AIDE pour supprimer WUAUCLFT

[Emmanuel86]

Bonjour,

Mon PC n'arrête pas d'ouvrir des fenêtres me disant que tel ou tel chose a cesser de fonctionner.
Au démarrage j'ai 2 ou 3 fenêtres me disant que j'ai des DLL manquantes

Dans la racine ordi/Emmanuel, je trouve une application nommée WUAUCLDT que je suppose être la raison de mon problème.

Voici le rapport en lançant hijackthis.log renommé chevaldestroy comme vu sur un forum précédent :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:14:42, on 26/04/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\TOSHIBA\SMOOTHVIEW\SMOOTHVIEW.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1199888360\EE\AOLSOFTWARE.EXE
C:\PROGRAM FILES\WINDOWS SIDEBAR\SIDEBAR.EXE
C:\PROGRAM FILES\IDM\DESKTOP SMS\DESKTOPSMS.EXE
C:\WINDOWS\RTHDVCPL.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\PIF\{B8E1DD85-8582-4C61-B58F-2F227FCA9A08}\PIFSVC.EXE
C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
C:\WINDOWS\EHOME\EHTRAY.EXE
C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\COMMON FILES\RESEARCH IN MOTION\AUTO UPDATE\RIMAUTOUPDATE.EXE
C:\WINDOWS\SYSTEM32\IGFXPERS.EXE
C:\PROGRAM FILES\TOSHIBA\POWER SAVER\TPWRMAIN.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\INTEL\INTEL MATRIX STORAGE MANAGER\IAANOTIF.EXE
C:\PROGRAM FILES\TOSHIBA\TOSCDSPD\TOSCDSPD.EXE
C:\PROGRAM FILES\TOSHIBA\CONFIGFREE\NDSTRAY.EXE
C:\PROGRAM FILES\TOSHIBA\FLASHCARDS\TCRDMAIN.EXE
C:\Users\Emmanuel\AppData\Local\ave.exe
C:\WINDOWS\SYSTEM32\HKCMD.EXE
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
C:\PROGRAM FILES\TRADEMANAGER\ALIIM.EXE
C:\Users\Emmanuel\WUAUCLDT.EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
C:\Windows\system32\svchost.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\PROGRAM FILES\TOSHIBA\CONFIGFREE\CFSWMGR.EXE
C:\Program Files\Windows Mail\WinMail.exe
C:\PROGRAM FILES\TRADEMANAGER\AliUpdate.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\Users\Emmanuel\Desktop\CHEVALDESTROY.EXE

O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: CMB FirmBank - {8667B276-362E-4a47-BCEB-7AD0E04BBB3F} - C:\Program Files\CMB\FirmBank\Bin\FirmBank.exe
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redire ... &site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.taobao.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: BvrpKrnl - Unknown owner - C:\Program Files\WinFax eXPert\BVRPKrnl.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Service Google Update (gupdate1ca75d3d6a0eba0) (gupdate1ca75d3d6a0eba0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5931 bytes

Vraiment, je n'y connais rien en informatique, aide bienvenue...

[bernard53]

bonjour

fait ceci comme scan plus complet.

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Custom scan/fixes"

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
vstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "Run Scan" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

[Emmanuel86]

Bonsoir Bernard53,

Je vous remercie d'avance pour votre aide

Pour info, durant le scan j'ai eu 2 fois l'apparition d'un fenêtre Microsoft windows m'informant que le processus hôte pour les service windows a cessé de fonctionner. Aussi, je n'ai plus accès à l'imprimante Cutepdf, ni à celle nommée XPS. et les problèmes ont commencé hier vers 15h15 et je vois que l'application nommée WUAUCLDT (C/Emmanuel/Wuaucldt) que je ne peux pas supprimer est aussi daté d'hier à la même heure...

voici le rapport demandé :



OTL Extras logfile created on: 26/04/2010 21:27:49 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Emmanuel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,96 Gb Total Space | 33,26 Gb Free Space | 44,37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 72,62 Gb Total Space | 67,57 Gb Free Space | 93,03% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-EMMANUEL
Current User Name: Emmanuel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Users\Emmanuel\AppData\Local\ave.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{45867CE5-58EE-4D8A-BF93-2EBE508202B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A5B65F9A-8A59-4458-AEB3-2B9795B41FBB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{ED3D158A-4E20-4623-9960-C96A67D89F15}" = lport=135 | protocol=6 | dir=in | name=port dcom (135) |
"{F00C8DCF-943B-4399-813F-402C5A812977}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A8EA9E6-8B1D-45B6-B708-EC877439514D}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{21B9F154-6BE3-4F2A-940D-5DF3ECCAC9E4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1199888360\ee\aolsoftware.exe |
"{293CA02D-0876-493F-BA27-E757A5952638}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{2962C8DD-679B-469A-B439-5125D88FFD1B}" = protocol=6 | dir=in | app=c:\pvsw\bin\w3dbsmgr.exe |
"{561E5911-5B35-4A82-AAD9-DE42C0D55750}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{5AEA4EB4-892B-4F57-9167-7AD26BCFE5CB}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{629DC1B8-4AE8-4F38-A9EC-1A24A6E86377}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{6764291A-A2B0-4C4C-8FF0-67197CD2E2FA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{6C7920F8-9678-4A38-9DA7-B78C3F86DE23}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{866F20C3-CB84-4D6F-A6B0-F95626CDD8FC}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{8E8A1DA2-1B5C-41E1-971B-BD2447508805}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{96189F44-35CF-415F-9A06-8A6742EE5532}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{AC523F14-A18F-4DB4-83FB-46DA0CC3C0D0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1199888360\ee\aolsoftware.exe |
"{AD81C262-02F4-45FF-A788-E52CE0FEA172}" = protocol=17 | dir=in | app=c:\pvsw\bin\w3dbsmgr.exe |
"{B54358C7-5990-43DD-8BCA-B60887F3633C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{B60B488A-5487-4E55-AE3E-18A68BE00D55}" = protocol=6 | dir=in | app=c:\users\emmanuel\appdata\roaming\facebook\facebook.exe |
"{C2085707-AC05-4231-A1E6-986C13EF9F31}" = protocol=17 | dir=in | app=c:\users\emmanuel\appdata\roaming\facebook\facebook.exe |
"{D03E9CA6-21A1-44B0-A358-A98C6BD7CC5F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{D078FA87-11EB-4EE6-B273-9ADA37F1D2CE}" = protocol=6 | dir=in | app=c:\program files\winfax expert\winfax.exe |
"{D244F160-4C04-4EAA-B94F-F2CE29E4054A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D96B6381-8B51-432B-BC5F-50C7BE55EF9D}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{DB26E47B-6A82-4735-8FA9-35D6D8AC4FBD}" = protocol=58 | dir=in | app=system |
"{E5F7967A-4ACB-4007-93CA-EFDFFC96D752}" = protocol=17 | dir=in | app=c:\program files\winfax expert\bvrpkrnl.exe |
"{EFEB8FC9-C375-441E-AF81-7A232BCD8065}" = protocol=6 | dir=in | app=c:\pvsw\bin\w3dbsmgr.exe |
"{F1976ACC-1446-409C-9418-F27222F453F1}" = protocol=6 | dir=in | app=c:\program files\winfax expert\bvrpkrnl.exe |
"{FBE7B780-B37D-4BD9-A6AB-2DF405AB7DDA}" = protocol=17 | dir=in | app=c:\pvsw\bin\w3dbsmgr.exe |
"{FDFF3A82-7890-4C39-AB1E-1A93E968000D}" = protocol=17 | dir=in | app=c:\program files\winfax expert\winfax.exe |
"{FF85F81A-CA9A-4F17-9D8C-BC0582621411}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"TCP Query User{90EAED1B-850C-41A7-9D2A-EB7FC1ECB28E}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{ABF7560B-5FF3-4B6B-A1B9-EED5F3A5E65C}C:\program files\trademanager\aliim.exe" = protocol=6 | dir=in | app=c:\program files\trademanager\aliim.exe |
"TCP Query User{E0EE5743-ABE0-4624-9C68-DC5ADAA378BC}C:\users\emmanuel\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\emmanuel\temp\teamviewer\version4\teamviewer.exe |
"UDP Query User{AE9C3F12-6B62-49D9-AA54-3A7289F8A739}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{B57533AC-048D-441D-BC3E-2D34BA7AA0E7}C:\users\emmanuel\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\emmanuel\temp\teamviewer\version4\teamviewer.exe |
"UDP Query User{EBB6C457-2B83-49D5-94FD-A1857A406BFE}C:\program files\trademanager\aliim.exe" = protocol=17 | dir=in | app=c:\program files\trademanager\aliim.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{04101638-6870-4CDA-9F76-5B577340A413}" = Ciel Gestion Commerciale 14.0
"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}" = Serif PhotoPlus 6.0
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0E1DA4EA-8CB4-4E0C-9EA9-6063EB628C3D}" = Ciel Immobilisations 14.0
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{49B85E35-3C56-4420-9A0A-D125348A2D7F}" = TOSHIBA Supervisor Password
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54AACB2A-9558-4437-A6A6-B564B6EDFCA6}" = WinFax eXPert
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5B1DD5AA-FF34-4D6E-A912-CB46BB7378DC}" = Manuels TOSHIBA
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{60E5167C-F720-47F2-A0FD-9B34F94A8DC8}" = WinFax eXPert
"{615E501A-7F7E-433C-979E-830D2B911FA3}" = Ciel Paye 14.20
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7A854D23-28BF-4B7F-8524-65933E326D64}" = Ciel Compta 14.10
"{7FFCBF5A-8E9F-430F-AC2C-0ADB28A0CA10}" = ANNUWEB EUROPE
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8B81CF96-0223-40E9-B6E7-1461F450B605}" = TOSHIBA Hardware Setup
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit du lecteur de CD/DVD
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.4 - Français
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}" = Canon MP450
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Logiciel Kodak EasyShare
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Codeur Windows Media Série 9
"{E80B8E43-EC59-4ECF-B15B-194A6B86DE46}" = Google SketchUp 7
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Toolbar 4.0" =
"BlackBerry_{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CMBPB40" = ÕÐÐÐרҵ°æ
"CutePDF Writer Installation" = CutePDF Writer 2.7
"FirmBank" = CMB FirmBank
"FTP Site Manager" = FTP Site Manager
"GMailFS" = GMail Drive Shell Extension
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{49B85E35-3C56-4420-9A0A-D125348A2D7F}" = TOSHIBA Supervisor Password
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{8B81CF96-0223-40E9-B6E7-1461F450B605}" = TOSHIBA Hardware Setup
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"La boite a couleurs_is1" = La boite a couleurs version 1.6.15
"LMSOFT Web Creator Pro 4" = LMSOFT Web Creator Pro 4
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP Navigator 2.0" = Canon MP Navigator 2.0
"Neuf_TV_PC" = TV sur PC
"PilotExpo" = PilotExpo
"Programme de désinstallation AOL" = AOL - Assistant de désinstallation
"PROPLUS" = Microsoft Office Professional Plus 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TellmeMoreV50" = TeLL me More CJ
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TradeManager 2008" = TradeManager 2008
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6b
"Web Creator Pro 5" = LMSOFT Web Creator Pro 5
"Windows Media Encoder 9" = Codeur Windows Media Série 9
"WinGimp-2.0_is1" = GIMP 2.4.2
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"56cef8daa7aa530d" = RJCapture 3.2
"E-SPREADER" = E-Spreader
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[bernard53]

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Custom scan/fixes"

:Files
C:\Users\Emmanuel\AppData\Local\ave.exe
C:\Users\Emmanuel\WUAUCLDT.EXE

:Commands
[emptytemp]

* Cliques sur l'icône Run Fix (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés


Ensuite::

Installe Malewarebytes' Antimalware,
Téléchargement et tuto

*** Met-le à jour puis choisi, Exécuter un examen complet

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

Poste le rapport final.
*** il est conseillé de désactivé Tea-Timer si tu as Spybot-S&D juste le temps du scan.

Voici comment faire: Lancez Spybot-S&D, passez en Mode avancé via le Menu Mode (en haut) → cliquez sur Oui--> choisissez Outils dans la barre de navigation sur la gauche -->Résident et là vous pouvez décocher les cases situées devant les deux outils.

[Emmanuel86]

re,

voici le nouveau rapport OTL :
OTL logfile created on: 26/04/2010 22:22:43 - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Emmanuel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,96 Gb Total Space | 33,24 Gb Free Space | 44,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 72,62 Gb Total Space | 67,57 Gb Free Space | 93,03% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-EMMANUEL
Current User Name: Emmanuel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Emmanuel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Emmanuel\AppData\Local\ave.exe ()
PRC - C:\Users\Emmanuel\WUAUCLDT.EXE ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\trademanager\AliUpdate.exe (Alibaba software (Shanghai) Corporation.)
PRC - C:\Program Files\trademanager\AliIM.exe (Alibaba software (Shanghai) Corporation.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\aol\1199888360\ee\aolsoftware.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Emmanuel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (BvrpKrnl) -- C:\Program Files\WinFax eXPert\BvrpKrnl.exe ()
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ProtexisLicensing) -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe ()
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (CMB8100) -- C:\Windows\System32\drivers\CertClient.dat ()
DRV - (CMBProtector) -- C:\Windows\System32\drivers\CMBProtector.dat ()
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (NETw4v32) Pilote de carte Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (QIOMem) -- C:\Windows\System32\drivers\QIOMem.sys (TOSHIBA)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Pilote de carte Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/25 21:09:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/25 21:09:40 | 000,000,000 | ---D | M]

[2008/08/29 09:46:48 | 000,000,000 | ---D | M] -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Extensions
[2010/04/26 17:31:35 | 000,000,000 | ---D | M] -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\mky1c92n.default\extensions
[2009/09/03 10:41:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\mky1c92n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/15 08:23:13 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\mky1c92n.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2010/04/25 21:09:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 19:07:29 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/01 19:07:29 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/01 19:07:29 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/01 19:07:29 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/01 19:07:29 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
O4 - HKLM..\Run: [EoEngine] File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1199888360\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [OPSE reminder] C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [aliim] C:\Program Files\trademanager\AliIM.exe (Alibaba software (Shanghai) Corporation.)
O4 - HKCU..\Run: [atmclbCMP] C:\Users\Emmanuel\AppData\Local\atmclbCMP\atmclbCMP.DLL ()
O4 - HKCU..\Run: [audiolocal64] C:\Users\Emmanuel\AppData\Local\audiolocal64\audiolocal64.DLL ()
O4 - HKCU..\Run: [BrowserChoice] C:\Windows\System32\BROWSERCHOICE.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [d3davilibrary] C:\Users\Emmanuel\AppData\Local\d3davilibrary\d3davilibrary.DLL ()
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [Regedit32] C:\Windows\System32\regedit.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [syncman] c:\users\emmanuel\wuaucldt.exe ()
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - Startup: C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monxga32.exe ()
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\Program Files\AOL\AOL Toolbar 4.0\resources\fr-FR\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL)
O9 - Extra Button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: CMB FirmBank - {8667B276-362E-4a47-BCEB-7AD0E04BBB3F} - C:\Program Files\CMB\FirmBank\Bin\Firmbank.exe (招商银行)
O9 - Extra Button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Emmanuel\Documents\PERSO\photo famille.jpg
O24 - Desktop BackupWallPaper: C:\Users\Emmanuel\Documents\PERSO\photo famille.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ff2904b-e1ba-11dc-ae23-00038a000015}\Shell\AutoRun\command - "" = servet.exe
O33 - MountPoints2\{51d434eb-c37e-11dc-b8fa-00038a000015}\Shell\AutoRun\command - "" = wscript.exe .\.vbs
O33 - MountPoints2\{51d434eb-c37e-11dc-b8fa-00038a000015}\Shell\open\command - "" = wscript.exe .\.vbs
O33 - MountPoints2\{db4b3f3c-ea72-11dc-b82e-00038a000015}\Shell\Auto\command - "" = AdobeR.exe e
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = secfile] -- "C:\Users\Emmanuel\AppData\Local\ave.exe" /START "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2010/04/26 22:16:46 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Emmanuel\Desktop\mbam-setup.exe
[2010/04/26 21:25:36 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe
[2010/04/26 17:51:19 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Local\audiolocal64
[2010/04/26 14:09:39 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Emmanuel\Desktop\chevaldestroy.exe
[2010/04/26 13:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/04/26 13:51:23 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/04/26 13:51:20 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/04/26 13:51:19 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/04/26 13:48:31 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/04/26 13:48:18 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/04/26 13:48:09 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/04/26 13:48:09 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/04/26 13:48:08 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/04/26 13:48:08 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/04/26 13:48:07 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/04/26 13:48:07 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/04/26 13:48:07 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/04/26 13:48:06 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/04/26 13:48:06 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/04/26 13:48:06 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/04/26 13:48:06 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/04/26 13:48:04 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/04/26 13:48:03 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/04/26 13:48:02 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/04/26 13:48:01 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/04/26 13:48:00 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/04/26 13:48:00 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/04/26 13:47:59 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/04/26 13:47:59 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/04/26 13:47:59 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/04/26 13:47:58 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/04/26 13:47:58 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/04/26 13:47:57 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/04/26 13:46:05 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/04/26 13:46:05 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/04/26 13:45:53 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/04/26 13:45:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2010/04/26 13:45:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2010/04/26 13:45:42 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/04/26 13:45:41 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/04/26 13:45:41 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2010/04/26 13:45:41 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/04/26 13:45:41 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/04/26 13:45:41 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/04/26 13:45:40 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/04/26 13:41:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/04/26 13:41:11 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/04/26 12:48:47 | 000,000,000 | R--D | C] -- C:\Users\Emmanuel\Favorites
[2010/04/26 08:42:00 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/26 08:41:36 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/04/26 08:41:25 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/04/26 08:41:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/04/26 08:41:22 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/04/26 08:15:05 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\Documents\Mes Historiques de Conversation
[2010/04/26 08:14:40 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Local\atmclbCMP
[2010/04/25 22:14:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/04/25 22:14:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/04/25 22:14:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/04/25 21:23:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/04/25 21:23:52 | 000,000,000 | ---D | C] -- C:\c7bf8a7a9d2cd0a356974fc112adaf67
[2010/04/25 17:59:29 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Local\avG
[2010/04/25 17:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\avG
[2010/04/25 17:51:33 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/04/25 17:49:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/25 17:49:47 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/25 17:49:46 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/25 17:49:46 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/25 17:49:46 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/04/25 17:49:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/25 17:49:45 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/25 17:49:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/25 17:49:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/25 17:49:44 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/04/25 17:49:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/04/25 17:49:43 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/25 17:49:43 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/25 17:49:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/04/25 17:49:42 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/25 17:47:20 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/04/25 17:47:20 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/04/25 17:47:20 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/04/25 17:47:19 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/04/25 17:47:19 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/04/25 17:47:19 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/04/25 17:47:19 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/04/25 17:47:19 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/04/25 17:47:18 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/04/25 17:47:18 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/04/25 17:47:17 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/04/25 17:47:17 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/04/25 17:47:17 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/04/25 17:47:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/04/25 17:47:17 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/04/25 17:47:15 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/04/25 17:47:14 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/04/25 17:47:14 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/04/25 17:47:12 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/04/25 17:47:12 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/04/25 17:47:11 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/04/25 17:47:11 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/04/25 17:47:11 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/04/25 17:47:11 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/04/25 17:47:11 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/04/25 15:20:31 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Local\d3davilibrary
[2010/04/22 21:29:35 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\CACHE
[2010/04/22 21:29:22 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\LMSOFT
[2010/04/18 22:27:01 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\~LM02698.tmp
[2010/04/18 22:26:54 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\~LM02697.tmp
[2010/04/18 22:26:46 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\~LM02696.tmp
[2010/04/18 22:26:44 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\~LM02695.tmp
[2010/04/18 22:26:38 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\~LM02694.tmp
[2010/04/18 22:26:25 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\~LM02693.tmp
[2010/04/17 22:22:03 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\~LM02692.tmp
[2010/04/17 21:19:59 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\~LM02691.tmp
[2010/04/17 20:11:28 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\~LM02690.tmp
[2010/04/17 20:09:37 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\~LM02689.tmp
[2010/04/17 20:08:16 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\~LM02688.tmp
[2010/04/17 20:08:08 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\~LM02687.tmp
[2010/04/15 07:50:04 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/15 07:50:04 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/15 07:49:51 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/15 07:49:51 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/12 16:25:02 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\Blackberry Desktop
[2010/04/12 16:14:42 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\Research In Motion
[2010/04/12 16:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/04/12 16:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/04/12 16:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/04/02 22:12:49 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\~LM02686.tmp
[2010/04/02 22:11:57 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\~LM02685.tmp
[2698 C:\Users\Emmanuel\AppData\Roaming\*.tmp files -> C:\Users\Emmanuel\AppData\Roaming\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/26 22:24:26 | 005,505,024 | -HS- | M] () -- C:\Users\Emmanuel\ntuser.dat
[2010/04/26 22:24:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/26 22:17:38 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Emmanuel\Desktop\mbam-setup.exe
[2010/04/26 22:03:24 | 000,012,114 | -HS- | M] () -- C:\Users\Emmanuel\AppData\Local\W1V4gTA17lv6V
[2010/04/26 22:03:24 | 000,012,114 | -HS- | M] () -- C:\ProgramData\W1V4gTA17lv6V
[2010/04/26 21:25:37 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe
[2010/04/26 21:02:06 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/26 21:02:06 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/26 19:23:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/26 17:08:34 | 001,478,524 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/26 17:08:34 | 000,672,322 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/04/26 17:08:34 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/26 17:08:34 | 000,124,434 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/04/26 17:08:34 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/26 17:02:21 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/26 17:02:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/26 16:59:57 | 000,524,288 | -HS- | M] () -- C:\Users\Emmanuel\ntuser.dat{a9bd943f-84f1-11dd-a996-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/04/26 16:59:57 | 000,065,536 | -HS- | M] () -- C:\Users\Emmanuel\ntuser.dat{a9bd943f-84f1-11dd-a996-00038a000015}.TM.blf
[2010/04/26 16:59:38 | 001,712,968 | -H-- | M] () -- C:\Users\Emmanuel\AppData\Local\IconCache.db
[2010/04/26 16:36:26 | 000,011,945 | ---- | M] () -- C:\Users\Emmanuel\Documents\Gilles.docx
[2010/04/26 14:09:46 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Emmanuel\Desktop\chevaldestroy.exe
[2010/04/26 13:56:34 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/04/26 13:55:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/04/25 22:21:39 | 000,396,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/25 21:09:46 | 000,001,689 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/25 21:06:44 | 000,001,594 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Choix de navigateur .lnk
[2010/04/25 21:02:47 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{26D32568-7A79-453A-A49C-6A897A1A4767}.job
[2010/04/25 18:05:36 | 000,012,094 | -HS- | M] () -- C:\Users\Emmanuel\AppData\Local\480676771
[2010/04/25 18:05:36 | 000,012,094 | -HS- | M] () -- C:\ProgramData\480676771
[2010/04/25 15:55:52 | 001,083,990 | ---- | M] () -- C:\Users\Emmanuel\.recently-used.xbel
[2010/04/25 15:20:32 | 000,222,720 | -HS- | M] () -- C:\Users\Emmanuel\AppData\Local\ave.exe
[2010/04/25 15:16:55 | 000,029,440 | ---- | M] () -- C:\Users\Emmanuel\wuaucldt.exe
[2010/04/25 15:16:55 | 000,000,012 | ---- | M] () -- C:\Users\Emmanuel\AppData\Roaming\kcmdte.dat
[2010/04/25 15:16:51 | 000,000,004 | ---- | M] () -- C:\Users\Emmanuel\AppData\Roaming\avdrn.dat
[2010/04/22 21:27:00 | 000,001,912 | ---- | M] () -- C:\Users\Emmanuel\Desktop\LMSOFT Web Creator Pro 5.lnk
[2010/04/22 21:16:48 | 082,769,736 | ---- | M] () -- C:\Users\Emmanuel\Desktop\WC5ProInstall200.EXE
[2010/04/19 10:33:45 | 000,017,360 | ---- | M] () -- C:\Users\Emmanuel\Documents\New order Gigantex.xlsx
[2010/04/16 17:24:16 | 001,913,344 | ---- | M] () -- C:\Users\Emmanuel\Desktop\garages.xls
[2010/04/16 13:28:33 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/15 21:31:47 | 000,566,784 | ---- | M] () -- C:\Users\Emmanuel\Desktop\moto.xls
[2010/04/13 12:33:50 | 000,178,729 | ---- | M] () -- C:\Users\Emmanuel\Documents\cadre a imprimer.docx
[2010/04/12 16:37:45 | 000,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin
[2010/04/12 16:12:33 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2010/04/09 11:13:23 | 000,008,704 | ---- | M] () -- C:\Users\Emmanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/09 09:59:52 | 000,085,103 | ---- | M] () -- C:\Users\Emmanuel\Documents\Ribbed staple.jpg
[2010/04/09 08:10:30 | 000,110,035 | ---- | M] () -- C:\Users\Emmanuel\Documents\wheel cover_0001.pdf
[2010/04/09 08:05:59 | 000,082,186 | ---- | M] () -- C:\Users\Emmanuel\Documents\wheel cover.jpg
[2010/04/09 08:03:00 | 000,057,275 | ---- | M] () -- C:\Users\Emmanuel\Documents\wheels cover.jpg
[2010/04/07 16:36:59 | 002,965,504 | ---- | M] () -- C:\Users\Emmanuel\Desktop\agence immo.xls
[2698 C:\Users\Emmanuel\AppData\Roaming\*.tmp files -> C:\Users\Emmanuel\AppData\Roaming\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/26 16:36:25 | 000,011,945 | ---- | C] () -- C:\Users\Emmanuel\Documents\Gilles.docx
[2010/04/26 13:56:34 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/04/26 13:55:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/04/25 21:03:24 | 000,001,594 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Choix de navigateur .lnk
[2010/04/25 18:05:33 | 000,012,094 | -HS- | C] () -- C:\Users\Emmanuel\AppData\Local\480676771
[2010/04/25 18:05:33 | 000,012,094 | -HS- | C] () -- C:\ProgramData\480676771
[2010/04/25 17:49:44 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/04/25 15:55:52 | 001,083,990 | ---- | C] () -- C:\Users\Emmanuel\.recently-used.xbel
[2010/04/25 15:20:32 | 000,222,720 | -HS- | C] () -- C:\Users\Emmanuel\AppData\Local\ave.exe
[2010/04/25 15:20:32 | 000,012,114 | -HS- | C] () -- C:\Users\Emmanuel\AppData\Local\W1V4gTA17lv6V
[2010/04/25 15:20:32 | 000,012,114 | -HS- | C] () -- C:\ProgramData\W1V4gTA17lv6V
[2010/04/25 15:16:55 | 000,029,440 | ---- | C] () -- C:\Users\Emmanuel\wuaucldt.exe
[2010/04/25 15:16:54 | 000,000,012 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\kcmdte.dat
[2010/04/25 15:16:51 | 000,000,004 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\avdrn.dat
[2010/04/25 07:47:20 | 000,048,830 | ---- | C] () -- C:\Users\Emmanuel\Documents\Graphit'Sport - Projet Roues Chrono - Copie.jpg
[2010/04/22 21:27:00 | 000,001,912 | ---- | C] () -- C:\Users\Emmanuel\Desktop\LMSOFT Web Creator Pro 5.lnk
[2010/04/22 21:10:08 | 082,769,736 | ---- | C] () -- C:\Users\Emmanuel\Desktop\WC5ProInstall200.EXE
[2010/04/19 10:33:44 | 000,017,360 | ---- | C] () -- C:\Users\Emmanuel\Documents\New order Gigantex.xlsx
[2010/04/16 17:24:13 | 001,913,344 | ---- | C] () -- C:\Users\Emmanuel\Desktop\garages.xls
[2010/04/16 13:28:33 | 000,002,038 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/15 21:31:46 | 000,566,784 | ---- | C] () -- C:\Users\Emmanuel\Desktop\moto.xls
[2010/04/13 12:33:49 | 000,178,729 | ---- | C] () -- C:\Users\Emmanuel\Documents\cadre a imprimer.docx
[2010/04/12 16:14:49 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010/04/12 16:12:32 | 000,001,834 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2010/04/09 11:14:43 | 000,085,103 | ---- | C] () -- C:\Users\Emmanuel\Documents\Ribbed staple.jpg
[2010/04/09 08:10:30 | 000,110,035 | ---- | C] () -- C:\Users\Emmanuel\Documents\wheel cover_0001.pdf
[2010/04/09 08:05:59 | 000,082,186 | ---- | C] () -- C:\Users\Emmanuel\Documents\wheel cover.jpg
[2010/04/09 08:02:58 | 000,057,275 | ---- | C] () -- C:\Users\Emmanuel\Documents\wheels cover.jpg
[2010/04/07 10:26:48 | 002,965,504 | ---- | C] () -- C:\Users\Emmanuel\Desktop\agence immo.xls
[2010/01/22 18:49:17 | 000,002,984 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/01/22 18:49:17 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\65EB2C79AF.sys
[2009/11/04 16:56:54 | 000,403,344 | ---- | C] () -- C:\Windows\System32\CMBEdit.dll
[2009/11/04 16:56:51 | 000,472,976 | ---- | C] () -- C:\Windows\System32\PBHttpComm.dll
[2009/11/04 16:56:51 | 000,100,240 | ---- | C] () -- C:\Windows\System32\CmbSafeBase.dll
[2009/09/24 08:12:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/15 07:46:50 | 000,013,576 | ---- | C] () -- C:\Windows\System32\syscorecfg256.dll
[2009/01/06 08:31:27 | 000,000,179 | ---- | C] () -- C:\Windows\disney.ini
[2009/01/06 08:31:24 | 000,000,199 | ---- | C] () -- C:\Windows\disneysy.ini
[2008/11/13 13:07:30 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008/09/12 14:35:05 | 000,000,028 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/09/12 12:34:32 | 000,115,992 | ---- | C] () -- C:\Windows\System32\SafeEdit.dll
[2008/02/25 01:43:41 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2008/02/12 17:26:50 | 000,540,672 | ---- | C] () -- C:\Windows\System32\SAGEPERS.DLL
[2008/01/12 19:40:56 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008/01/12 08:52:52 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS7I.DLL
[2008/01/11 22:37:11 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/06/01 09:30:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/06/01 09:30:18 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/06/01 09:30:18 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/06/01 09:30:18 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/06/01 09:30:18 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/06/01 09:30:18 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/06/01 09:19:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/06/01 09:13:53 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/06/01 08:54:16 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/06/01 08:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/06/01 08:54:16 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/06/01 08:54:16 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/06/01 08:33:14 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/06/01 08:33:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1263.dll
[2007/06/01 08:33:13 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/06/01 07:46:28 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/12/05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003/10/07 13:10:30 | 000,000,984 | ---- | C] () -- C:\Windows\System32\ugaplib.dll

========== Custom Scans ==========


< :Files >

< C:\Users\Emmanuel\AppData\Local\ave.exe >
[2010/04/25 15:20:32 | 000,222,720 | -HS- | M] () -- C:\Users\Emmanuel\AppData\Local\ave.exe

< C:\Users\Emmanuel\WUAUCLDT.EXE >
[2010/04/25 15:16:55 | 000,029,440 | ---- | M] () -- C:\Users\Emmanuel\wuaucldt.exe

< >

< :Commands >

< [emptytemp] >
< End of report >

[Emmanuel86]

bonjour Bernard,

Voici le dernier rapport mbam après avoir cliqué sur supprimer la selection :

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Version de la base de données: 4040

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

27/04/2010 07:19:54
mbam-log-2010-04-27 (07-19-54).txt

Type d'examen: Examen complet (C:\|E:\|)
Elément(s) analysé(s): 311391
Temps écoulé: 2 heure(s), 15 minute(s), 23 seconde(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
C:\Users\Emmanuel\wuaucldt.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Users\Emmanuel\AppData\Local\ave.exe (Rogue.MultipleAV) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop sms (Worm.P2P) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d3davilibrary (Adware.Agent.N) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\atmclbcmp (Adware.Agent.N) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\audiolocal64 (Adware.Agent.N) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Emmanuel\AppData\Local\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Emmanuel\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Emmanuel\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Emmanuel\AppData\Local\d3davilibrary\d3davilibrary.dll (Adware.Agent.N) -> Quarantined and deleted successfully.
C:\Users\Emmanuel\AppData\Local\atmclbCMP\atmclbCMP.dll (Adware.Agent.N) -> Quarantined and deleted successfully.
C:\Users\Emmanuel\AppData\Local\audiolocal64\audiolocal64.dll (Adware.Agent.N) -> Delete on reboot.
C:\Users\Emmanuel\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Emmanuel\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Users\Emmanuel\AppData\Local\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monxga32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

[Emmanuel86]

Re,

A la suite de "supprimer la sélection" et avoir posté le rapport, j'ai eu une fenêtre m'informant qu'un fichier ou application (je ne sais plus) ne pouvait pas être supprimé sans redémarrage de l'ordinateur.

Suite au redémarrage, je n'ai pas eu le problème de message DLL manquante, mais j'ai une fenêtre en bas à droite qui m'a informé que Windows a bloqué des programmes au démarrage.
En cliquant pour les afficher, j'en ai 3 d'éditeur non disponible :
- regedit.exe
- NDSTray.exe
- ereg.ini
Que dois-je faire ?

Mon imprimante PDF refonctionne. Je n'ai plus le fichier WUAUCLDT dans C:/Emmanuel/
Je n'ai plus de message microsoft windows me disant que l'hôte à cesser de fonctionner.

Un truc encore : quand je clique sur un fichier .xps, il me demande avec quoi l'ouvrir. Je clique sur Internet Expolrer ?

Vraiment, merci beaucoup Bernard, juste besoin de votre avis final.

[bernard53]

tu as fait une petite erreur de script avec OTL mais Malwaresbytes a fini par supprimer les intrus.

Pour tes fichiers .xps ne choisi pas cette imprimante Microsoft, a moins de vraiment en avoir besoin.

voit ceci .

http://windows.microsoft.com/en-us/wind ... ent-Writer

- regedit.exe
- NDSTray.exe
- ereg.ini

Tu peux autoriser Windows pour ces trois programmes.

[Emmanuel86]

MERCI , MERCI POUR VOTRE AIDE !!

[bernard53]

si tout va bien ce qui en parait selon ta réponse fait ceci.

Fait ceci pour supprimer les logiciels qui ont servis à cette désinfection.

>> Télécharge ToolsCleaner (de A.Rothstein & dj QUIOU) http://pc-system.fr/TC/ToolsCleaner2.exe

>> Double-clique dessus pour lancer le programme

>> Clique sur Recherche et laisse le scan se terminer (il peut durer une dizaine de minutes au maximum).

>> Une fois la recherche lancée, ne clique pas dans la fenêtre, cela provoquerait un léger bug du programme.

>> Si toutes fois la mention (ne réponds pas) apparaissait dans le titre de la fenêtre ToolsCleaner, ne t'en occupes pas et laisse quand même le programme terminer son travail

** Clique sur Suppression pour finaliser.

• Tu peux, si tu le souhaites, te servir des Options facultatives.

**Poste-moi le rapport qui apparait

Puis:

Bon maintenant on va mettre la restauration du système propre.
Pour cela:

1- Valides les touches Windows et Pause en même temps.

Puis Protection du système

Sur cette fenêtre décoches la case concernant le DD ou est installé ton système normalement C:

Valide et acceptes les demandes suivantes.

***Pour Windows 7** il faut valider l'onglet Configurer puis valider la désactivation de la restauration.

**Toujours sur cette même fenêtre : Il te faut donc maintenant recrée un nouveau point de restauration.

Coche cette même case et valides cela par l’onglet APPLIQUER puis onglet « CREER »

Nommes ce point PC- Clean: Valides.

Vous pouvez maintenant fermer toutes les fenêtres.

[Emmanuel86]

bonjour Bernard,

voici le rapport :

--> Recherche:

C:\MsnCleaner.txt: trouvé !
C:\SDFIX: trouvé !
C:\SDFix\catchme.exe: trouvé !
C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: trouvé !
C:\Users\Emmanuel\Desktop\hijackthis.log: trouvé !
C:\Windows\msnfix.txt: trouvé !

---------------------------------
--> Suppression:

C:\SDFix\catchme.exe: supprimé !
C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: supprimé !
C:\MsnCleaner.txt: ERREUR DE SUPPRESSION !!
C:\Users\Emmanuel\Desktop\hijackthis.log: supprimé !
C:\Windows\msnfix.txt: ERREUR DE SUPPRESSION !!
C:\SDFIX: supprimé !

[Emmanuel86]

Windows + Pause = ne se passe rien...

[bernard53]

Windows + Pause = ne se passe rien...

a la place: clique droit sur ordinateur--Propriété.

[Emmanuel86]

Bonsoir Bernard,

J'ai suivi le mode d'emploi donné. message comme quoi le point de restaurant PC CLEAN a été créé.

Ce qui me faisait le plus peur était la perte de la comptabilité qui même si elle est sauvegardée régulièrement, on redoute toujours de devoir utiliser la restauration de ce type d'application...

Je ne sais pas ou vous avez appris tout ça mais vraiment sympathique de nous avoir trouvé la solution. Je vous remercie vraiment pour votre aide.

[bernard53]

Content que tout aille.

Je te fait supprimer ta restauration car si tu en avais besoin tu réinstallerais les virus.

Maintenant que tu as fait cette manip te voila tranquille.