaillant
styleihm.dll, version 11.0.0.0, adresse de défaillance 0x0000b894.
Error - 13/12/2009 05:14:43 | Computer Name = ANTHONY | Source = Application Hang | ID = 1002
Description = Application bloquée WOOBrowser.exe, version 5.9.2.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 18/12/2009 13:20:26 | Computer Name = ANTHONY | Source = Application Hang | ID = 1002
Description = Application bloquée msnmsgr.exe, version 14.0.8089.726, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 22/12/2009 13:20:28 | Computer Name = ANTHONY | Source = Application Error | ID = 1000
Description = Application défaillante woobrowser.exe, version 5.9.2.0, module défaillant
styleihm.dll, version 11.0.0.0, adresse de défaillance 0x000659f2.
[ Canal+ Events ]
Error - 04/05/2009 12:38:33 | Computer Name = ANTHONY | Source = VideoOnDemand | ID = 0
Description = ServicesAdapter::ProcessRequest : Accès refusé.
[ Canal+ Events ]
Error - 04/05/2009 12:38:33 | Computer Name = ANTHONY | Source = VideoOnDemand | ID = 0
Description = ServicesAdapter::ProcessRequest : Accès refusé.
[ System Events ]
Error - 22/12/2009 13:18:47 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80U.DLL.
Message
d'erreur de référence : Opération réussie. .
Error - 22/12/2009 13:18:47 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.
Error - 22/12/2009 13:18:47 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.
Error - 22/12/2009 13:18:47 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80U.DLL.
Message
d'erreur de référence : Opération réussie. .
Error - 22/12/2009 13:19:24 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.
Error - 22/12/2009 13:19:24 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.
Error - 22/12/2009 13:19:24 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80.DLL.
Message
d'erreur de référence : Opération réussie. .
Error - 22/12/2009 13:19:24 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.
Error - 22/12/2009 13:19:24 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.
Error - 22/12/2009 13:19:24 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80.DLL.
Message
d'erreur de référence : Opération réussie. .
< End of report >
et le OTL :
OTL logfile created on: 22/12/2009 19:47:10 - Run 2
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\HP_Propriétaire\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
958,00 Mb Total Physical Memory | 285,00 Mb Available Physical Memory | 30,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180,45 Gb Total Space | 53,48 Gb Free Space | 29,64% Space Free | Partition Type: NTFS
Drive D: | 5,84 Gb Total Space | 0,54 Gb Free Space | 9,24% Space Free | Partition Type: FAT32
Drive E: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ANTHONY
Current User Name: HP_Propriétaire
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard
[color=#E56717]========== Processes (All) ==========[/color]
PRC - [2009/12/21 15:26:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Propriétaire\Bureau\otl.exe
PRC - [2009/08/17 17:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/08/17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/08/17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/08/17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/06 18:24:06 | 00,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
PRC - [2009/07/26 16:44:52 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/09 11:08:26 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2007/06/13 14:22:28 | 01,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/30 20:14:20 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/02/16 20:17:53 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2006/11/15 22:03:36 | 00,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/11/15 22:01:52 | 00,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
PRC - [2006/11/15 21:58:40 | 00,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/10/31 01:03:48 | 00,284,184 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
PRC - [2006/06/26 10:34:58 | 00,166,448 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\QuickCam10\COCIManager.exe
PRC - [2005/12/19 01:26:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2005/12/06 14:53:30 | 00,819,200 | ---- | M] (France Télécom R&D) -- C:\Program Files\Wanadoo\GestionnaireInternet.exe
PRC - [2005/11/28 16:41:40 | 00,249,856 | ---- | M] (France Télécom R&D) -- C:\Program Files\Wanadoo\ComComp.exe
PRC - [2005/08/14 06:29:40 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/08/14 04:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/06/11 00:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2005/05/12 06:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2005/02/02 23:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2004/11/15 17:58:56 | 00,344,064 | ---- | M] () -- C:\Program Files\Wanadoo\WOOBrowser\WOOBrowser.exe
PRC - [2004/11/02 15:31:20 | 00,069,632 | ---- | M] (France Telecom R&D) -- C:\Program Files\Wanadoo\Toaster.exe
PRC - [2004/10/27 11:30:44 | 00,032,768 | ---- | M] () -- C:\Program Files\Wanadoo\Inactivity.exe
PRC - [2004/10/27 11:07:06 | 00,069,632 | ---- | M] () -- C:\Program Files\Wanadoo\PollingModule.exe
PRC - [2004/10/21 07:50:52 | 00,045,056 | ---- | M] () -- C:\WINDOWS\system32\AlertModule\AlertModule.exe
PRC - [2004/10/14 00:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2004/10/05 17:00:12 | 00,061,440 | ---- | M] (France Télécom R&D) -- C:\Program Files\Wanadoo\TaskBarIcon.exe
PRC - [2004/09/07 21:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [2004/08/23 14:49:56 | 00,020,480 | ---- | M] (France Télécom R&D) -- C:\Program Files\Wanadoo\Watch.exe
PRC - [2004/08/23 13:49:56 | 00,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\system32\FTRTSVC.exe
PRC - [2004/08/05 12:00:00 | 00,506,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2004/08/05 12:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2004/08/05 12:00:00 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2004/08/05 12:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2004/08/05 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2004/08/05 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2004/08/05 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2004/08/05 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2004/08/05 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2004/08/05 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2004/08/05 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER]
PRC - [2004/08/05 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2004/08/05 12:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2004/08/05 12:00:00 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2003/05/08 10:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PRC - [2000/08/06 01:03:20 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [1998/05/07 17:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\WINDOWS\system\hpsysdrv.exe
[color=#E56717]========== Modules (All) ==========[/color]
MOD - [2009/12/21 15:26:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Propriétaire\Bureau\otl.exe
MOD - [2009/06/25 09:44:40 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009/04/15 16:30:31 | 00,583,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009/03/21 15:20:10 | 01,051,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009/02/27 06:07:38 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime
MOD - [2009/02/09 11:20:31 | 00,685,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009/02/09 11:20:30 | 00,739,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008/10/23 14:00:15 | 00,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008/07/03 14:03:11 | 08,517,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008/02/26 13:00:31 | 00,294,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll
MOD - [2007/12/04 19:41:36 | 00,550,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2007/03/08 16:37:50 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2006/11/15 22:03:24 | 00,092,960 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
MOD - [2006/09/14 09:38:06 | 00,474,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2006/08/25 16:51:12 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 22:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2005/07/26 12:40:00 | 01,284,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2004/10/26 09:49:34 | 00,028,672 | ---- | M] () -- C:\Program Files\Wanadoo\Inactivity.dll
MOD - [2004/08/05 12:00:00 | 01,003,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2004/08/05 12:00:00 | 00,731,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2004/08/05 12:00:00 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2004/08/05 12:00:00 | 00,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2004/08/05 12:00:00 | 00,146,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2004/08/05 12:00:00 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2004/08/05 12:00:00 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2004/08/05 12:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2004/08/05 12:00:00 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2004/08/05 12:00:00 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2003/05/08 10:00:46 | 00,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll
[color=#E56717]========== Win32 Services (All) ==========[/color]
SRV - [2009/08/17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/08/17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/08/17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/08/17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/06/10 07:30:54 | 00,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/24 18:25:09 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/09 11:20:31 | 00,399,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Appel de procédure distante (RPC)
SRV - [2009/02/09 11:20:31 | 00,399,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/09 11:08:26 | 00,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/09 11:08:26 | 00,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/07 21:31:48 | 00,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 18:41:06 | 00,247,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) NLA (Network Location Awareness)
SRV - [2008/02/20 06:35:05 | 00,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2007/08/20 10:52:01 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) [On_Demand | Stopped] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
SRV - [2007/07/06 13:02:26 | 00,561,152 | ---- | M] (Lavasoft AB) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/02/05 21:19:06 | 00,185,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2006/12/19 22:49:47 | 00,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2006/12/19 22:49:47 | 00,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2006/12/19 22:49:47 | 00,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2006/12/19 19:17:50 | 00,334,336 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Acquisition d'image Windows (WIA)
SRV - [2006/11/15 22:05:40 | 00,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/11/15 22:03:36 | 00,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/18 21:47:16 | 00,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc)
SRV - [2006/06/22 11:48:06 | 00,181,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2006/05/19 14:23:35 | 00,112,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) [On_Demand | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/01/04 04:35:11 | 00,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2005/12/19 01:26:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/08/22 19:35:10 | 00,197,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2005/08/14 06:29:40 | 00,376,832 | ---- | M] (
l'EXTRA
OTL Extras logfile created on: 22/12/2009 19:47:10 - Run 2
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\HP_Propriétaire\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
958,00 Mb Total Physical Memory | 285,00 Mb Available Physical Memory | 30,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180,45 Gb Total Space | 53,48 Gb Free Space | 29,64% Space Free | Partition Type: NTFS
Drive D: | 5,84 Gb Total Space | 0,54 Gb Free Space | 9,24% Space Free | Partition Type: FAT32
Drive E: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ANTHONY
Current User Name: HP_Propriétaire
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard
[color=#E56717]========== Extra Registry (All) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe" %1 ()
https [open] -- "C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe" %1 ()
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"4662:TCP" = 4662:TCP:*:Enabled:emule
"4672:UDP" = 4672:UDP:*:Enabled:emule udp
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10824:TCP" = 10824:TCP:*:Enabled:TCP
"10834:TCP" = 10834:TCP:*:Enabled:UDP
"6346:TCP" = 6346:TCP:*:Disabled:SHAREAZA
"6346:UDP" = 6346:UDP:*:Disabled:SHAREAZA
"7394:TCP" = 7394:TCP:*:Enabled:BitComet 7394 TCP
"7394:UDP" = 7394:UDP:*:Enabled:BitComet 7394 UDP
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" = C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema -- File not found
"C:\Program Files\CyberLink\PowerCinema\PCMService.exe" = C:\Program Files\CyberLink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- ()
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL France -- File not found
"C:\Program Files\WINSOS\winsos.exe" = C:\Program Files\Winsos\winsos.exe:*:Enabled:Winsos -- File not found
"C:\Program Files\WINSOS\anti-spy.exe" = C:\Program Files\Winsos\anti-spy.exe:*:Enabled:anti-spy Winsos -- File not found
"C:\Program Files\WINSOS\help.exe" = C:\Program Files\Winsos\help.exe:*:Enabled:Winsos Help -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Disabled:Azureus -- File not found
"C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat" = C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:*:Enabled:La Bataille pour la Terre du Milieu(tm) -- ()
"C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat" = C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:*:Enabled:La Bataille pour la Terre du Milieu ™ II -- (Electronic Arts Inc.)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat" = C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:*:Enabled:LSDA, L'Avènement du Roi-sorcier™ -- (Electronic Arts Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"J:\PES2009\Crack\pes2009.exe" = J:\PES2009\Crack\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- File not found
"C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\patchget.dat" = C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = Panneau de contrôle ATI
"{0CA6047C-D28B-4295-834A-07C52BA20C2D}" = Extension de Windows Live Toolbar (Windows Live Toolbar)
"{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}" = Menus intelligents (Windows Live Toolbar)
"{10110FE9-1EE8-4A3D-ADFD-1294F86BE5FC}" = Logitech QuickCam
"{151A0119-BAB2-44DD-A778-3CE9C96C018B}_is1" = List_Kill'em 1.1.6.0
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Amélioration de nos services
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = La Bataille pour la Terre du Milieu™ II
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = La Bataille pour la Terre du Milieu(tm)
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4E074808-1B86-4230-A9EB-0904942EC4AE}" = LEGO Star Wars II
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Services Internet
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Connexion Facile à Internet
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90240409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Resource Kit
"{90260409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage
"{9084040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A059DE09-1B49-4450-B340-7AE097EC3F04}" = Microsoft Works
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1 - Français
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = L'Avènement du Roi-sorcier™
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C514C594-23AA-4F13-A070-DB8BDB27594F}" = Windows Live Mail
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Appareils photos Photosmart 5.0
"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E073D315-3C54-44BF-A1B2-B5583AEA618C}" = muvee autoProducer 4.5
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E31C348B-63A9-4CBF-8D7F-D932ABB63244}" = Ad-Aware 2007
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E916E61F-DE9D-4EAF-91E1-CEB50016326A}" = Navigation par onglets (Windows Live Toolbar)
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}" = Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"CSCLIB" = Canon Camera Support Core Library
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"eMule" = eMule
"EOS Utility" = Canon Utilities EOS Utility
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FranceTelecomUninstall_FTBrowser" = Navigateur Orange
"GestionnaireInternet.exe" = Gestionnaire Internet
"Google Updater" = Outil de mise à jour Google
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IEAK5" = Microsoft Internet Explorer Administration Kit 5
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Amélioration de nos services
"InstallShield_{4E074808-1B86-4230-A9EB-0904942EC4AE}" = LEGO Star Wars II
"InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Services Internet
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Connexion Facile à Internet
"Language pack for Ad-Aware SE" = Language pack for Ad-Aware SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator 2.0" = Canon MP Navigator 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PhotoStitch" = Canon Utilities PhotoStitch
"PS2" = PS2
"QcDrv" = Programme de gestion Camera de Logitech®
"QuickTime" = QuickTime
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SpeedRam2" = SpeedRam2
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"VLC media player" = VideoLAN VLC media player 0.8.1
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"Zuma Deluxe" = Zuma Deluxe
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-1894360077-4071360050-4040625548-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Antivirus Events ]
Error - 05/01/2007 03:43:23 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\WDP-ASH-UPDSCRIPT.VBS failed, 00000005.
Error - 05/01/2007 07:44:34 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\WDP-ASH-UPDSCRIPT.VBS failed, 00000005.
Error - 05/01/2007 07:44:34 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\WDP-ASH-UPDSCRIPT.VBS failed, 00000005.
Error - 05/10/2008 12:10:09 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\Autorun.exe failed, 0000A474.
Error - 09/05/2009 13:47:28 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
J:\lol sophie marceau\Laughing.Out.Loud.FRENCH.TS.MD.XViD-RaCcOoN.avi failed, 0000A420.
Error - 22/05/2009 12:40:18 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\DCIM\100CANON\IMG_1169.JPG failed, 00000005.
Error - 21/06/2009 15:17:01 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
K:\Le Dessous Des Cartes - France Politique Etrangere.avi failed, 0000001E.
Error - 21/06/2009 15:17:39 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
K:\le monde selon monsanto(reportage arte) ok le bon en xvid.avi failed, 0000A420.
Error - 07/11/2009 15:32:48 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\IZTU59SO\search[1]
failed, 0000A413.
Error - 08/11/2009 10:24:50 | Computer Name = ANTHONY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.fr/complete/search?hl=fr&pq=les%20lorientaises&q=les%20lorientaises%20cros&cp=21
failed, 0000A413.
[ Application Events ]
Error - 21/11/2009 13:38:24 | Computer Name = ANTHONY | Source = Application Error | ID = 1000
Description = Application défaillante legostarwarsii.exe, version 1.0.0.0, module
défaillant legostarwarsii.exe, version 1.0.0.0, adresse de défaillance 0x00197aac.
Error - 22/11/2009 07:17:01 | Computer Name = ANTHONY | Source = Application Hang | ID = 1002
Description = Application bloquée uiemaw.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.
Error - 27/11/2009 15:42:10 | Computer Name = ANTHONY | Source = MsiInstaller | ID = 10005
Description = Produit : Windows Live Mail -- Windows Installer a rencontré une erreur
inattendue lors de l'installation de ce package. Il s'agit peut-être d'un problème
lié au package. Le code d'erreur est 2762. Les arguments sont : , ,
Error - 27/11/2009 15:42:14 | Computer Name = ANTHONY | Source = MsiInstaller | ID = 10005
Description = Produit : Windows Live Communications Platform -- Windows Installer
a rencontré une erreur inattendue lors de l'installation de ce package. Il s'agit
peut-être d'un problème lié au package. Le code d'erreur est 2762. Les arguments
sont : , ,
Error - 27/11/2009 15:42:14 | Computer Name = ANTHONY | Source = MsiInstaller | ID = 10005
Description = Produit : Windows Live Communications Platform -- Windows Installer
a rencontré une erreur inattendue lors de l'installation de ce package. Il s'agit
peut-être d'un problème lié au package. Le code d'erreur est 2762. Les arguments
sont : , ,
Error - 09/12/2009 12:47:21 | Computer Name = ANTHONY | Source = Application Error | ID = 1000
Description = Application défaillante woobrowser.exe, version 5.9.2.0, module défaillant
styleihm.dll, version 11.0.0.0, adresse de défaillance 0x000659f2.
Error - 09/12/2009 12:47:24 | Computer Name = ANTHONY | Source = Application Error | ID = 1000
Description = Application défaillante woobrowser.exe, version 5.9.2.0, module défaillant
styleihm.dll, version 11.0.0.0, adresse de défaillance 0x0000b894.
Error - 13/12/2009 05:14:43 | Computer Name = ANTHONY | Source = Application Hang | ID = 1002
Description = Application bloquée WOOBrowser.exe, version 5.9.2.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 18/12/2009 13:20:26 | Computer Name = ANTHONY | Source = Application Hang | ID = 1002
Description = Application bloquée msnmsgr.exe, version 14.0.8089.726, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 22/12/2009 13:20:28 | Computer Name = ANTHONY | Source = Application Error | ID = 1000
Description = Application défaillante woobrowser.exe, version 5.9.2.0, module défaillant
styleihm.dll, version 11.0.0.0, adresse de défaillance 0x000659f2.
[ Canal+ Events ]
Error - 04/05/2009 12:38:33 | Computer Name = ANTHONY | Source = VideoOnDemand | ID = 0
Description = ServicesAdapter::ProcessRequest : Accès refusé.
[ Canal+ Events ]
Error - 04/05/2009 12:38:33 | Computer Name = ANTHONY | Source = VideoOnDemand | ID = 0
Description = ServicesAdapter::ProcessRequest : Accès refusé.
[ System Events ]
Error - 22/12/2009 13:18:47 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80U.DLL.
Message
d'erreur de référence : Opération réussie. .
Error - 22/12/2009 13:18:47 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.
Error - 22/12/2009 13:18:47 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.
Error - 22/12/2009 13:18:47 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80U.DLL.
Message
d'erreur de référence : Opération réussie. .
Error - 22/12/2009 13:19:24 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.
Error - 22/12/2009 13:19:24 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.
Error - 22/12/2009 13:19:24 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80.DLL.
Message
d'erreur de référence : Opération réussie. .
Error - 22/12/2009 13:19:24 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.
Error - 22/12/2009 13:19:24 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.
Error - 22/12/2009 13:19:24 | Computer Name = ANTHONY | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80.DLL.
Message
d'erreur de référence : Opération réussie. .
< End of report >
et le OTL :
OTL logfile created on: 22/12/2009 19:47:10 - Run 2
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\HP_Propriétaire\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
958,00 Mb Total Physical Memory | 285,00 Mb Available Physical Memory | 30,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180,45 Gb Total Space | 53,48 Gb Free Space | 29,64% Space Free | Partition Type: NTFS
Drive D: | 5,84 Gb Total Space | 0,54 Gb Free Space | 9,24% Space Free | Partition Type: FAT32
Drive E: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ANTHONY
Current User Name: HP_Propriétaire
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard
[color=#E56717]========== Processes (All) ==========[/color]
PRC - [2009/12/21 15:26:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Propriétaire\Bureau\otl.exe
PRC - [2009/08/17 17:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/08/17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/08/17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/08/17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/06 18:24:06 | 00,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
PRC - [2009/07/26 16:44:52 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/09 11:08:26 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2007/06/13 14:22:28 | 01,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/30 20:14:20 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/02/16 20:17:53 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2006/11/15 22:03:36 | 00,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/11/15 22:01:52 | 00,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
PRC - [2006/11/15 21:58:40 | 00,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/10/31 01:03:48 | 00,284,184 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
PRC - [2006/06/26 10:34:58 | 00,166,448 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\QuickCam10\COCIManager.exe
PRC - [2005/12/19 01:26:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2005/12/06 14:53:30 | 00,819,200 | ---- | M] (France Télécom R&D) -- C:\Program Files\Wanadoo\GestionnaireInternet.exe
PRC - [2005/11/28 16:41:40 | 00,249,856 | ---- | M] (France Télécom R&D) -- C:\Program Files\Wanadoo\ComComp.exe
PRC - [2005/08/14 06:29:40 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/08/14 04:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/06/11 00:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2005/05/12 06:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2005/02/02 23:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2004/11/15 17:58:56 | 00,344,064 | ---- | M] () -- C:\Program Files\Wanadoo\WOOBrowser\WOOBrowser.exe
PRC - [2004/11/02 15:31:20 | 00,069,632 | ---- | M] (France Telecom R&D) -- C:\Program Files\Wanadoo\Toaster.exe
PRC - [2004/10/27 11:30:44 | 00,032,768 | ---- | M] () -- C:\Program Files\Wanadoo\Inactivity.exe
PRC - [2004/10/27 11:07:06 | 00,069,632 | ---- | M] () -- C:\Program Files\Wanadoo\PollingModule.exe
PRC - [2004/10/21 07:50:52 | 00,045,056 | ---- | M] () -- C:\WINDOWS\system32\AlertModule\AlertModule.exe
PRC - [2004/10/14 00:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2004/10/05 17:00:12 | 00,061,440 | ---- | M] (France Télécom R&D) -- C:\Program Files\Wanadoo\TaskBarIcon.exe
PRC - [2004/09/07 21:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [2004/08/23 14:49:56 | 00,020,480 | ---- | M] (France Télécom R&D) -- C:\Program Files\Wanadoo\Watch.exe
PRC - [2004/08/23 13:49:56 | 00,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\system32\FTRTSVC.exe
PRC - [2004/08/05 12:00:00 | 00,506,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2004/08/05 12:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2004/08/05 12:00:00 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2004/08/05 12:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2004/08/05 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2004/08/05 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2004/08/05 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2004/08/05 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2004/08/05 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2004/08/05 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2004/08/05 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER]
PRC - [2004/08/05 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2004/08/05 12:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2004/08/05 12:00:00 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2003/05/08 10:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PRC - [2000/08/06 01:03:20 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [1998/05/07 17:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\WINDOWS\system\hpsysdrv.exe
[color=#E56717]========== Modules (All) ==========[/color]
MOD - [2009/12/21 15:26:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Propriétaire\Bureau\otl.exe
MOD - [2009/06/25 09:44:40 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009/04/15 16:30:31 | 00,583,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009/03/21 15:20:10 | 01,051,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009/02/27 06:07:38 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime
MOD - [2009/02/09 11:20:31 | 00,685,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009/02/09 11:20:30 | 00,739,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008/10/23 14:00:15 | 00,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008/07/03 14:03:11 | 08,517,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008/02/26 13:00:31 | 00,294,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll
MOD - [2007/12/04 19:41:36 | 00,550,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2007/03/08 16:37:50 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2006/11/15 22:03:24 | 00,092,960 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
MOD - [2006/09/14 09:38:06 | 00,474,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2006/08/25 16:51:12 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 22:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2005/07/26 12:40:00 | 01,284,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2004/10/26 09:49:34 | 00,028,672 | ---- | M] () -- C:\Program Files\Wanadoo\Inactivity.dll
MOD - [2004/08/05 12:00:00 | 01,003,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2004/08/05 12:00:00 | 00,731,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2004/08/05 12:00:00 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2004/08/05 12:00:00 | 00,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2004/08/05 12:00:00 | 00,146,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2004/08/05 12:00:00 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2004/08/05 12:00:00 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2004/08/05 12:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2004/08/05 12:00:00 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2004/08/05 12:00:00 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2003/05/08 10:00:46 | 00,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll
[color=#E56717]========== Win32 Services (All) ==========[/color]
SRV - [2009/08/17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/08/17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/08/17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/08/17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/06/10 07:30:54 | 00,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/24 18:25:09 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/09 11:20:31 | 00,399,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Appel de procédure distante (RPC)
SRV - [2009/02/09 11:20:31 | 00,399,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/09 11:08:26 | 00,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/09 11:08:26 | 00,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/07 21:31:48 | 00,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 18:41:06 | 00,247,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) NLA (Network Location Awareness)
SRV - [2008/02/20 06:35:05 | 00,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2007/08/20 10:52:01 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) [On_Demand | Stopped] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
SRV - [2007/07/06 13:02:26 | 00,561,152 | ---- | M] (Lavasoft AB) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/02/05 21:19:06 | 00,185,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2006/12/19 22:49:47 | 00,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2006/12/19 22:49:47 | 00,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2006/12/19 22:49:47 | 00,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2006/12/19 19:17:50 | 00,334,336 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Acquisition d'image Windows (WIA)
SRV - [2006/11/15 22:05:40 | 00,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/11/15 22:03:36 | 00,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/18 21:47:16 | 00,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc)
SRV - [2006/06/22 11:48:06 | 00,181,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2006/05/19 14:23:35 | 00,112,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) [On_Demand | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/01/04 04:35:11 | 00,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2005/12/19 01:26:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/08/22 19:35:10 | 00,197,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2005/08/14 06:29:40 | 00,376,832 | ---- | M] (
Desinstalle List_Kill'em
ensuite :
▶ Double clic sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\WINSOS\winsos.exe"=-
"C:\Program Files\WINSOS\anti-spy.exe"=-
"C:\Program Files\WINSOS\help.exe"=-
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"=-
"C:\Program Files\AOL 9.0\waol.exe"=-
"C:\Program Files\Azureus\Azureus.exe"=-
"C:\Program Files\BitComet\BitComet.exe"=-
"J:\PES2009\Crack\pes2009.exe"=-
:files
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\OD2
C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
C:\Documents and Settings\All Users\Application Data\SSScanWizard
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
ensuite :
▶ Double clic sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\WINSOS\winsos.exe"=-
"C:\Program Files\WINSOS\anti-spy.exe"=-
"C:\Program Files\WINSOS\help.exe"=-
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"=-
"C:\Program Files\AOL 9.0\waol.exe"=-
"C:\Program Files\Azureus\Azureus.exe"=-
"C:\Program Files\BitComet\BitComet.exe"=-
"J:\PES2009\Crack\pes2009.exe"=-
:files
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\OD2
C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
C:\Documents and Settings\All Users\Application Data\SSScanWizard
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
voici le rapport :
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WINSOS\winsos.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WINSOS\anti-spy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WINSOS\help.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AOL 9.0\waol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Azureus\Azureus.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitComet\BitComet.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\J:\PES2009\Crack\pes2009.exe deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Grisoft folder moved successfully.
C:\Documents and Settings\All Users\Application Data\OD2\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\OD2\Logs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\OD2\Branding\Sib21-2 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\OD2\Branding folder moved successfully.
C:\Documents and Settings\All Users\Application Data\OD2 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SSScanWizard folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: HP_Propriétaire
->Temp folder emptied: 48799 bytes
->Temporary Internet Files folder emptied: 6110149 bytes
->Java cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 6,00 mb
OTL by OldTimer - Version 3.1.19.0 log created on 12232009_102531
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_668.dat not found!
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WINSOS\winsos.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WINSOS\anti-spy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WINSOS\help.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AOL 9.0\waol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Azureus\Azureus.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitComet\BitComet.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\J:\PES2009\Crack\pes2009.exe deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Grisoft folder moved successfully.
C:\Documents and Settings\All Users\Application Data\OD2\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\OD2\Logs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\OD2\Branding\Sib21-2 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\OD2\Branding folder moved successfully.
C:\Documents and Settings\All Users\Application Data\OD2 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SSScanWizard folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: HP_Propriétaire
->Temp folder emptied: 48799 bytes
->Temporary Internet Files folder emptied: 6110149 bytes
->Java cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 6,00 mb
OTL by OldTimer - Version 3.1.19.0 log created on 12232009_102531
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_668.dat not found!
Registry entries deleted on Reboot...
c'est pas fini :
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Propriétaire at 2009-12-21 13:55:57
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 54 GB (29%) free of 185 GB
Total RAM: 958 MB (20% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:34, on 21/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\lotrbfme2ep1.exe
C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~e5.0001
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\rsit.exe
C:\Program Files\trend micro\HP_Propriétaire.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8761916ef5bc4a3babf61ef25d06b029
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8761916ef5bc4a3babf61ef25d06b029
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/51.28/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v10_fr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06CB4B82-BD71-4E55-988D-91B3A3BA53C2}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BCF93FB-5BA7-429E-871C-6B1B0720FA9C}: NameServer = 80.10.246.130,80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{06CB4B82-BD71-4E55-988D-91B3A3BA53C2}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{06CB4B82-BD71-4E55-988D-91B3A3BA53C2}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{06CB4B82-BD71-4E55-988D-91B3A3BA53C2}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe