Fenêtre intempestive au démarrage

[cracoukass]

Bonjour,

Depuis un certain temps, j'ai une petite fenêtre (4cm de coté) qui s'ouvre sur le bureau à chaque démarrage de win XP, celle ci ne possède aucun intitulé et contient seulement un petit cercle bleu avec un "i" et un pavé "OK".
A chaque fois, je la fait disparaître en cliquant sur ce "OK" ou en cliquant sur la petite croix blanche sur fond rouge dans le coin sup. droit mais ... elle revient chaque fois au démarrage suivant ...

Savez vous pourquoi elle apparaît et comment la faire disparaître a tout jamais ??

Merci pour votre aide
Daniel

[jeanmimigab]

Salut et bienvenue sur PC-Infopratique

Redémarre ton PC et laisse apparaitre la "petite fenêtre (4cm de coté)" >> ne la ferme surtout pas !

ensuite...

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon /s
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command /s
%temp%\smtmp\1\*.* /s
%temp%\smtmp\2\*.* /s
%temp%\smtmp\4\*.* /s
nslookup www.google.fr /c
SAVEMBR:0
NetSvcs
%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
/md5start
dwm.exe
taskhost.exe
taskeng.exe
wscntfy.exe
ctfmon.exe
rdpclip.exe
volsnap.sys
sptd.sys
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%APPDATA%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*.*

* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).
* Copie et colle les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL

[cracoukass]

Bonsoir, et merci pour votre réponse,

Je viens de faire le scan avec OTL et voici son contenu ci dessous ( c'est vachement long! ).
Ce que j'aurai pu spécifier dans mon 1er post est la suite d'évènements précédent ce problème :
1- Problème au démarrage du bios : message "cmos défault" et blocage avant lancement windows
2- Suite à cela, après m'être rendu compte de la perte de l'heure dans le bios, j'ai remplacé la pile du cmos sur la carte mère car mise en route de celle ci il y a +/- 8 à 10 ans et gros doutes sur sa charge.
3-J'en ai profité pour flasher le bios avec la dernière version disponible car je ne l'avais jamais fait.
4-Ensuite, démarrage bios OK mais écran bleu au démarrage de windows avec message du style :
fichier manquant dans C:\windows\system\system32\?????.dll
5-Suite à cela, j'ai fait un essai afin de récupérer le fonctionnement du sytème mais sans perdre tout les autres programmes installés => réinstallation de windows mais sans avoir formaté C: , je me suis donc retrouvé avec 2 systèmes d'exploitation sur le même disque et partition.
6-Suite à cette 2° installation de windows, le 1er windows initial a refonctionné et j'ai donc pu supprimer le 2° que je venai d'installer
7-J'en ai profité pour mettre à jour (non sans mal...) tous les drivers des différents périphériques .
Voilà, cela fait beaucoup de manip sur peu de temps et il y a peut être certaines choses qui ont foirés ... je ne suis pas expert ... !

Rapport OTL.Text :

OTL logfile created on: 28/10/2012 17:50:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

1023,48 Mb Total Physical Memory | 538,80 Mb Available Physical Memory | 52,64% Memory free
2,40 Gb Paging File | 1,92 Gb Available in Paging File | 79,81% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 63,99 Gb Total Space | 29,68 Gb Free Space | 46,38% Space Free | Partition Type: NTFS
Drive D: | 73,26 Gb Total Space | 52,24 Gb Free Space | 71,32% Space Free | Partition Type: NTFS

Computer Name: WINDOWS-16F9BB1 | User Name: Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrateur\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASC.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\WahOO.exe ()
PRC - C:\Program Files\Belgium Identity Card\beid35gui.exe (Belgian Government)
PRC - C:\Program Files\Fichiers communs\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\EmvSmartCardReader\BePCSC.exe (Alcor Micro, Corp.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\EmvSmartCardReader\SmartMON.exe ()
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
PRC - C:\Program Files\Hercules\WiFi Station\WiFiStation.exe (Hercules)
PRC - C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\SetPoint\KHALMNPR.exe (Logitech Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Alwil Software\Avast5\defs\12102800\algo.dll ()
MOD - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\DiskMap.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\WebUI.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\sqlite3.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\Scan.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\NtfsData.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\WahOO.exe ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\QtWebKit4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\QtXml4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\phonon4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\QtGui4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\QtCore4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\QtNetwork4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\imageformats\qtiff4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\imageformats\qmng4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\imageformats\qjpeg4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\imageformats\qico4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\imageformats\qgif4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\libgcc_s_dw2-1.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\mingwm10.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl ()
MOD - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe ()
MOD - C:\Program Files\Belgium Identity Card\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Belgium Identity Card\QtGui4.dll ()
MOD - C:\Program Files\Belgium Identity Card\QtCore4.dll ()
MOD - C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe ()
MOD - C:\Program Files\EmvSmartCardReader\SmartMON.exe ()
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()


========== Services (SafeList) ==========

SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PdiService) -- C:\Program Files\Fichiers communs\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (DTSRVC) -- C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (cpuz132) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft)
DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (Pivot) -- C:\WINDOWS\system32\drivers\pivot.sys (Portrait Displays, Inc.)
DRV - (pivotmou) -- C:\WINDOWS\system32\drivers\pivotmou.sys (Portrait Displays, Inc.)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (EMVSCARD) -- C:\WINDOWS\system32\drivers\EMVSCARD.sys (USB Smart Card Reader)
DRV - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (nvcchflt) -- C:\WINDOWS\system32\drivers\nvcchflt.sys (NVIDIA Corporation)
DRV - (nvata) -- C:\WINDOWS\system32\drivers\nvata.sys (NVIDIA Corporation)
DRV - (RT2500) -- C:\WINDOWS\system32\drivers\rt2500.sys (Ralink Technology Inc.)
DRV - (nvcap) -- C:\WINDOWS\system32\drivers\NVCAP.SYS (NVIDIA Corporation)
DRV - (NVXBAR) -- C:\WINDOWS\system32\drivers\NVXBAR.SYS (NVIDIA Corporation)
DRV - (PPortJoystick) -- C:\WINDOWS\system32\drivers\PPortJoy.sys (Deon van der Westhuysen)
DRV - (PPJoyBus) -- C:\WINDOWS\system32\drivers\PPJoyBus.sys (Deon van der Westhuysen)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (Elaborate Bytes)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {06B469CF-CDC2-47F4-81A9-8EA6E8506E45}
IE - HKLM\..\SearchScopes\{06B469CF-CDC2-47F4-81A9-8EA6E8506E45}: "URL" = http://www.google.fr/search?hl=fr&q={searchTerms}+&meta=


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,customizesearch = http://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,searchassistant = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {06B469CF-CDC2-47F4-81A9-8EA6E8506E45}
IE - HKU\.DEFAULT\..\SearchScopes\{06B469CF-CDC2-47F4-81A9-8EA6E8506E45}: "URL" = http://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,customizesearch = http://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,searchassistant = http://www.google.com/ie
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {06B469CF-CDC2-47F4-81A9-8EA6E8506E45}
IE - HKU\S-1-5-18\..\SearchScopes\{06B469CF-CDC2-47F4-81A9-8EA6E8506E45}: "URL" = http://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,customizesearch = http://www.google.com/ie
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,searchassistant = http://www.google.com/ie
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {06B469CF-CDC2-47F4-81A9-8EA6E8506E45}
IE - HKU\S-1-5-20\..\SearchScopes\{06B469CF-CDC2-47F4-81A9-8EA6E8506E45}: "URL" = http://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.skynet.be/?new_lang=fr
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\..\SearchScopes,DefaultScope = {06B469CF-CDC2-47F4-81A9-8EA6E8506E45}
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\..\SearchScopes\{06B469CF-CDC2-47F4-81A9-8EA6E8506E45}: "URL" = http://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2010/03/11 15:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
[2010/03/11 15:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions\maxtv4@labs.max-tv.be
[2010/01/03 16:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/13 19:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: ClipConverter = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\njjjgjlocdhecpgdcfjblcnfebfnmhpp\1.2.5_0\
CHR - Extension: ClipConverter = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\njjjgjlocdhecpgdcfjblcnfebfnmhpp\1.2.6_0\

O1 HOSTS File: ([2011/09/12 22:11:30 | 000,437,564 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 15050 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [beid] C:\Program Files\Belgium Identity Card\beid35gui.exe (Belgian Government)
O4 - HKLM..\Run: [BePCSC] C:\Program Files\EmvSmartCardReader\BePCSC.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DT PHL] C:\Program Files\Fichiers communs\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [ElbyCheckElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [SmartMon] C:\Program Files\EmvSmartCardReader\SmartMON.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKU\S-1-5-21-299502267-1592454029-839522115-500..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-299502267-1592454029-839522115-500..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-299502267-1592454029-839522115-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-299502267-1592454029-839522115-500..\Run: [WahOO] C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\WahOO.exe ()
O4 - HKLM..\RunOnce: [WIAWizardMenu] C:\WINDOWS\System32\sti_ci.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-20..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WiFi Station.lnk = C:\Program Files\Hercules\WiFi Station\WiFiStation.exe (Hercules)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideRunAsVerb = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-299502267-1592454029-839522115-500\..Trusted Domains: localhost ([]http in Sites de confiance)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://belgacom.extrafilm.be/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/softwa ... Plugin.cab (ScorchPlugin Class)
O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} http://belgacom.smartphoto.be/ExtraFilmUploader6.cab (ExtraFilm Uploader Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{512C9159-9CA2-4FBE-BCD5-AAE41F59520A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/24 13:01:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0fbe8bd6-e3ed-11de-81f6-0014850ea35f}\Shell - "" = AutoRun
O33 - MountPoints2\{0fbe8bd6-e3ed-11de-81f6-0014850ea35f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d6968c12-0cd9-11df-825d-0014850ea35f}\Shell - "" = AutoRun
O33 - MountPoints2\{d6968c12-0cd9-11df-825d-0014850ea35f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {72AD53CC-CCC0-3757-8480-9EE176866A7C} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.enc - C:\WINDOWS\System32\ITIG726.acm (Ingenient Technologies, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\Iyvu9_32.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2012/10/28 17:44:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\Recent
[2012/10/28 17:40:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2012/10/27 19:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ma-config.com
[2012/10/20 23:51:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/10/20 22:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\PowerQuest PartitionMagic 8.0
[2012/10/20 22:13:52 | 000,000,000 | ---D | C] -- C:\Program Files\PowerQuest
[2012/10/20 22:10:14 | 000,000,000 | ---D | C] -- C:\Temp program
[2012/10/18 11:42:57 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/18 11:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2012/10/17 22:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\PriceGong
[2012/10/17 22:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/10/17 22:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit
[2012/10/17 22:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\OpenCandy
[2012/10/17 22:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2012/10/17 14:20:43 | 000,216,320 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt25009x.sys
[2012/10/17 14:20:43 | 000,214,912 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt2500.sys
[2012/10/17 14:20:43 | 000,143,360 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt25u98.sys
[2012/10/17 14:20:43 | 000,140,416 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt2500usb.sys
[2012/10/17 14:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Hercules
[2012/10/17 10:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\WIPE2012
[2012/10/17 10:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Wipe 2012
[2012/10/17 10:22:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2012/10/16 23:43:32 | 000,062,009 | ---- | C] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\wpfb_nv4_disp.dll
[2012/10/16 23:32:11 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2012/10/16 23:30:02 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/10/16 23:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2012/10/16 23:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\InstallShield
[2012/10/16 21:52:34 | 000,180,224 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2012/10/16 21:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Help
[2012/10/16 17:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Mes documents\{9DF687E7-381C-4882-A05F-4ADF1DD53394}
[2012/10/16 17:51:12 | 000,289,792 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\idecoins.dll
[2012/10/16 17:51:12 | 000,033,280 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVCOI.DLL
[2012/10/16 17:51:11 | 000,176,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvuide.exe
[2012/10/16 17:50:44 | 000,101,632 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvtcp.sys
[2012/10/16 17:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\NVIDIA Corporation
[2012/10/16 17:39:12 | 000,100,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\NVTCP.SYS
[2012/10/16 17:37:53 | 000,466,944 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\CapabilityTable.exe
[2012/10/16 17:37:45 | 000,300,032 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\idecoi.dll
[2012/10/16 17:37:45 | 000,092,800 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvata.sys
[2012/10/16 17:37:06 | 000,201,728 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\fdco1ins.dll
[2012/10/16 17:37:05 | 000,201,728 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\fdco1.dll
[2012/10/16 17:37:05 | 000,033,536 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\NVENETFD.sys
[2012/10/16 17:37:03 | 000,208,256 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvsnpu.sys
[2012/10/16 17:37:03 | 000,032,256 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvconrm.dll
[2012/10/16 17:37:03 | 000,009,728 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\bdco1ins.dll
[2012/10/16 17:37:03 | 000,009,728 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\bdco1.dll
[2012/10/16 17:37:02 | 000,261,888 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvnrm.sys
[2012/10/16 17:37:02 | 000,012,928 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvnetbus.sys
[2012/10/16 17:30:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/10/16 16:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\GIGABYTE
[2012/10/15 22:56:56 | 000,000,000 | ---D | C] -- C:\logs
[2012/10/15 17:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Gigabyte
[2012/10/15 10:56:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/02 22:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/08/19 23:14:13 | 000,028,800 | ---- | C] (Deon van der Westhuysen) -- C:\Program Files\PPortJoy.sys
[2011/08/19 23:14:13 | 000,013,952 | ---- | C] (Deon van der Westhuysen) -- C:\Program Files\PPJoyBus.sys
[2011/08/19 23:14:13 | 000,005,632 | ---- | C] (Deon van der Westhuysen) -- C:\Program Files\W98Ports.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/28 17:52:08 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/10/28 17:47:00 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/28 17:40:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2012/10/28 17:40:15 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/28 17:38:23 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/28 17:37:58 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/28 17:37:58 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2012/10/28 17:37:56 | 000,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/10/28 15:59:58 | 000,481,740 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/10/28 15:59:58 | 000,414,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/28 15:59:58 | 000,073,450 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/10/28 15:59:58 | 000,061,444 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/27 20:38:59 | 000,020,146 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\Fenêtre intempestive.jpg
[2012/10/27 20:32:29 | 000,655,498 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\CaptureScreen.zip
[2012/10/27 19:14:17 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Démarrer la détection.lnk
[2012/10/22 09:35:10 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/20 23:17:22 | 000,000,298 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2012/10/18 11:43:24 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/18 11:42:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/10/17 22:12:23 | 000,047,614 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\save easy cleaner.htm
[2012/10/17 14:20:43 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\WiFi Station.lnk
[2012/10/17 14:20:41 | 000,001,563 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WiFi Station.lnk
[2012/10/17 10:57:31 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Wipe 2012.lnk
[2012/10/16 23:43:39 | 000,062,009 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\wpfb_nv4_disp.dll
[2012/10/16 17:39:38 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/10/16 17:39:26 | 000,000,025 | ---- | M] () -- C:\WINDOWS\Nomdefichier
[2012/10/16 17:14:42 | 000,000,169 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[2012/10/16 10:45:50 | 000,000,212 | -H-- | M] () -- C:\boot.ini
[2012/10/15 23:24:30 | 000,002,597 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Feneris Video Downloader.lnk
[2012/10/09 10:40:28 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/09 10:40:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/02 22:08:44 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2012/09/29 18:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/28 17:52:08 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/10/27 20:38:59 | 000,020,146 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\Fenêtre intempestive.jpg
[2012/10/27 20:32:24 | 000,655,498 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\CaptureScreen.zip
[2012/10/27 19:14:17 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Démarrer la détection.lnk
[2012/10/17 22:12:23 | 000,047,614 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\save easy cleaner.htm
[2012/10/17 14:20:43 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\WiFi Station.lnk
[2012/10/17 14:20:41 | 000,001,563 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WiFi Station.lnk
[2012/10/17 10:57:31 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Wipe 2012.lnk
[2012/10/17 10:22:19 | 000,039,291 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2012/10/16 23:26:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2661.bin
[2012/10/16 23:26:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2561s.bin
[2012/10/16 23:26:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2561.bin
[2012/10/16 21:52:34 | 000,015,868 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2012/10/16 17:51:11 | 000,001,537 | ---- | C] () -- C:\WINDOWS\System32\nvide.nvu
[2012/10/16 17:39:38 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/10/16 17:39:26 | 000,000,025 | ---- | C] () -- C:\WINDOWS\Nomdefichier
[2012/10/02 22:08:44 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/05/31 16:29:51 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2_WIPE2012.ini
[2012/05/31 16:29:45 | 000,340,992 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2012/05/31 16:29:43 | 000,340,992 | ---- | C] () -- C:\WINDOWS\sqlite36_engine.dll
[2011/10/15 10:49:17 | 000,007,432 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2011/10/10 22:12:53 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\DriveCalculator Preferences
[2011/08/19 23:14:13 | 000,258,048 | ---- | C] () -- C:\Program Files\PPortJoy.cpl
[2011/08/19 23:14:13 | 000,245,760 | ---- | C] () -- C:\Program Files\PPJoyKey.exe
[2011/08/19 23:14:13 | 000,176,128 | ---- | C] () -- C:\Program Files\PPJoyCom.exe
[2011/08/19 23:14:13 | 000,163,840 | ---- | C] () -- C:\Program Files\PPJoyDLL.exe
[2011/08/19 23:14:13 | 000,159,744 | ---- | C] () -- C:\Program Files\PPJoyMouse.exe
[2011/08/19 23:14:13 | 000,003,957 | ---- | C] () -- C:\Program Files\PPortJoy.inf
[2011/08/19 23:14:13 | 000,002,012 | ---- | C] () -- C:\Program Files\PPJoyBus.inf
[2011/08/19 23:14:13 | 000,001,742 | ---- | C] () -- C:\Program Files\W98Ports.inf
[2011/04/17 23:10:12 | 000,000,490 | ---- | C] () -- C:\Program Files\Netlor StudioStyleView.sps
[2011/04/11 21:55:52 | 000,000,474 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/12 21:49:47 | 000,019,664 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/09 20:59:15 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/11/02 23:07:01 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2.ini
[2010/06/06 16:19:27 | 000,000,978 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\QuickZip45.ini
[2010/05/12 22:16:26 | 003,502,080 | ---- | C] () -- C:\Program Files\FVD.msi
[2010/03/26 23:47:00 | 000,081,640 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/25 22:47:58 | 000,000,793 | ---- | C] () -- C:\Program Files\Netlor Studiopreview.html
[2009/10/27 20:11:52 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/10/24 13:02:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/02/12 22:23:50 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/19 15:09:26 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/19 15:09:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/11/24 18:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\123 Free Solitaire
[2012/10/28 17:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Azureus
[2010/09/12 15:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Canon
[2011/01/09 21:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Convertisseur PDF
[2011/10/15 10:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\DisplayTune
[2009/10/24 15:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\FotoWire
[2012/08/07 13:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\IObit
[2012/10/28 17:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\LimeWire
[2010/03/11 15:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\MaxTV Technologies
[2012/10/17 22:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\OpenCandy
[2010/03/26 23:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\PhotoFiltre
[2012/10/18 11:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\PriceGong
[2009/10/24 15:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
[2012/05/09 22:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\SMA
[2012/03/12 12:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\uTorrent
[2012/10/28 17:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\WIPE2012
[2010/11/28 15:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/09 17:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/08/08 18:39:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/08 20:10:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/09/06 21:03:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/03/12 12:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/10/16 22:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/10/27 19:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2010/06/06 16:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/24 15:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/05/09 22:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMA
[2011/01/09 21:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smart Soft
[2009/10/27 21:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/10/16 22:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/03/12 21:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/15 11:13:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

========== Purity Check ==========



========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon /s >
"AutoRestartShell" = 1
"DefaultDomainName" = WINDOWS-16F9BB1
"DefaultUserName" = Administrateur
"LegalNoticeCaption" =
"LegalNoticeText" =
"PowerdownAfterShutdown" = 1
"ReportBootOk" = 1
"Shell" = Explorer.exe -- [2008/02/13 21:03:25 | 001,411,072 | ---- | M] (Microsoft Corporation)
"ShutdownWithoutLogon" = 1
"System" =
"Userinit" = C:\WINDOWS\system32\userinit.exe,
"VmApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl"
"SfcQuota" = -1
"SfcDisable" = -99
"allocatecdroms" = 0
"allocatedasd" = 0
"allocatefloppies" = 0
"cachedlogonscount" = 10
"forceunlocklogon" = 0
"passwordexpirywarning" = 14
"scremoveoption" = 0
"AllowMultipleTSSessions" = 1
"KeepRasConnections" = 1
"ShowLogonOptions" = 49
"SlowLinkDetectEnabled" = 0
"AltDefaultUserName" = Administrateur
"UIHost" = logonui.exe -- [2008/02/13 21:03:42 | 006,848,000 | ---- | M] (Microsoft Corporation)
"LogonType" = 1
"Background" = 0 0 0
"DebugServerCommand" = no
"HibernationPreviouslyEnabled" = 1
"WinStationsDisabled" = 0
"AltDefaultDomainName" = WINDOWS-16F9BB1
"AutoAdminLogon" = 0
"AutoLogonCount" = 16775421
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"" = Sans fil
"ProcessGroupPolicy" = ProcessWIRELESSPolicy
"DllName" = gptext.dll -- [2004/08/19 15:09:28 | 000,201,216 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"" = Folder Redirection
"ProcessGroupPolicyEx" = ProcessGroupPolicyEx
"DllName" = fdeploy.dll -- [2004/08/19 15:09:26 | 000,076,288 | ---- | M] (Microsoft Corporation)
"NoMachinePolicy" = 1
"NoSlowLink" = 1
"PerUserLocalSettings" = 1
"NoGPOListChanges" = 0
"NoBackgroundPolicy" = 0
"GenerateGroupPolicy" = GenerateGroupPolicy
"EventSources" = (Folder Redirection,Application) [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"" = Quota du disque Microsoft
"NoMachinePolicy" = 0
"NoUserPolicy" = 1
"NoSlowLink" = 1
"NoBackgroundPolicy" = 1
"NoGPOListChanges" = 1
"PerUserLocalSettings" = 0
"RequiresSuccessfulRegistry" = 1
"EnableAsynchronousProcessing" = 0
"DllName" = dskquota.dll -- [2004/08/19 15:09:24 | 000,093,696 | ---- | M] (Microsoft Corporation)
"ProcessGroupPolicy" = ProcessGroupPolicy
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"" = Planificateur de paquets QoS
"ProcessGroupPolicy" = ProcessPSCHEDPolicy
"DllName" = gptext.dll -- [2004/08/19 15:09:28 | 000,201,216 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"" = Scripts
"ProcessGroupPolicy" = ProcessScriptsGroupPolicy
"ProcessGroupPolicyEx" = ProcessScriptsGroupPolicyEx
"GenerateGroupPolicy" = GenerateScriptsGroupPolicy
"DllName" = gptext.dll -- [2004/08/19 15:09:28 | 000,201,216 | ---- | M] (Microsoft Corporation)
"NoSlowLink" = 1
"NoGPOListChanges" = 1
"NotifyLinkTransition" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"" = Internet Explorer Zonemapping
"DllName" = iedkcs32.dll -- [2008/02/12 22:25:52 | 000,388,096 | ---- | M] (Microsoft Corporation)
"ProcessGroupPolicy" = ProcessGroupPolicyForZoneMap
"NoGPOListChanges" = 1
"RequiresSucessfulRegistry" = 1
"DisplayName" = @iedkcs32.dll,-3051
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy" = SceProcessSecurityPolicyGPO
"GenerateGroupPolicy" = SceGenerateGroupPolicy
"ExtensionRsopPlanningDebugLevel" = 1
"ProcessGroupPolicyEx" = SceProcessSecurityPolicyGPOEx
"ExtensionDebugLevel" = 1
"DllName" = scecli.dll -- [2004/08/19 15:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation)
"" = Security -- [2004/08/19 15:09:40 | 000,005,632 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
"EnableAsynchronousProcessing" = 1
"MaxNoGPOListChangesInterval" = 960
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"" = Internet Explorer Branding
"DisplayName" = @iedkcs32.dll,-3014
"DllName" = iedkcs32.dll -- [2008/02/12 22:25:52 | 000,388,096 | ---- | M] (Microsoft Corporation)
"GenerateGroupPolicy" = GenerateGroupPolicy
"NoBackgroundPolicy" = 0
"NoGPOListChanges" = 1
"NoMachinePolicy" = 1
"NoSlowLink" = 1
"ProcessGroupPolicy" = ProcessGroupPolicy
"ProcessGroupPolicyEx" = ProcessGroupPolicyEx
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy" = SceProcessEFSRecoveryGPO
"DllName" = scecli.dll -- [2004/08/19 15:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation)
"" = EFS recovery
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
"RequiresSuccessfulRegistry" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"" = Installation de logiciel
"DllName" = appmgmts.dll -- [2004/08/19 15:09:20 | 000,176,640 | ---- | M] (Microsoft Corporation)
"ProcessGroupPolicyEx" = ProcessGroupPolicyObjectsEx
"GenerateGroupPolicy" = GenerateGroupPolicy
"NoBackgroundPolicy" = 0
"RequiresSucessfulRegistry" = 0
"NoSlowLink" = 1
"PerUserLocalSettings" = 1
"EventSources" = (Application Management,Applicatio [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"" = Sécurité IP
"ProcessGroupPolicy" = ProcessIPSECPolicy
"DllName" = gptext.dll -- [2004/08/19 15:09:28 | 000,201,216 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous" = 0
"Impersonate" = 0
"DllName" = crypt32.dll -- [2004/08/19 15:09:22 | 000,604,672 | ---- | M] (Microsoft Corporation)
"Logoff" = ChainWlxLogoffEvent
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous" = 0
"Impersonate" = 0
"DllName" = cryptnet.dll -- [2004/08/19 15:09:22 | 000,063,488 | ---- | M] (Microsoft Corporation)
"Logoff" = CryptnetWlxLogoffEvent
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName" = cscdll.dll -- [2004/08/19 15:09:22 | 000,102,912 | ---- | M] (Microsoft Corporation)
"Logon" = WinlogonLogonEvent
"Logoff" = WinlogonLogoffEvent
"ScreenSaver" = WinlogonScreenSaverEvent
"Startup" = WinlogonStartupEvent
"Shutdown" = WinlogonShutdownEvent
"StartShell" = WinlogonStartShellEvent
"Impersonate" = 0
"Asynchronous" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName" = WlNotify.dll -- [2004/08/19 15:09:48 | 000,094,208 | ---- | M] (Microsoft Corporation)
"Logon" = SCardStartCertProp
"Logoff" = SCardStopCertProp
"Lock" = SCardSuspendCertProp
"Unlock" = SCardResumeCertProp
"Enabled" = 1
"Impersonate" = 1
"Asynchronous" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous" = 0
"DllName" = wlnotify.dll -- [2004/08/19 15:09:48 | 000,094,208 | ---- | M] (Microsoft Corporation)
"Impersonate" = 0
"StartShell" = SchedStartShell
"Logoff" = SchedEventLogOff
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff" = WLEventLogoff
"Impersonate" = 0
"Asynchronous" = 1
"DllName" = sclgntfy.dll -- [2004/08/19 15:09:40 | 000,022,016 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName" = WlNotify.dll -- [2004/08/19 15:09:48 | 000,094,208 | ---- | M] (Microsoft Corporation)
"Lock" = SensLockEvent
"Logon" = SensLogonEvent
"Logoff" = SensLogoffEvent
"Safe" = 1
"MaxWait" = 600
"StartScreenSaver" = SensStartScreenSaverEvent
"StopScreenSaver" = SensStopScreenSaverEvent
"Startup" = SensStartupEvent
"Shutdown" = SensShutdownEvent
"StartShell" = SensStartShellEvent
"PostShell" = SensPostShellEvent
"Disconnect" = SensDisconnectEvent
"Reconnect" = SensReconnectEvent
"Unlock" = SensUnlockEvent
"Impersonate" = 1
"Asynchronous" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous" = 0
"DllName" = wlnotify.dll -- [2004/08/19 15:09:48 | 000,094,208 | ---- | M] (Microsoft Corporation)
"Impersonate" = 0
"Logoff" = TSEventLogoff
"Logon" = TSEventLogon
"PostShell" = TSEventPostShell
"Shutdown" = TSEventShutdown
"StartShell" = TSEventStartShell
"Startup" = TSEventStartup
"MaxWait" = 600
"Reconnect" = TSEventReconnect
"Disconnect" = TSEventDisconnect
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName" = wlnotify.dll -- [2004/08/19 15:09:48 | 000,094,208 | ---- | M] (Microsoft Corporation)
"Logon" = RegisterTicketExpiredNotificationEvent
"Logoff" = UnregisterTicketExpiredNotificationEvent
"Impersonate" = 1
"Asynchronous" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
"HelpAssistant" = 0
"TsInternetUser" = 0
"SQLAgentCmdExec" = 0
"NetShowServices" = 0
"IWAM_" = 65536
"IUSR_" = 65536
"VUSR_" = 65536
"Administrateur" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials]

< HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command /s >
"" = C:\Program Files\Internet Explorer\iexplore.exe -- [2008/02/12 22:26:00 | 000,625,664 | ---- | M] (Microsoft Corporation)

< %temp%\smtmp\1\*.* /s >

< %temp%\smtmp\2\*.* /s >

< %temp%\smtmp\4\*.* /s >

< nslookup http://www.google.fr /c >
Serveur : UnKnown
Address: 192.168.1.1
Nom : http://WWW.GOOGLE.FR
Address: 173.194.67.94

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %ALLUSERSPROFILE%\Application Data\*. >
[2012/08/29 09:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/11/28 15:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/22 22:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/03/12 21:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/02/09 17:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/08/08 18:39:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/08 20:10:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/09/06 21:03:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/10/24 15:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2012/03/12 12:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/10/16 22:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/10/27 19:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2012/03/08 22:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/19 17:24:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/10/18 11:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/06/06 16:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/24 15:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/05/09 22:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMA
[2011/01/09 21:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smart Soft
[2012/10/28 17:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/08/06 23:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009/10/27 21:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/10/16 22:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/03/12 21:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/15 11:13:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2012/03/06 10:13:51 | 003,277,857 | ---- | M] (Uniblue Systems Ltd ) -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
[2012/04/04 12:17:36 | 000,342,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1036-7B44-AA1000000001}\setup.exe
[2011/03/07 16:21:24 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.2.1.1\SetupAdmin.exe
[2012/10/18 11:42:19 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

< %APPDATA%\*. >
[2009/11/24 18:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\123 Free Solitaire
[2012/07/02 23:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Adobe
[2009/11/06 12:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Ahead
[2011/03/12 21:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
[2010/05/10 22:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ArcSoft
[2012/10/28 17:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Azureus
[2010/09/12 15:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Canon
[2011/01/09 21:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Convertisseur PDF
[2011/10/15 10:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\DisplayTune
[2010/11/24 17:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\dvdcss
[2010/03/16 23:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\FastStone
[2009/10/24 15:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\FotoWire
[2009/11/15 11:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Google
[2012/10/16 21:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Help
[2009/10/24 13:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Identities
[2012/10/16 23:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\InstallShield
[2012/08/07 13:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\IObit
[2012/10/28 17:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\LimeWire
[2009/10/24 14:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Logitech
[2012/10/17 11:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Macromedia
[2012/03/08 22:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
[2010/03/11 15:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\MaxTV Technologies
[2012/07/02 23:28:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrateur\Application Data\Microsoft
[2009/10/26 21:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Microsoft Web Folders
[2010/01/03 16:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla
[2012/10/17 22:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\OpenCandy
[2010/03/26 23:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\PhotoFiltre
[2012/10/18 11:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\PriceGong
[2009/10/24 15:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
[2012/09/11 17:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Sibelius Software
[2012/05/09 22:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\SMA
[2009/12/26 15:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Sun
[2012/03/12 12:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\uTorrent
[2012/10/28 17:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\vlc
[2009/10/24 13:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\WinRAR
[2012/10/28 17:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\WIPE2012

< %APPDATA%\*.exe /s >
[2011/05/27 22:32:49 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Documents and Settings\Administrateur\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
[2011/06/24 17:05:59 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
[2011/06/24 17:06:00 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\updater.exe
[2011/06/24 17:06:00 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
[2011/06/24 17:06:00 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
[2011/06/24 17:06:00 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpidl.exe
[2011/06/24 17:06:00 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
[2011/06/24 17:06:00 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
[2011/06/24 17:06:01 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2011/06/24 17:06:01 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
[2010/05/12 22:16:58 | 000,002,238 | R--- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{86AED2CA-EE00-400B-8516-5152CC10B32E}\_184F7DB9A6DFFF85BE5CDB.exe
[2010/05/12 22:16:58 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{86AED2CA-EE00-400B-8516-5152CC10B32E}\_26148796F1C61A0D578706.exe
[2010/05/12 22:16:58 | 000,002,238 | R--- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{86AED2CA-EE00-400B-8516-5152CC10B32E}\_E58D3B0E468C0F9A305490.exe
[2012/09/10 19:02:42 | 000,492,640 | ---- | M] (Clasys Ltd.) -- C:\Documents and Settings\Administrateur\Application Data\OpenCandy\A79AEA3BCF3D47AB8E2CD066826AE523\setup_759.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/02/13 21:13:34 | 017,574,878 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/02/13 21:13:34 | 017,574,878 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CDROM.SYS >
[2008/02/13 21:13:34 | 017,574,878 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004/08/03 21:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CHANGER.SYS >
[2008/02/13 21:13:34 | 017,574,878 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys

< MD5 for: DISK.SYS >
[2008/02/13 21:13:34 | 017,574,878 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/03 21:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/19 15:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/02/13 21:03:25 | 001,411,072 | ---- | M] (Microsoft Corporation) MD5=6B9A6F17970BA9732891B3241B750BA0 -- C:\WINDOWS\explorer.exe

< MD5 for: NDIS.SYS >
[2004/08/03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004/08/19 15:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATA.SYS >
[2005/05/17 10:45:08 | 000,092,800 | R--- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\nvata.sys
[2005/05/17 10:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvata.sys
[2005/05/17 10:45:08 | 000,092,800 | R--- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\nvata.sys
[2005/05/17 10:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\nvata.sys

< MD5 for: RASACD.SYS >
[2002/08/30 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys

< MD5 for: RDPCLIP.EXE >
[2004/08/19 15:10:04 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=5CEDA4A82F07576B57BD554E20238F1B -- C:\WINDOWS\system32\rdpclip.exe

< MD5 for: RDPWD.SYS >
[2008/02/12 22:08:46 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\system32\drivers\rdpwd.sys

< MD5 for: SCECLI.DLL >
[2004/08/19 15:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFLOPPY.SYS >
[2008/02/13 21:13:34 | 017,574,878 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys
[2004/08/03 21:59:56 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\system32\drivers\sfloppy.sys

< MD5 for: SPLITTER.SYS >
[2008/02/13 21:13:34 | 017,574,878 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys
[2006/06/14 08:50:20 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\system32\drivers\splitter.sys

< MD5 for: SWMIDI.SYS >
[2001/08/17 21:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\system32\drivers\swmidi.sys

< MD5 for: TCPIP.SYS >
[2008/02/13 21:05:34 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=CE3EC03C9F65302E44AF5C452D20A86F -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: TDPIPE.SYS >
[2004/08/19 15:10:20 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\system32\drivers\tdpipe.sys

< MD5 for: TDTCP.SYS >
[2004/08/19 15:10:20 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\system32\drivers\tdtcp.sys

< MD5 for: USBPRINT.SYS >
[2008/02/13 21:13:34 | 017,574,878 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys
[2004/08/03 22:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\system32\drivers\usbprint.sys

< MD5 for: USBSCAN.SYS >
[2008/02/13 21:13:34 | 017,574,878 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys
[2004/08/03 21:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\system32\drivers\usbscan.sys

< MD5 for: USERINIT.EXE >
[2004/08/19 15:10:04 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2004/08/19 14:59:14 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=313B1A0D5DB26DFE1C34A6C13B2CE0A7 -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/02/13 21:04:39 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=AFE97D09B55D4E93A189C3B8371A2474 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %APPDATA%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*.* >

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Rapport Extras.Txt :

OTL Extras logfile created on: 28/10/2012 17:50:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

1023,48 Mb Total Physical Memory | 538,80 Mb Available Physical Memory | 52,64% Memory free
2,40 Gb Paging File | 1,92 Gb Available in Paging File | 79,81% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 63,99 Gb Total Space | 29,68 Gb Free Space | 46,38% Space Free | Partition Type: NTFS
Drive D: | 73,26 Gb Total Space | 52,24 Gb Free Space | 71,32% Space Free | Partition Type: NTFS

Computer Name: WINDOWS-16F9BB1 | User Name: Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [a-openew] -- explorer.exe "%1" (Microsoft Corporation)
Directory [c-cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Gigabyte\@BIOS\gwflash.exe" = C:\Program Files\Gigabyte\@BIOS\gwflash.exe:*:Enabled:GBTFlash -- (TODO: <Company name>)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0000040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0271A4CB-D48C-4CDF-826F-62EE8D91663F}_is1" = WahOO
"{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{385FDE35-F22D-466C-9492-41EF8BBCC546}_is1" = Sax Tutor version 4.0
"{39FCD08F-E311-4959-84B9-1012023724B9}" = Sunny Explorer
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{78965D65-54B5-4F0D-9F31-FCF67FED0917}" = Ma-Config.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{824563DE-75AD-4166-9DC0-B6482F206295}" = Belgium e-ID middleware 3.5.3 (build 6295)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{86AED2CA-EE00-400B-8516-5152CC10B32E}" = Feneris Video Downloader
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}" = AeroFly Professional Deluxe (incl. Add-On 1)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Français
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logiciel QuickCam de Logitech
"{C6D91586-9F98-4CFD-9BC3-FC0800911005}" = SmartCard Reader Driver Installation
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}" = WiFi Station
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDA7A7CB-F1DE-42A9-83A6-27BE6CD6E8F3}" = SmartControl II
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"AU-1_Corsair" = AU-1_Corsair
"avast" = avast! Free Antivirus
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"Convertisseur PDF_is1" = Convertisseur PDF 5.1.0.398
"Defraggler" = Defraggler
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint" = Easy-WebPrint
"eMule" = eMule
"Enregistrement utilisateur de Canon MP510" = Enregistrement utilisateur de Canon MP510
"Enregistrement utilisateur de Canon MP550 series" = Enregistrement utilisateur de Canon MP550 series
"FMS" = FMS
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"HijackThis" = HijackThis 2.0.2
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"Kernel Outlook PST Viewer_is1" = Kernel Outlook PST Viewer ver 11.05.01
"LimeWire" = LimeWire 5.6.2
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"NVIDIA Drivers" = NVIDIA Drivers
"Parallel Port Joystick" = Parallel Port Joystick
"QcDrv" = Programme de gestion Camera de Logitech®
"Quick Zip_is1" = Quick Zip 4.60.019
"Sunny Data Control" = Sunny Data Control
"Unlocker" = Unlocker 1.8.5
"VLC media player" = VLC media player 1.1.5
"WFastStone" = FastStone
"WIC" = Windows Imaging Component
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = WinRAR
"Wipe 2012" = Wipe 2012.15
"WIrfanView" = IrfanView
"WTIS" = Windows Trust Installer
"WuTorrent" = uTorrent
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"PhotoFiltre" = PhotoFiltre
"Piratrax" = Piratrax désinstallation

========== Last 20 Event Log Errors ==========

[ Antivirus Events ]
Error - 2/09/2010 5:14:25 | Computer Name = WINDOWS-16F9BB1 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 26/10/2012 17:33:46 | Computer Name = WINDOWS-16F9BB1 | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 80070422 à partir de la ligne 44
de d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 26/10/2012 17:33:46 | Computer Name = WINDOWS-16F9BB1 | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040206.

Error - 27/10/2012 13:49:31 | Computer Name = WINDOWS-16F9BB1 | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 80070422 à partir de la ligne 44
de d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 27/10/2012 13:49:31 | Computer Name = WINDOWS-16F9BB1 | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040206.

Error - 27/10/2012 15:35:11 | Computer Name = WINDOWS-16F9BB1 | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 80070422 à partir de la ligne 44
de d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 27/10/2012 15:35:11 | Computer Name = WINDOWS-16F9BB1 | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040206.

Error - 28/10/2012 10:55:49 | Computer Name = WINDOWS-16F9BB1 | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 80070422 à partir de la ligne 44
de d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 28/10/2012 10:55:49 | Computer Name = WINDOWS-16F9BB1 | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040206.

Error - 28/10/2012 12:38:15 | Computer Name = WINDOWS-16F9BB1 | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 80070422 à partir de la ligne 44
de d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 28/10/2012 12:38:15 | Computer Name = WINDOWS-16F9BB1 | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040206.

[ System Events ]
Error - 28/10/2012 10:57:09 | Computer Name = WINDOWS-16F9BB1 | Source = Service Control Manager | ID = 7000
Description = Le service nVidia WDM Video Capture (universal) n'a pas pu démarrer
en raison de l'erreur : %%1058

Error - 28/10/2012 10:57:09 | Computer Name = WINDOWS-16F9BB1 | Source = Service Control Manager | ID = 7000
Description = Le service nVidia WDM A/V Crossbar n'a pas pu démarrer en raison de
l'erreur : %%1058

Error - 28/10/2012 10:57:09 | Computer Name = WINDOWS-16F9BB1 | Source = Service Control Manager | ID = 7001
Description = Le service Notification d'événement système dépend du service Système
d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 28/10/2012 12:36:57 | Computer Name = WINDOWS-16F9BB1 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 28/10/2012 12:38:15 | Computer Name = WINDOWS-16F9BB1 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 28/10/2012 12:38:15 | Computer Name = WINDOWS-16F9BB1 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 28/10/2012 12:39:35 | Computer Name = WINDOWS-16F9BB1 | Source = Service Control Manager | ID = 7001
Description = Le service Moniteur infrarouge dépend du service Services Terminal
Server qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 28/10/2012 12:39:35 | Computer Name = WINDOWS-16F9BB1 | Source = Service Control Manager | ID = 7000
Description = Le service nVidia WDM Video Capture (universal) n'a pas pu démarrer
en raison de l'erreur : %%1058

Error - 28/10/2012 12:39:35 | Computer Name = WINDOWS-16F9BB1 | Source = Service Control Manager | ID = 7000
Description = Le service nVidia WDM A/V Crossbar n'a pas pu démarrer en raison de
l'erreur : %%1058

Error - 28/10/2012 12:39:35 | Computer Name = WINDOWS-16F9BB1 | Source = Service Control Manager | ID = 7001
Description = Le service Notification d'événement système dépend du service Système
d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur : %%1058


< End of report >

[jeanmimigab]

salut,

c'est infecté un max chez toi...

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:OTL
PRC - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\WahOO.exe ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\WahOO.exe ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\QtWebKit4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\QtXml4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\phonon4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\QtGui4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\QtCore4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\QtNetwork4.dll () )
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\imageformats\qtiff4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\imageformats\qmng4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\imageformats\qjpeg4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\imageformats\qico4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\imageformats\qgif4.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\libgcc_s_dw2-1.dll ()
MOD - C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\mingwm10.dll ()
O4 - HKU\S-1-5-21-299502267-1592454029-839522115-500\..\Run: [WahOO] C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\WahOO.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideRunAsVerb = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 =
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8



:Files
C:\Documents and Settings\Administrateur\Application Data\OpenCandy
C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO
C:\Documents and Settings\Administrateur\Application Data\PriceGong
C:\Program Files\Conduit
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit


:Commands
[emptytemp]

* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir
* Copie et colle le rapports dans ta réponse stp...

ensuite...

• télécharge Malwarebytes >>ici
• Choisis "exécuter un examen rapide" et à la fin du scanne , coches tous les éléments trouvés,et cliques sur supprimer la sélection.
• Poste moi le rapport stp.

en cas de problèmes avec l’utilisation de malwarebyte, pour t'aider un super tuto de Danakil.

[cracoukass]

Bonsoir Jeanmimigab,

Merci pour ta réponse,
Voici le rapport OTL ; il est déjà moins long que le précédent !

Code: Tout sélectionner

All processes killed
========== OTL ==========
No active process named WahOO.exe was found!
Registry value HKEY_USERS\S-1-5-21-299502267-1592454029-839522115-500\\Software\Microsoft\Windows\CurrentVersion\Run\\WahOO deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\WahOO.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktopCleanupWizard deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRemoteRecursiveEvents deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveTrack deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideRunAsVerb deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoNetConnectDisconnect deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\SynchronousMachineGroupPolicy deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\SynchronousUserGroupPolicy deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoInternetOpenWith deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktopCleanupWizard deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveTrack deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMBalloonTip deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMConfigurePrograms deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStrCmpLogical deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWelcomeScreen deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktopCleanupWizard not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveTrack not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMBalloonTip not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMConfigurePrograms not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStrCmpLogical not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWelcomeScreen not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktopCleanupWizard deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveTrack deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMBalloonTip deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMConfigurePrograms deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStrCmpLogical deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWelcomeScreen deleted successfully.
Registry key HKEY_USERS\S-1-5-21-299502267-1592454029-839522115-500\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp deleted successfully.
Registry value HKEY_USERS\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo deleted successfully.
Registry value HKEY_USERS\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktopCleanupWizard deleted successfully.
Registry value HKEY_USERS\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch deleted successfully.
Registry value HKEY_USERS\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveTrack deleted successfully.
Registry value HKEY_USERS\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMBalloonTip deleted successfully.
Registry value HKEY_USERS\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMConfigurePrograms deleted successfully.
Registry value HKEY_USERS\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStrCmpLogical deleted successfully.
Registry value HKEY_USERS\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWelcomeScreen deleted successfully.
Registry value HKEY_USERS\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\SET51.tmp deleted successfully.
C:\WINDOWS\System32\SET54.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
========== FILES ==========
C:\Documents and Settings\Administrateur\Application Data\OpenCandy\OpenCandy_A79AEA3BCF3D47AB8E2CD066826AE523 folder moved successfully.
C:\Documents and Settings\Administrateur\Application Data\OpenCandy\A79AEA3BCF3D47AB8E2CD066826AE523 folder moved successfully.
C:\Documents and Settings\Administrateur\Application Data\OpenCandy folder moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\Plugins folder moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO\imageformats folder moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\WahOO folder moved successfully.
C:\Documents and Settings\Administrateur\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\Administrateur\Application Data\PriceGong folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrateur
->Temp folder emptied: 6629554 bytes
->Temporary Internet Files folder emptied: 5920240 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 620 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 692146 bytes
 
User: LocalService.AUTORITE NT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 769435 bytes
 
User: NetworkService.AUTORITE NT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 198492292 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 203,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10282012_203859

Files\Folders moved on Reboot...
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\8RG84GQM\fenetre-intempestive-demarrage-vt-66133[1].htm moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\8RG84GQM\xd_arbiter[1].htm moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\7LO80REI\ads[2].htm moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\7LO80REI\ads[3].htm moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\7LO80REI\tweet_button.1347008535[1].htm moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\7LO80REI\xd_arbiter[1].htm moved successfully.
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


et voici le rapport après malewarebytes :

Code: Tout sélectionner

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Version de la base de données: v2012.10.28.07

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
Administrateur :: WINDOWS-16F9BB1 [administrateur]

28/10/2012 20:45:35
mbam-log-2012-10-28 (20-45-35).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 220476
Temps écoulé: 7 minute(s), 6 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)


Apparemment, aucun élément nuisible trouvé par malewarebytes !

Pour info, point de vue sécurité j'utilise avast free antivirus et le pare feu Nvidia, de plus je passe fréquemment (+/- 1 fois par semaine) CCleaner, Spybot et Wipe2012 mais comme ce sont tous des programmes free, ils ne sont peut être pas infaillibles ...??

[jeanmimigab]

hello

Pour info, point de vue sécurité j'utilise avast free antivirus et le pare feu Nvidia, de plus je passe fréquemment (+/- 1 fois par semaine) CCleaner, Spybot et Wipe2012 mais comme

pour spybot et Wipe, je ne leur trouve pas vraiment d'intérêt...pour moi Avast, ton pare-feu et malwarebyte sont antierrement suffisant

ce sont tous des programmes free, ils ne sont peut être pas infaillibles ...??

ce n'est pas un problème, c'est juste qu'il ont moins de fonctionnalité que les version payante. sauf pour malwarebyte qui a un scanneur résident en version payante.

comment se comporte le pc maintenant stp ?

[cracoukass]

Salut,

Hélas, ma petite fenêtre est toujours là ... elle continue d'apparaître à chaque démarrage !

[jeanmimigab]

hello,

peux-tu me refaire un scanne OTL après avoir redémarrer ton pc (en prenant soin de laisse cette "petite fenêtre" ouverte durant le scanne).
note: cette fois-ci tu n'auras pas de rapport "extrats.txt"

[cracoukass]

bonsoir à toi,

voici le nouveau rapport OTL :

Code: Tout sélectionner

OTL logfile created on: 30/10/2012 23:26:24 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy
 
1023,48 Mb Total Physical Memory | 576,57 Mb Available Physical Memory | 56,33% Memory free
2,40 Gb Paging File | 2,10 Gb Available in Paging File | 87,23% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 63,99 Gb Total Space | 29,69 Gb Free Space | 46,40% Space Free | Partition Type: NTFS
Drive D: | 73,25 Gb Total Space | 52,24 Gb Free Space | 71,31% Space Free | Partition Type: NTFS
Drive G: | 11,73 Gb Total Space | 11,65 Gb Free Space | 99,35% Space Free | Partition Type: NTFS
 
Computer Name: WINDOWS-16F9BB1 | User Name: Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Documents and Settings\Administrateur\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files\Belgium Identity Card\beid35gui.exe (Belgian Government)
PRC - C:\Program Files\Fichiers communs\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\EmvSmartCardReader\BePCSC.exe (Alcor Micro, Corp.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\EmvSmartCardReader\SmartMON.exe ()
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
PRC - C:\Program Files\Hercules\WiFi Station\WiFiStation.exe (Hercules)
PRC - C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\SetPoint\KHALMNPR.exe (Logitech Inc.)
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - C:\Program Files\Alwil Software\Avast5\defs\12103001\algo.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl ()
MOD - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe ()
MOD - C:\Program Files\Belgium Identity Card\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Belgium Identity Card\QtGui4.dll ()
MOD - C:\Program Files\Belgium Identity Card\QtCore4.dll ()
MOD - C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe ()
MOD - C:\Program Files\EmvSmartCardReader\SmartMON.exe ()
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PdiService) -- C:\Program Files\Fichiers communs\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (DTSRVC) -- C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe ()
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (cpuz132) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (Changer) --  File not found
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft)
DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (Pivot) -- C:\WINDOWS\system32\drivers\pivot.sys (Portrait Displays, Inc.)
DRV - (pivotmou) -- C:\WINDOWS\system32\drivers\pivotmou.sys (Portrait Displays, Inc.)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (EMVSCARD) -- C:\WINDOWS\system32\drivers\EMVSCARD.sys (USB Smart Card Reader)
DRV - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (nvcchflt) -- C:\WINDOWS\system32\drivers\nvcchflt.sys (NVIDIA Corporation)
DRV - (nvata) -- C:\WINDOWS\system32\drivers\nvata.sys (NVIDIA Corporation)
DRV - (RT2500) -- C:\WINDOWS\system32\drivers\rt2500.sys (Ralink Technology Inc.)
DRV - (nvcap) -- C:\WINDOWS\system32\drivers\NVCAP.SYS (NVIDIA Corporation)
DRV - (NVXBAR) -- C:\WINDOWS\system32\drivers\NVXBAR.SYS (NVIDIA Corporation)
DRV - (PPortJoystick) -- C:\WINDOWS\system32\drivers\PPortJoy.sys (Deon van der Westhuysen)
DRV - (PPJoyBus) -- C:\WINDOWS\system32\drivers\PPJoyBus.sys (Deon van der Westhuysen)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (Elaborate Bytes)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {06B469CF-CDC2-47F4-81A9-8EA6E8506E45}
IE - HKLM\..\SearchScopes\{06B469CF-CDC2-47F4-81A9-8EA6E8506E45}: "URL" = http://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,customizesearch = http://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,searchassistant = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {06B469CF-CDC2-47F4-81A9-8EA6E8506E45}
IE - HKU\.DEFAULT\..\SearchScopes\{06B469CF-CDC2-47F4-81A9-8EA6E8506E45}: "URL" = http://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,customizesearch = http://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,searchassistant = http://www.google.com/ie
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {06B469CF-CDC2-47F4-81A9-8EA6E8506E45}
IE - HKU\S-1-5-18\..\SearchScopes\{06B469CF-CDC2-47F4-81A9-8EA6E8506E45}: "URL" = http://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,customizesearch = http://www.google.com/ie
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,searchassistant = http://www.google.com/ie
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {06B469CF-CDC2-47F4-81A9-8EA6E8506E45}
IE - HKU\S-1-5-20\..\SearchScopes\{06B469CF-CDC2-47F4-81A9-8EA6E8506E45}: "URL" = http://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.skynet.be/?new_lang=fr
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\..\SearchScopes,DefaultScope = {06B469CF-CDC2-47F4-81A9-8EA6E8506E45}
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\..\SearchScopes\{06B469CF-CDC2-47F4-81A9-8EA6E8506E45}: "URL" = http://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2010/03/11 15:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
[2010/03/11 15:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions\maxtv4@labs.max-tv.be
[2010/01/03 16:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/13 19:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: ClipConverter = C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\njjjgjlocdhecpgdcfjblcnfebfnmhpp\1.2.6_0\
 
O1 HOSTS File: ([2011/09/12 22:11:30 | 000,437,564 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 15050 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [beid] C:\Program Files\Belgium Identity Card\beid35gui.exe (Belgian Government)
O4 - HKLM..\Run: [BePCSC] C:\Program Files\EmvSmartCardReader\BePCSC.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DT PHL] C:\Program Files\Fichiers communs\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [ElbyCheckElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [SmartMon] C:\Program Files\EmvSmartCardReader\SmartMON.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKU\S-1-5-21-299502267-1592454029-839522115-500..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-299502267-1592454029-839522115-500..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-299502267-1592454029-839522115-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [WIAWizardMenu] C:\WINDOWS\System32\sti_ci.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-20..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WiFi Station.lnk = C:\Program Files\Hercules\WiFi Station\WiFiStation.exe (Hercules)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-299502267-1592454029-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-299502267-1592454029-839522115-500\..Trusted Domains: localhost ([]http in Sites de confiance)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://belgacom.extrafilm.be/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} http://belgacom.smartphoto.be/ExtraFilmUploader6.cab (ExtraFilm Uploader Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/24 13:01:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0fbe8bd6-e3ed-11de-81f6-0014850ea35f}\Shell - "" = AutoRun
O33 - MountPoints2\{0fbe8bd6-e3ed-11de-81f6-0014850ea35f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d6968c12-0cd9-11df-825d-0014850ea35f}\Shell - "" = AutoRun
O33 - MountPoints2\{d6968c12-0cd9-11df-825d-0014850ea35f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/10/29 12:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ma-config.com
[2012/10/28 20:38:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/28 17:44:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\Recent
[2012/10/28 17:40:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2012/10/20 23:51:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/10/20 22:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\PowerQuest PartitionMagic 8.0
[2012/10/20 22:13:52 | 000,000,000 | ---D | C] -- C:\Program Files\PowerQuest
[2012/10/20 22:10:14 | 000,000,000 | ---D | C] -- C:\Temp program
[2012/10/18 11:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2012/10/17 22:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2012/10/17 14:20:43 | 000,216,320 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt25009x.sys
[2012/10/17 14:20:43 | 000,214,912 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt2500.sys
[2012/10/17 14:20:43 | 000,143,360 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt25u98.sys
[2012/10/17 14:20:43 | 000,140,416 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt2500usb.sys
[2012/10/17 14:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Hercules
[2012/10/17 10:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\WIPE2012
[2012/10/17 10:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Wipe 2012
[2012/10/17 10:22:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2012/10/16 23:43:32 | 000,062,009 | ---- | C] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\wpfb_nv4_disp.dll
[2012/10/16 23:32:11 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2012/10/16 23:30:02 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/10/16 23:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2012/10/16 23:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\InstallShield
[2012/10/16 21:52:34 | 000,180,224 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2012/10/16 21:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Help
[2012/10/16 17:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Mes documents\{9DF687E7-381C-4882-A05F-4ADF1DD53394}
[2012/10/16 17:51:12 | 000,289,792 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\idecoins.dll
[2012/10/16 17:51:12 | 000,033,280 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVCOI.DLL
[2012/10/16 17:51:11 | 000,176,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvuide.exe
[2012/10/16 17:50:44 | 000,101,632 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvtcp.sys
[2012/10/16 17:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\NVIDIA Corporation
[2012/10/16 17:39:12 | 000,100,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\NVTCP.SYS
[2012/10/16 17:37:53 | 000,466,944 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\CapabilityTable.exe
[2012/10/16 17:37:45 | 000,300,032 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\idecoi.dll
[2012/10/16 17:37:45 | 000,092,800 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvata.sys
[2012/10/16 17:37:06 | 000,201,728 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\fdco1ins.dll
[2012/10/16 17:37:05 | 000,201,728 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\fdco1.dll
[2012/10/16 17:37:05 | 000,033,536 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\NVENETFD.sys
[2012/10/16 17:37:03 | 000,208,256 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvsnpu.sys
[2012/10/16 17:37:03 | 000,032,256 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvconrm.dll
[2012/10/16 17:37:03 | 000,009,728 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\bdco1ins.dll
[2012/10/16 17:37:03 | 000,009,728 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\bdco1.dll
[2012/10/16 17:37:02 | 000,261,888 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvnrm.sys
[2012/10/16 17:37:02 | 000,012,928 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvnetbus.sys
[2012/10/16 17:30:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/10/16 16:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\GIGABYTE
[2012/10/15 22:56:56 | 000,000,000 | ---D | C] -- C:\logs
[2012/10/15 17:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Gigabyte
[2012/10/15 10:56:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/02 22:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/08/19 23:14:13 | 000,028,800 | ---- | C] (Deon van der Westhuysen) -- C:\Program Files\PPortJoy.sys
[2011/08/19 23:14:13 | 000,013,952 | ---- | C] (Deon van der Westhuysen) -- C:\Program Files\PPJoyBus.sys
[2011/08/19 23:14:13 | 000,005,632 | ---- | C] (Deon van der Westhuysen) -- C:\Program Files\W98Ports.sys
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/10/30 23:26:42 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/30 23:25:22 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/30 23:25:22 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2012/10/30 23:25:20 | 000,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/10/30 16:47:00 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/30 16:40:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/29 12:35:32 | 000,000,212 | -H-- | M] () -- C:\boot.ini
[2012/10/28 17:52:08 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/10/28 17:40:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2012/10/28 15:59:58 | 000,481,740 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/10/28 15:59:58 | 000,414,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/28 15:59:58 | 000,073,450 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/10/28 15:59:58 | 000,061,444 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/27 20:38:59 | 000,020,146 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\Fenêtre intempestive.jpg
[2012/10/27 20:32:29 | 000,655,498 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\CaptureScreen.zip
[2012/10/22 09:35:10 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/20 23:17:22 | 000,000,298 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2012/10/18 11:42:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/10/17 22:12:23 | 000,047,614 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\save easy cleaner.htm
[2012/10/17 14:20:43 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\WiFi Station.lnk
[2012/10/17 14:20:41 | 000,001,563 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WiFi Station.lnk
[2012/10/17 10:57:31 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Wipe 2012.lnk
[2012/10/16 23:43:39 | 000,062,009 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\wpfb_nv4_disp.dll
[2012/10/16 17:39:38 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/10/16 17:39:26 | 000,000,025 | ---- | M] () -- C:\WINDOWS\Nomdefichier
[2012/10/16 17:14:42 | 000,000,169 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[2012/10/15 23:24:30 | 000,002,597 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Feneris Video Downloader.lnk
[2012/10/09 10:40:28 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/09 10:40:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/02 22:08:44 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/10/28 17:52:08 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/10/27 20:38:59 | 000,020,146 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\Fenêtre intempestive.jpg
[2012/10/27 20:32:24 | 000,655,498 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\CaptureScreen.zip
[2012/10/17 22:12:23 | 000,047,614 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\save easy cleaner.htm
[2012/10/17 14:20:43 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\WiFi Station.lnk
[2012/10/17 14:20:41 | 000,001,563 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WiFi Station.lnk
[2012/10/17 10:57:31 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Wipe 2012.lnk
[2012/10/17 10:22:19 | 000,039,291 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2012/10/16 23:26:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2661.bin
[2012/10/16 23:26:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2561s.bin
[2012/10/16 23:26:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2561.bin
[2012/10/16 21:52:34 | 000,015,868 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2012/10/16 17:51:11 | 000,001,537 | ---- | C] () -- C:\WINDOWS\System32\nvide.nvu
[2012/10/16 17:39:38 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/10/16 17:39:26 | 000,000,025 | ---- | C] () -- C:\WINDOWS\Nomdefichier
[2012/10/02 22:08:44 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/05/31 16:29:51 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2_WIPE2012.ini
[2012/05/31 16:29:45 | 000,340,992 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2012/05/31 16:29:43 | 000,340,992 | ---- | C] () -- C:\WINDOWS\sqlite36_engine.dll
[2011/10/15 10:49:17 | 000,007,432 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2011/10/10 22:12:53 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\DriveCalculator Preferences
[2011/08/19 23:14:13 | 000,258,048 | ---- | C] () -- C:\Program Files\PPortJoy.cpl
[2011/08/19 23:14:13 | 000,245,760 | ---- | C] () -- C:\Program Files\PPJoyKey.exe
[2011/08/19 23:14:13 | 000,176,128 | ---- | C] () -- C:\Program Files\PPJoyCom.exe
[2011/08/19 23:14:13 | 000,163,840 | ---- | C] () -- C:\Program Files\PPJoyDLL.exe
[2011/08/19 23:14:13 | 000,159,744 | ---- | C] () -- C:\Program Files\PPJoyMouse.exe
[2011/08/19 23:14:13 | 000,003,957 | ---- | C] () -- C:\Program Files\PPortJoy.inf
[2011/08/19 23:14:13 | 000,002,012 | ---- | C] () -- C:\Program Files\PPJoyBus.inf
[2011/08/19 23:14:13 | 000,001,742 | ---- | C] () -- C:\Program Files\W98Ports.inf
[2011/04/17 23:10:12 | 000,000,490 | ---- | C] () -- C:\Program Files\Netlor StudioStyleView.sps
[2011/04/11 21:55:52 | 000,000,474 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/12 21:49:47 | 000,019,664 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/09 20:59:15 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/11/02 23:07:01 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avalon2.2.ini
[2010/06/06 16:19:27 | 000,000,978 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\QuickZip45.ini
[2010/05/12 22:16:26 | 003,502,080 | ---- | C] () -- C:\Program Files\FVD.msi
[2010/03/26 23:47:00 | 000,081,640 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/25 22:47:58 | 000,000,793 | ---- | C] () -- C:\Program Files\Netlor Studiopreview.html
[2009/10/27 20:11:52 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/10/24 13:02:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/02/12 22:23:50 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/19 15:09:26 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/19 15:09:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009/11/24 18:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\123 Free Solitaire
[2012/10/28 17:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Azureus
[2010/09/12 15:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Canon
[2011/01/09 21:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Convertisseur PDF
[2011/10/15 10:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\DisplayTune
[2009/10/24 15:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\FotoWire
[2012/08/07 13:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\IObit
[2012/10/30 23:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\LimeWire
[2010/03/11 15:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\MaxTV Technologies
[2010/03/26 23:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\PhotoFiltre
[2009/10/24 15:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
[2012/05/09 22:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\SMA
[2012/03/12 12:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\uTorrent
[2012/10/28 17:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\WIPE2012
[2010/11/28 15:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/09 17:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/08/08 18:39:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/08 20:10:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/09/06 21:03:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/03/12 12:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/10/16 22:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/10/29 12:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2010/06/06 16:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/24 15:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/05/09 22:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMA
[2011/01/09 21:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smart Soft
[2009/10/27 21:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/10/16 22:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/03/12 21:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/15 11:13:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >


[jeanmimigab]

salut,

on va tenter quelque chose...

• Télécharge >> TFC.exe << impérativement sur ton bureau
• Ferme tous les programmes en cour de fonctionnement...
• Fais un double-clic sur l'icône de TFC pour le lancer
• Une demande va apparaitre pour te demander de redémarrer ton pc, cliques sur "YES" et laisse faire TFC.

ensuite..

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:OTL
DRV - (cpuz132) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys File not found => Kernel Mode Driver
IE - HKU\S-1-5-21-299502267-1592454029-839522115-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
O33 - MountPoints2\{0fbe8bd6-e3ed-11de-81f6-0014850ea35f}\Shell - "" = AutoRun
O33 - MountPoints2\{0fbe8bd6-e3ed-11de-81f6-0014850ea35f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a => U3 Smart drive Software
O33 - MountPoints2\{d6968c12-0cd9-11df-825d-0014850ea35f}\Shell - "" = AutoRun
O33 - MountPoints2\{d6968c12-0cd9-11df-825d-0014850ea35f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a => U3 Smart drive Software

:Commands
[emptytemp]

* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir
* Copie et colle le rapports dans ta réponse stp...

[cracoukass]

Bonsoir et merci pour ton aide,

Voici le rapport demandé :

Code: Tout sélectionner

All processes killed
========== OTL ==========
Service cpuz132 stopped successfully!
Service cpuz132 deleted successfully!
File  C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys File not found => Kernel Mode Driver not found.
Registry key HKEY_USERS\S-1-5-21-299502267-1592454029-839522115-500\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fbe8bd6-e3ed-11de-81f6-0014850ea35f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fbe8bd6-e3ed-11de-81f6-0014850ea35f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fbe8bd6-e3ed-11de-81f6-0014850ea35f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fbe8bd6-e3ed-11de-81f6-0014850ea35f}\ not found.
File G:\LaunchU3.exe -a => U3 Smart drive Software not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6968c12-0cd9-11df-825d-0014850ea35f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6968c12-0cd9-11df-825d-0014850ea35f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6968c12-0cd9-11df-825d-0014850ea35f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6968c12-0cd9-11df-825d-0014850ea35f}\ not found.
File H:\LaunchU3.exe -a => U3 Smart drive Software not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrateur
->Temp folder emptied: 690 bytes
->Temporary Internet Files folder emptied: 2808651 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService.AUTORITE NT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService.AUTORITE NT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11022012_204413

Files\Folders moved on Reboot...
C:\WINDOWS\temp\_avast_\Webshlock.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Note que, si a ton avis cette fenêtre n'est pas dangereuse, je peut me contenter de la fermer à chaque fois ...
Je ne voudrais pas te faire perdre ton temp sur mon problème surtout si celui ci n'est pas vital pour mon la santé de mon pc
merci à toi
Daniel

[jeanmimigab]

hello,

Après ce scanne, est-ce que cela recommence ?
par ce que je ne vois plus rien qui pourrait faire cela...

Si oui, tu peux me faire une capture de ces fenêtres, par exemple avec gadwin
http://www.pc-infopratique.com/telechar ... creen.html

ensuite tu héberges les images ici et me donnes les liens
http://www.casimages.com/

[cracoukass]

Salut,

Voici à quoi elle ressemble :

Code: Tout sélectionner

[url=http://www.casimages.com/img.php?i=121102092621856789.jpg][img]http://nsa31.casimages.com/img/2012/11/02/mini_121102092621856789.jpg[/img][/url]

je mettrai ma main au feu qu'elle provient de l'installation des nouveaux drivers de ma carte graphique Nvidia récemment ...

si elle ne cause pas de problèmes sécurité ... ce n'est pas trop grave !

[jeanmimigab]

le seul moyen moyen de savoir d'où ça vient, ce serait que tu télécharge "process explorer"

on vas faire deux snapshot, un avec cette fenêtre active et l'autre après avoir fermé cette fenêtre

télécharge PE ici
http://www.pc-infopratique.com/telechar ... g-692.html

redémarre ton PC, et ne ferme pas la petite fenêtre

lance Process explorer et clique en haut sur "File" >> "Save as.." et enregistre le rapport sous le nom avant.txt
ensuite ferme la petite fenêtre, et refais un snapshot en cliquant en haut sur "File" >> "Save as.." et enregistre le rapport sous le nom après.txt

poste les deux rapports

[cracoukass]

Cette fois ci, je crois qu'on touche au but

Voici les 2 rapports ; j'ai déjà remarqué qu'il y a une ligne dont le symbole de l'application ouverte dans la barre des tâches avec la petite fenêtre ressemble a celle de la ligne suivante :
wpCtrl.exe 1480 Pivot Software Support Application Portrait Displays, Inc.

et après avoir cliqué sur le OK de cette fenêtre, la ligne devient :
wpCtrl.exe 1480 Pivot Software Support Application Portrait Displays, Inc.
Floater.exe 2964 Pivot Software Support DLL Portrait Displays, Inc.

Cela semble curieux...
Qu'en pense tu ?

Rapport avant :

Code: Tout sélectionner

Process   PID   CPU   Description   Company Name
System Idle Process   0   100.00      
System   4         
 Interrupts   n/a   < 0.01   Hardware Interrupts and DPCs   
 smss.exe   488      Gestionnaire de session Windows NT   Microsoft Corporation
  csrss.exe   536      Client Server Runtime Process   Microsoft Corporation
  winlogon.exe   560      Application d'ouverture de session Windows NT   Microsoft Corporation
   services.exe   604      Applications Services et Contrôleur   Microsoft Corporation
    ASCService.exe   764      Advanced SystemCare Service   IObit
    svchost.exe   796      Generic Host Process for Win32 Services   Microsoft Corporation
     wmiprvse.exe   2844      WMI   Microsoft Corporation
    svchost.exe   872      Generic Host Process for Win32 Services   Microsoft Corporation
    svchost.exe   904      Generic Host Process for Win32 Services   Microsoft Corporation
    AvastSvc.exe   1072      avast! Service   AVAST Software
    spoolsv.exe   1240      Spooler SubSystem App   Microsoft Corporation
    DTSRVC.exe   1328         
    jqs.exe   1520      Java(TM) Quick Starter Service   Sun Microsystems, Inc.
    pdisrvc.exe   1744      pdisrvc   Portrait Displays, Inc.
    svchost.exe   2896      Generic Host Process for Win32 Services   Microsoft Corporation
   lsass.exe   616      LSA Shell (Export Version)   Microsoft Corporation
explorer.exe   1156      Explorateur Windows   Microsoft Corporation
 OpWareSE4.exe   1408      OCR Aware   ScanSoft, Inc.
 LVCOMSX.EXE   1416      LVCom Server   Logitech Inc.
 SmartMON.exe   1440         
 BePCSC.exe   1448      BePCSC   Alcor Micro, Corp.
 beid35gui.exe   1456      beidgui executable   Belgian Government
 BJMYPRT.EXE   1464      Canon My Printer   CANON INC.
 wpCtrl.exe   1480      Pivot Software Support Application   Portrait Displays, Inc.
 AvastUI.exe   1536      avast! Antivirus   AVAST Software
 nTrayFw.exe   1548      Firewall Tray Application   NVIDIA Corporation
 soundman.exe   1564      Realtek Sound Manager   Realtek Semiconductor Corp.
 TeaTimer.exe   1616      System settings protector   Safer-Networking Ltd.
 ASCTray.exe   1636      Advanced SystemCare 5 Tray   IObit
 KEM.exe   1772      Logitech SetPoint   Logitech Inc.
  KHALMNPR.exe   1864      Logitech Hardware Abstraction Layer   Logitech Inc.
 WiFiStation.exe   1860      WiFi Station Utility   Hercules
 procexp.exe   2772      Sysinternals Process Explorer   Sysinternals - www.sysinternals.com

Process: System Idle Process Pid: 0

Name   Description   Company Name   Version

Rapport après :

Code: Tout sélectionner

Process   PID   CPU   Description   Company Name
System Idle Process   0   100.00      
System   4         
 Interrupts   n/a   < 0.01   Hardware Interrupts and DPCs   
 smss.exe   488      Gestionnaire de session Windows NT   Microsoft Corporation
  csrss.exe   536      Client Server Runtime Process   Microsoft Corporation
  winlogon.exe   560      Application d'ouverture de session Windows NT   Microsoft Corporation
   services.exe   604      Applications Services et Contrôleur   Microsoft Corporation
    ASCService.exe   764      Advanced SystemCare Service   IObit
    svchost.exe   796      Generic Host Process for Win32 Services   Microsoft Corporation
     wmiprvse.exe   2844      WMI   Microsoft Corporation
    svchost.exe   872      Generic Host Process for Win32 Services   Microsoft Corporation
    svchost.exe   904      Generic Host Process for Win32 Services   Microsoft Corporation
    AvastSvc.exe   1072      avast! Service   AVAST Software
    spoolsv.exe   1240      Spooler SubSystem App   Microsoft Corporation
    DTSRVC.exe   1328         
    jqs.exe   1520      Java(TM) Quick Starter Service   Sun Microsystems, Inc.
    pdisrvc.exe   1744      pdisrvc   Portrait Displays, Inc.
    svchost.exe   2896      Generic Host Process for Win32 Services   Microsoft Corporation
   lsass.exe   616      LSA Shell (Export Version)   Microsoft Corporation
explorer.exe   1156      Explorateur Windows   Microsoft Corporation
 OpWareSE4.exe   1408      OCR Aware   ScanSoft, Inc.
 LVCOMSX.EXE   1416      LVCom Server   Logitech Inc.
 SmartMON.exe   1440         
 BePCSC.exe   1448      BePCSC   Alcor Micro, Corp.
 beid35gui.exe   1456      beidgui executable   Belgian Government
 BJMYPRT.EXE   1464      Canon My Printer   CANON INC.
 wpCtrl.exe   1480      Pivot Software Support Application   Portrait Displays, Inc.
  Floater.exe   2964      Pivot Software Support DLL   Portrait Displays, Inc.
 AvastUI.exe   1536      avast! Antivirus   AVAST Software
 nTrayFw.exe   1548      Firewall Tray Application   NVIDIA Corporation
 soundman.exe   1564      Realtek Sound Manager   Realtek Semiconductor Corp.
 TeaTimer.exe   1616      System settings protector   Safer-Networking Ltd.
 ASCTray.exe   1636      Advanced SystemCare 5 Tray   IObit
 KEM.exe   1772      Logitech SetPoint   Logitech Inc.
  KHALMNPR.exe   1864      Logitech Hardware Abstraction Layer   Logitech Inc.
 WiFiStation.exe   1860      WiFi Station Utility   Hercules
 procexp.exe   2976      Sysinternals Process Explorer   Sysinternals - www.sysinternals.com

Process: System Idle Process Pid: 0

Name   Description   Company Name   Version