Votre question

Désinfection ( Résolu)

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
4 Août 2011 15:19:36

Bonjour,
Mozilla Firefox s'ouvre tout seul en m'imposant une page de pub. Spybot, Ccleaner, Malwarebytes, Avast n'y change rien!

SOS

Voici mes rapports:


OTL logfile created on: 04/08/2011 09:21:38 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\richard\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

958,48 Mb Total Physical Memory | 375,16 Mb Available Physical Memory | 39,14% Memory free
1,51 Gb Paging File | 1,06 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186,30 Gb Total Space | 128,95 Gb Free Space | 69,22% Space Free | Partition Type: NTFS

Computer Name: ATHENA | User Name: richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/04 09:09:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\richard\Bureau\OTL.exe
PRC - [2011/07/11 15:36:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/14 13:40:06 | 000,663,168 | ---- | M] (PCTuto) -- C:\Documents and Settings\richard\Application Data\PCtuto\UpdatePCTuto\autoupdater.exe
PRC - [2011/04/14 13:40:04 | 000,982,656 | ---- | M] (PCTUTO) -- C:\Program Files\PCTuto\pctuto.exe
PRC - [2010/11/21 14:22:55 | 000,036,864 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2010/09/07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/09/19 07:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/26 11:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) -- c:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/06/26 11:33:32 | 000,243,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
PRC - [2006/06/26 10:46:04 | 000,497,200 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe


========== Modules (SafeList) ==========

MOD - [2011/08/04 09:09:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\richard\Bureau\OTL.exe
MOD - [2010/11/21 14:22:27 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\richard\Local Settings\Temp\IadHide5.dll
MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/06/26 11:33:42 | 000,091,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2006/06/26 11:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/06/26 11:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2010/09/07 19:20:56 | 006,141,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/09/07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2006/06/26 11:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/06/26 11:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/06/26 11:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/06/23 00:29:46 | 000,038,960 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/06/23 00:29:30 | 000,293,808 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2006/06/16 22:09:48 | 001,611,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1177238915-1078145449-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?hl=fr
IE - HKU\S-1-5-21-1177238915-1078145449-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "SearchElf 1.2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT276972...{searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "SearchElf 1.2 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {f4e6547e-325b-403c-a3bb-ad29ed37a92f}:3.3.3.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT276972..."
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\neteller.desktop@klipfolio: C:\Program Files\NETELLER app\plugins\Firefox\neteller\ [2010/12/28 12:21:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/11 15:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/03 09:17:41 | 000,000,000 | ---D | M]

[2010/12/21 12:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\richard\Application Data\Mozilla\Extensions
[2011/08/01 10:04:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\richard\Application Data\Mozilla\Firefox\Profiles\sv8k8bwx.default\extensions
[2010/12/23 11:21:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\richard\Application Data\Mozilla\Firefox\Profiles\sv8k8bwx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/11 15:39:52 | 000,000,000 | ---D | M] (SearchElf 1.2 Community Toolbar) -- C:\Documents and Settings\richard\Application Data\Mozilla\Firefox\Profiles\sv8k8bwx.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}
[2011/03/25 11:28:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\richard\Application Data\Mozilla\Firefox\Profiles\sv8k8bwx.default\extensions\engine@conduit.com
[2011/08/01 10:04:20 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\richard\Application Data\Mozilla\Firefox\Profiles\sv8k8bwx.default\extensions\plugin@yontoo.com
[2010/11/23 13:14:58 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\richard\Application Data\Mozilla\Firefox\Profiles\sv8k8bwx.default\searchplugins\conduit.xml
[2010/12/21 12:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2010/10/03 20:04:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/11 15:36:20 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/06 13:17:03 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2011/05/06 13:17:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/06 13:17:03 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/05/06 13:17:03 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2011/05/06 13:17:03 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011/05/06 13:17:03 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/08/02 22:46:37 | 000,436,274 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15016 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Internet Explorer Form-Fill Plug-In) - {5425B4B8-87F9-4E9C-8B51-8AABA82EBA64} - C:\Program Files\NETELLER app\plugins\IE\Neteller.dll (NEOVIA Financial® Plc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKU\S-1-5-21-1177238915-1078145449-682003330-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [autoupdater] C:\Documents and Settings\richard\Application Data\PCtuto\UpdatePCTuto\autoupdater.exe (PCTuto)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [PCTuto] C:\Program Files\PCTuto\pctuto.exe (PCTUTO)
O4 - HKU\S-1-5-21-1177238915-1078145449-682003330-1004..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1177238915-1078145449-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1177238915-1078145449-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - File not found
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub [...] tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/j [...] s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O18 - Protocol\Handler\bw+0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {9759971f-d5c9-4649-97f0-d0ccd3fb1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {9759971F-D5C9-4649-97F0-D0CCD3FB1691} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/03 17:51:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/04 09:09:49 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\richard\Bureau\OTL.exe
[2011/08/04 08:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richard\Application Data\Systweak
[2011/08/04 08:56:31 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\WINDOWS\System32\roboot.exe
[2011/08/03 09:17:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/02 12:13:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\richard\Recent
[2011/08/02 08:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/02 08:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/08/01 10:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Pool Sharks Game
[2011/08/01 10:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[2011/08/01 10:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/08/01 10:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\PCTuto
[2011/08/01 10:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richard\Application Data\PCtuto
[2011/08/01 10:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\PCTuto
[2011/08/01 10:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richard\Local Settings\Application Data\PCTuto
[2011/07/30 08:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richard\Application Data\Malwarebytes
[2011/07/30 08:45:41 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/30 08:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2011/07/30 08:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/30 08:45:36 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/30 08:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/22 09:16:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Full Tilt Poker.Fr
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/04 09:09:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\richard\Bureau\OTL.exe
[2011/08/04 08:35:17 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/04 08:34:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/04 01:31:00 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/02 22:46:37 | 000,436,274 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/02 21:46:41 | 000,000,250 | -HS- | M] () -- C:\boot.ini
[2011/08/02 09:26:04 | 000,436,274 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110802-224637.backup
[2011/08/02 09:18:32 | 000,000,675 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/08/02 08:33:35 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/01 10:04:26 | 000,001,500 | ---- | M] () -- C:\Documents and Settings\richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Pool Sharks.lnk
[2011/08/01 10:04:18 | 005,587,112 | ---- | M] () -- C:\Documents and Settings\richard\Mes documents\PoolSharksInstaller.exe
[2011/07/30 10:15:26 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/30 10:00:25 | 000,000,561 | ---- | M] () -- C:\Documents and Settings\richard\Bureau\partage.lnk
[2011/07/28 11:14:42 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\richard\Bureau\Metronome.lnk
[2011/07/25 23:27:50 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\richard\Application Data\Microsoft\Internet Explorer\Quick Launch\adsl TV.lnk
[2011/07/22 09:18:24 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Full Tilt Poker.Fr.lnk
[2011/07/15 03:19:16 | 000,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/07 13:26:14 | 000,017,280 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\WINDOWS\System32\roboot.exe
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/02 09:18:30 | 000,000,675 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/08/01 10:04:26 | 000,001,500 | ---- | C] () -- C:\Documents and Settings\richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Pool Sharks.lnk
[2011/08/01 10:03:58 | 005,587,112 | ---- | C] () -- C:\Documents and Settings\richard\Mes documents\PoolSharksInstaller.exe
[2011/07/28 11:14:42 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\richard\Bureau\Metronome.lnk
[2011/07/22 09:18:24 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Full Tilt Poker.Fr.lnk
[2010/12/21 12:58:50 | 000,000,065 | ---- | C] () -- C:\WINDOWS\yesmessenger.ini
[2010/12/21 12:18:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/16 01:11:19 | 000,000,268 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/12/16 01:11:18 | 000,001,039 | ---- | C] () -- C:\WINDOWS\_isenv31.ini
[2010/12/16 01:11:18 | 000,000,521 | ---- | C] () -- C:\WINDOWS\_iserr31.ini
[2010/12/15 13:19:32 | 000,000,026 | ---- | C] () -- C:\WINDOWS\neosetup.INI
[2010/11/21 18:28:50 | 000,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/11/21 14:22:44 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2010/11/06 18:07:34 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\UnCasinoV5_FRA.exe
[2010/11/01 19:07:46 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/28 22:48:58 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/10/28 22:48:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/10/28 22:48:49 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/10/28 22:48:49 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/28 22:48:48 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/10/03 20:05:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/03 19:35:47 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/03 19:34:30 | 000,135,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/03 17:54:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/03 17:47:57 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/01/26 02:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/01/26 02:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2006/06/26 11:33:40 | 000,023,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/04/28 16:05:14 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/03/02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/02 14:00:00 | 000,500,900 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2006/03/02 14:00:00 | 000,432,492 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/02 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2006/03/02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/02 14:00:00 | 000,080,748 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2006/03/02 14:00:00 | 000,067,448 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/02 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2006/03/02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/10/03 18:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/17 14:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2010/11/20 11:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/11/20 11:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
[2011/08/01 10:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/04/15 14:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/02 14:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TeamViewer
[2011/01/12 01:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\Camfrog
[2011/04/04 18:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\gtk-2.0
[2010/11/11 18:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\MSNInstaller
[2011/02/02 13:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\NETELLER app
[2010/10/28 23:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\OpenOffice.org
[2011/08/01 10:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\PCtuto
[2011/08/04 09:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\Systweak
[2011/02/02 13:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\TeamViewer
[2011/03/31 06:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richard\Application Data\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/10/03 17:51:18 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/08/02 21:46:41 | 000,000,250 | -HS- | M] () -- C:\boot.ini
[2006/03/02 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010/10/03 17:51:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/06 18:07:50 | 000,000,132 | ---- | M] () -- C:\ICSYSINF.log
[2010/10/03 17:51:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/11/21 18:29:03 | 000,001,590 | ---- | M] () -- C:\lvcoinst.log
[2010/10/03 17:51:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/03/02 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/11/02 17:31:51 | 000,252,240 | RHS- | M] () -- C:\ntldr
[2011/08/04 08:34:35 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/10/03 19:33:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/10/03 19:33:38 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/10/03 19:33:38 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-15 01:03:19


< MD5 for: EXPLORER.EXE >
[2006/03/02 14:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: IEXPLORE.EXE >
[2006/03/02 14:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=385D1644E676C96EB07848ADA63E37FA -- C:\WINDOWS\ie8\iexplore.exe
[2008/04/14 04:34:06 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=3D3C316BD1E112F3B9C532D8B9939BDC -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe

< MD5 for: SVCHOST.EXE >
[2006/03/02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=2979B03D5382A602623C0535B16AB9C0 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008/04/14 04:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 04:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/03/02 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/03/02 14:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C946DB94
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A

< End of report >


OTL Extras logfile created on: 04/08/2011 09:21:38 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\richard\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

958,48 Mb Total Physical Memory | 375,16 Mb Available Physical Memory | 39,14% Memory free
1,51 Gb Paging File | 1,06 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186,30 Gb Total Space | 128,95 Gb Free Space | 69,22% Space Free | Partition Type: NTFS

Computer Name: ATHENA | User Name: richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1177238915-1078145449-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\adslTV\adsltv.exe" = C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsl TV (EXE) -- (adsl TV / FM)
"C:\Program Files\adslTV\VLC\vlc.exe" = C:\Program Files\adslTV\VLC\vlc.exe:*:Enabled:adsl TV (VLC) -- ()
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:p innacle VideoSpin -- (Pinnacle Systems)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{266517E6-D866-439D-919C-B8B1A52E6080}" = OpenOffice.org 3.2
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34785AD0-6276-11DF-A08A-0800200C9A66}" = Full Tilt Poker.Fr
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AFDD2C6-8663-46B5-B195-6CEB00D44768}" = adsl TV
"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.5 - Français
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"BillardGL 1.75" = BillardGL 1.75
"bwin Poker_is1" = bwin Poker
"CCleaner" = CCleaner
"Eurosport Poker_is1" = Eurosport Poker
"Everest Poker.fr" = Everest Poker.fr (Remove Only)
"Guitar Pro 5_is1" = Guitar Pro 5.0
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 fr)" = Mozilla Firefox 5.0 (x86 fr)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NETELLER app" = NETELLER app (remove only)
"PartyPokerFr" = PartyPoker.fr
"PCTuto Avast_is1" = PCTuto Avast 2.0
"PCTuto_is1" = PCTuto 2.0
"PokerStars.fr" = PokerStars.fr
"Pool Sharks" = Pool Sharks 2.1
"QcDrv" = Programme de gestion Camera de Logitech®
"UpdatePCTuto_is1" = UpdatePCTuto 2.0
"VLC media player" = VLC media player 1.1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/01/2011 07:58:59 | Computer Name = ATHENA | Source = Windows Live Messenger | ID = 1000
Description =

Error - 07/01/2011 13:54:09 | Computer Name = ATHENA | Source = MsiInstaller | ID = 11606
Description = Produit : Win Palace Euro Casino French -- Erreur 1606. Impossible
d'accéder à l'emplacement réseau http://download.realtimegaming.com [...] 00203.cab.

Error - 26/01/2011 09:01:05 | Computer Name = ATHENA | Source = Application Error | ID = 1000
Description = Application défaillante pprekop.exe, version 4.2.0.172, module défaillant
ole32.dll, version 5.1.2600.2182, adresse de défaillance 0x10017bed.

Error - 27/02/2011 07:53:28 | Computer Name = ATHENA | Source = EventSystem | ID = 4614
Description = Le système d'événements de COM+ a détecté une incohérence dans son
état interne. Échec de l'assertion "GetLastError() == 122L" à la ligne 162 de d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Contactez les services du Support Technique Microsoft pour signaler cette erreu

Error - 27/02/2011 07:53:33 | Computer Name = ATHENA | Source = EventSystem | ID = 4614
Description = Le système d'événements de COM+ a détecté une incohérence dans son
état interne. Échec de l'assertion "GetLastError() == 122L" à la ligne 162 de d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Contactez les services du Support Technique Microsoft pour signaler cette erreu

Error - 03/04/2011 05:10:26 | Computer Name = ATHENA | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.

Error - 25/04/2011 14:32:25 | Computer Name = ATHENA | Source = Application Hang | ID = 1002
Description = Application bloquée casino.exe, version 1.0.0.1, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 25/04/2011 14:32:25 | Computer Name = ATHENA | Source = Application Hang | ID = 1002
Description = Application bloquée casino.exe, version 1.0.0.1, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 18/05/2011 22:40:56 | Computer Name = ATHENA | Source = Application Hang | ID = 1002
Description = Application bloquée casino.exe, version 1.0.0.1, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 18/05/2011 22:40:57 | Computer Name = ATHENA | Source = Application Hang | ID = 1002
Description = Application bloquée casino.exe, version 1.0.0.1, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 02/08/2011 02:37:08 | Computer Name = ATHENA | Source = DCOM | ID = 10000
Description = Le démarrage d'un serveur DCOM : {FB7199AB-79BF-11D2-8D94-0000F875C541}
n'est pas possible. L'erreur : "%2" s'est produite lors du démarrage de la commande :
"C:\Program Files\Messenger\msmsgs.exe" -Embedding

Error - 02/08/2011 10:27:32 | Computer Name = ATHENA | Source = DCOM | ID = 10000
Description = Le démarrage d'un serveur DCOM : {FB7199AB-79BF-11D2-8D94-0000F875C541}
n'est pas possible. L'erreur : "%2" s'est produite lors du démarrage de la commande :
"C:\Program Files\Messenger\msmsgs.exe" -Embedding

Error - 02/08/2011 11:52:33 | Computer Name = ATHENA | Source = DCOM | ID = 10000
Description = Le démarrage d'un serveur DCOM : {FB7199AB-79BF-11D2-8D94-0000F875C541}
n'est pas possible. L'erreur : "%2" s'est produ

Merci...

Autres pages sur : desinfection resolu

a c 614 8 Sécurité
4 Août 2011 18:08:57

Bonjour,

Tu as installé VOLONTAIREMENT un logiciel publicitaire car tu n'as pas lu ses conditions d'utilisation pourtant bien foireuses :
http://poissonrougelechat.free.fr/tuto4pc

Supprime donc les programmes suivant :

- PCTuto Avast 2.0
- PCTuto 2.0
- UpdatePCTuto 2.0


Et tant qu'à faire tu peux aussi virer ceci :
- Spybot - Search & Destroy (inutile, la preuve)
- Java(TM) 6 Update 20 (version obsolète, tu possèdes une plus récente, à mettre à jour aussi d'ailleurs ...)

Ensuite :

Télécharge Ad-R (de la TeamXscript) sur ton Bureau.

/!\ Désactive tes protections résidentes : antivirus, antispyware ... Déconnecte-toi et ferme toutes les applications en cours (notamment ton navigateur)/!\

  • Installe le programme (avec les paramètres par défaut).
  • Le programme se lance automatiquement à la fin de l'installation, sinon, lance-le via le raccourci Ad-R situé sur ton Bureau.
    (Utilisateur de Vista/Windows 7, clique-droit sur le raccourci de Ad-R -> Exécuter en tant qu'administrateur)
  • Valide l'avertissement, puis, dans la fenêtre principal, choisis l'option Nettoyer, et valide avec "Oui"
  • A la fin, appuie sur une touche, un rapport apparaitra (sinon, il est situé ici C:\Ad-report-CLEAN[X].txt). Poste-le dans ta prochaine réponse

    /!\ N'oublie pas de réactiver tes protections résidentes /!\


    Ps : Process est détecté par certains antivirus (Antivir, DrWeb, Kaspersky) comme étant un programme malveillant, ce n'est pas le cas. Si tu as une alerte concernant ce fichier, n'empêche pas process de s'exécuter.
    http://www.beyondlogic.org/consulting/processutil/proce...
    6 Août 2011 14:18:53

    Bonjour hyunkel30,
    D'abord MERCI pour ta réponse...
    Mon problème est résolu juste en supprimant :
    - PCTuto Avast 2.0
    - PCTuto 2.0
    - UpdatePCTuto 2.0
    Dois-je continuer la procédure avec Ad-R ?
    Contenus similaires
    a c 614 8 Sécurité
    6 Août 2011 14:39:05

    Re,

    Oui juste pour voir s'il n'y a pas quelques restes ;) 
    9 Août 2011 12:57:15

    Merci encore, Ça me suffit,je vais laisser comme ça.
    Bye ...
    a c 614 8 Sécurité
    9 Août 2011 14:21:12

    Re,

    C'est toi qui voit, c'est ton pc.

    Pour finir :

    Relance OTL.exe
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

  • Clique sur "Purge d'outils"
  • Valide l'avertissement par "ok" et laisse le pc redémarrer.

    Désinstalle AD-R

  • Relance-le via le raccourci Ad-R situé sur ton Bureau.
    (Utilisateur de Vista/Windows 7, clique-droit sur le raccourci de Ad-R -> Exécuter en tant qu'administrateur)
  • Valide l'avertissement, puis, dans la fenêtre principal, choisis l'option Désinstaller, et valide avec "Oui"




    Pour aller plus loin dans ta protection et éviter de te faire réinfecter voici quelques conseils supplémentaires :

  • Attention lors de l'installation de logiciel :
    Veiller à toujours lire les conditions d'utilisation (CLUF), afin de déceler la gestion des données personnelles, l'installation de sponsors publicitaires ou tout autre atteintes à la vie privée. Refuser les toolbars et autres addons proposés.

  • Utiliser un navigateur alternatif pour surfer de manière plus sécurisée :
    Firefox offre une meilleure sécurité par rapport à Internet Explorer, surtout si on le complète de quelques plugins très intéressant : Noscript et WOT par exemple.

  • Surfer sans les droits d'administration : En session limitée ou avec DropMyRight
    Cela diminue considérablement les risques d'infections, car certaines infection ne peuvent alors plus s'installer.

  • Maintenir ses logiciels et son système à jour :
    De nombreuses infections sont dû à des failles de windows, mais aussi de logiciel tiers, comme Sun Java, Adobe Acrobat Reader, etc
    Tu peux faire un scan de vulnérabilité pour connaitre tes logiciels présentant des failles non corrigées ou à mettre à jour.

    Enfin, le plus important reste ton comportement sur ton PC, tu restes la plus importante protection : Évites les comportement à risque : P2P, cracks, téléchargements et installations douteux via des pubs, les messageries instantanées, ou des sites inconnu, sites pornographiques.
    A lire !


    Tu peux indiquer ton sujet "réglé" en cliquant sur le bouton "éditer" dans ton tout premier message.
    -> Ajoute ensuite "résolu" à coté de ton titre et valide.

    Tu peux aussi, si tu le souhaites, valider une "meilleure réponse", ton sujet sera alors automatiquement marqué comme "résolu"

    A bientôt sur les forums Tom's Guide
    9 Août 2011 14:54:55

    OK
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS