Supprimer oaevent.dll

peplvm · par **peplvm** » 03 oct. 2010 13:11

Bonjour,

J'ai désinstallé OAFree via RevoUninstaller. Mais j'ai remarqué 2 choses...

- en faisant un clic droit sur un fichier .exe j'ai l'option Open Safer qui s'affiche ? Certes elle est inactive mais elle est bien écrite et c'est une option d'OA !

- dans C: puis Windows, y-a un fichier oaevent.dll qui appartient aussi à OA, et quand j'essaie de le supprimer, cela ne fonctionne pas ? C'est écrit : cette action ne peut pas être réalisée, le fichier est ouvert dans l'explorateur Windows ?? Fermez le fichier et réessayer !?

Quelqu'un aurait une solution

Merci.

SkyTech · par **SkyTech** » 03 oct. 2010 13:16

Salut,

Pour voir :

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

peplvm · par **peplvm** » 03 oct. 2010 13:46

Merci pour ton aide,

Voici le rapport :

OTL logfile created on: 03/10/2010 13:38:58 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Bruno\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 522,22 Gb Free Space | 87,61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRUNO-PC
Current User Name: Bruno
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Bruno\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

========== Modules (SafeList) ==========

MOD - C:\Users\Bruno\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV:64bit: - (NitroReaderDriverReadSpool) -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe (Nitro PDF Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (OAnet) -- C:\Windows\SysNative\drivers\OAnet.sys (Emsisoft)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (oahlpXX) -- C:\Windows\SysWOW64\drivers\oahlp64.sys ()
DRV - (OAmon) -- C:\Windows\SysWOW64\drivers\OAmon.sys (Emsisoft)
DRV - (OADevice) -- C:\Windows\SysWOW64\drivers\OADriver.sys ()
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 A7 8E 60 FC 8D CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.29
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010/09/21 21:53:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/22 16:14:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/22 16:14:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/09/20 15:46:45 | 000,000,000 | ---D | M]

[2010/06/25 18:22:01 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\mozilla\Extensions
[2010/10/02 18:01:18 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\qoctf00p.default\extensions
[2010/09/22 20:34:43 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\qoctf00p.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/09/30 11:16:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\qoctf00p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/22 16:51:56 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\qoctf00p.default\extensions\[email protected]
[2010/09/22 16:14:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/14 23:32:19 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/09/14 23:32:19 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/09/14 23:32:19 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/09/14 23:32:19 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/09/14 23:32:19 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{511a95b2-17aa-11df-896d-00261896dcba}\Shell - "" = AutoRun
O33 - MountPoints2\{511a95b2-17aa-11df-896d-00261896dcba}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f73c4afe-fa0d-11de-a288-00261896dcba}\Shell - "" = AutoRun
O33 - MountPoints2\{f73c4afe-fa0d-11de-a288-00261896dcba}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/01 13:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/10/01 12:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2010/10/01 12:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ciel
[2010/10/01 12:25:00 | 000,000,000 | ---D | C] -- C:\Données Ciel
[2010/10/01 12:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Ciel
[2010/10/01 12:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ciel
[2010/10/01 12:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/09/29 08:52:56 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2010/09/28 20:28:26 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Célia
[2010/09/22 16:14:26 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\Mozilla
[2010/09/22 16:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/09/21 22:54:10 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Canneverbe Limited
[2010/09/21 22:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2010/09/21 22:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2010/09/21 21:53:46 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\ForceField Shared Files
[2010/09/21 21:53:46 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\CheckPoint
[2010/09/21 21:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/09/21 21:53:35 | 000,046,472 | ---- | C] (Zone Labs Inc.) -- C:\Windows\SysWow64\vsutil_loc040c.dll
[2010/09/21 21:53:33 | 000,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll
[2010/09/21 21:53:31 | 000,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll
[2010/09/21 21:53:31 | 000,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll
[2010/09/21 21:53:29 | 000,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll
[2010/09/21 21:53:25 | 001,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll
[2010/09/21 21:53:25 | 000,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll
[2010/09/21 21:53:24 | 000,299,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll
[2010/09/21 21:53:24 | 000,112,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll
[2010/09/21 21:53:24 | 000,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll
[2010/09/21 21:53:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2010/09/21 21:53:02 | 000,446,152 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys
[2010/09/21 21:53:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2010/09/21 21:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/09/21 21:51:57 | 000,621,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll
[2010/09/21 21:51:57 | 000,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll
[2010/09/21 21:51:57 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/09/21 12:42:23 | 000,425,640 | ---- | C] (Emsi Software GmbH) -- C:\Windows\oaevent.dll
[2010/09/21 12:42:23 | 000,037,872 | ---- | C] (Emsisoft) -- C:\Windows\SysWow64\drivers\OAmon.sys
[2010/09/21 12:42:23 | 000,032,728 | ---- | C] (Emsisoft) -- C:\Windows\SysNative\drivers\OAnet.sys
[2010/09/20 15:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010/09/20 15:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/18 17:28:51 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Technologie ~Cé
[2010/09/15 11:31:12 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/11 15:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC SOFT
[2010/09/07 16:17:23 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\gtk-2.0
[2010/09/07 16:15:51 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Grisbi
[2010/09/04 23:10:31 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Malwarebytes
[2010/09/04 23:10:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/04 23:10:22 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/04 23:10:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/04 23:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Bruno\Documents\*.tmp files -> C:\Users\Bruno\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/03 13:41:02 | 004,718,592 | -HS- | M] () -- C:\Users\Bruno\NTUSER.DAT
[2010/10/03 13:01:59 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/03 13:01:59 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/03 12:54:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/03 12:54:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/03 12:54:38 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/03 12:53:42 | 004,054,207 | -H-- | M] () -- C:\Users\Bruno\AppData\Local\IconCache.db
[2010/10/01 18:37:18 | 000,708,614 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2010/10/01 18:37:18 | 000,619,952 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/01 18:37:18 | 000,132,628 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2010/10/01 18:37:18 | 000,108,134 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/01 18:37:17 | 001,562,454 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/27 21:37:19 | 000,316,797 | ---- | M] () -- C:\Users\Bruno\Documents\Doc1.docx
[2010/09/27 12:17:48 | 000,000,162 | -H-- | M] () -- C:\Users\Bruno\Documents\~$Doc1.docx
[2010/09/22 16:14:23 | 000,001,967 | ---- | M] () -- C:\Users\Bruno\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/21 21:53:56 | 000,422,437 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/09/21 21:53:36 | 000,005,977 | ---- | M] () -- C:\Windows\SysWow64\vsconfig.xml
[2010/09/21 16:51:13 | 000,000,857 | ---- | M] () -- C:\Users\Bruno\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/09/20 17:23:27 | 000,007,622 | ---- | M] () -- C:\Users\Bruno\AppData\Local\resmon.resmoncfg
[2010/09/11 15:25:24 | 000,000,361 | ---- | M] () -- C:\Windows\sil_compta.ini
[2010/09/07 16:27:55 | 000,075,615 | ---- | M] () -- C:\Users\Bruno\Documents\Mes comptes.gsb
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Bruno\Documents\*.tmp files -> C:\Users\Bruno\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/27 12:17:48 | 000,000,162 | -H-- | C] () -- C:\Users\Bruno\Documents\~$Doc1.docx
[2010/09/27 11:16:50 | 000,316,797 | ---- | C] () -- C:\Users\Bruno\Documents\Doc1.docx
[2010/09/22 16:14:23 | 000,001,967 | ---- | C] () -- C:\Users\Bruno\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/21 22:54:02 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010/09/21 22:54:02 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys
[2010/09/21 21:53:36 | 000,005,977 | ---- | C] () -- C:\Windows\SysWow64\vsconfig.xml
[2010/09/21 21:53:24 | 000,422,437 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/09/21 12:42:23 | 000,054,896 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2010/09/21 12:42:23 | 000,053,840 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2010/09/11 15:24:02 | 000,000,361 | ---- | C] () -- C:\Windows\sil_compta.ini
[2010/09/07 16:27:55 | 000,075,615 | ---- | C] () -- C:\Users\Bruno\Documents\Mes comptes.gsb
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/02/05 17:29:45 | 000,007,622 | ---- | C] () -- C:\Users\Bruno\AppData\Local\resmon.resmoncfg
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

SkyTech · par **SkyTech** » 03 oct. 2010 18:02

Re,

Relance OTL.
o sous Personnalisation, copie_colle le contenu du cadre ci dessous et clic Correction, un rapport apparaitra suite à l'opération que tu conserveras sur clé usb par exemple afin d'en coller le résultat:

:OTL
DRV:64bit: - (OAnet) -- C:\Windows\SysNative\drivers\OAnet.sys (Emsisoft)
DRV - (oahlpXX) -- C:\Windows\SysWOW64\drivers\oahlp64.sys ()
DRV - (OAmon) -- C:\Windows\SysWOW64\drivers\OAmon.sys (Emsisoft)
DRV - (OADevice) -- C:\Windows\SysWOW64\drivers\OADriver.sys ()
[2010/09/21 12:42:23 | 000,425,640 | ---- | C] (Emsi Software GmbH) -- C:\Windows\oaevent.dll
[2010/09/21 12:42:23 | 000,037,872 | ---- | C] (Emsisoft) -- C:\Windows\SysWow64\drivers\OAmon.sys
[2010/09/21 12:42:23 | 000,032,728 | ---- | C] (Emsisoft) -- C:\Windows\SysNative\drivers\OAnet.sys
[2010/09/21 12:42:23 | 000,054,896 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2010/09/21 12:42:23 | 000,053,840 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys

:commands
[purity]
[emptytemp]
[emptyflash]

* redemarre le pc sous windows et poste le rapport ici

peplvm · par **peplvm** » 03 oct. 2010 21:12

Re,

Bon, j'ai eu droit à un beau plantage avec OTL. J'ai dû reseter manuellement, puis plus d'internet, pas moyen de réparer !

Bref, j'ai fais une restauration système à la date de hier. Première fois que je dois procéder ainsi.

SkyTech · par **SkyTech** » 03 oct. 2010 22:03

Re,

Va falloir virer les restes depuis un Live CD, fais le script depuis OTLPE :

Télécharge OTLPEnet :: http://oldtimer.geekstogo.com/OTLPENet.exe sur ton Bureau

* Quand le téléchargement sera fini, Double Clic sur OTLPENet.exe et assures-toi d'avoir insérer un CDR vierge dans ton graveur CD/DVD. Une fenêtre va s'ouvrir pour te demander si tu souhaites graver Le CD, clique sur le bouton Oui.
* Patiente le temps de la décompression et de la gravure du CD.
* demarrer sur le cdrom crée de Reatogo , voir exemple: http://forum.malekal.com/booter-sur-dvd-t9447.html

http://imagesup.org/images6/1272203242-otlpe01m.gif

http://imagesup.org/images6/1272203272-otlpe02m.gif

http://imagesup.org/images6/1272203333-otlpe03m.png

http://imagesup.org/images6/1274538354-reatogo.jpg

* Ton système doit montrer un bureau REATOGO-X-PE
* En fonction de votre type de connexion Internet, tu dois être en mesure d'accèder au Net, si bien que tu peux accéder à ce sujet plus facilement.
* Double-click sur l'icone OTLPE

» à ceci valider par ok:

http://imagesup.org/images6/1274092569-loqd1.jpg

» à ceci selectionner sa session:

http://imagesup.org/images6/1274092650-loqd2.jpg

* verifier que "Automatically Load All Remaining Users" est sélectionné et press OK

» OTLPE se lançe alors

...

peplvm · par **peplvm** » 03 oct. 2010 22:13

Je te remercie de prendre de ton temps SkyTech

mais je t'avoue que j'ai "balisé", j'ai essayé juste comme ça, de supprimer un "driver" Emisoft, puis redémarrage et à nouveau pas d'internet.
Je restaure puis redémarre et c'est Ok à nouveau !?

Bref, j'ai bien envie de laisser comme ça.

SkyTech · par **SkyTech** » 03 oct. 2010 22:42

Re,

En faite tu dois encore avoir le driver dans tes Propriétés réseau ;)

oa.png

Désinstalle-le ;)

peplvm · par **peplvm** » 04 oct. 2010 12:06

Bonjour SkyTech,

En effet le driver était bien là, je l'ai désinstallé et pour la connexion c'est Ok. J'ai réessayé de supprimer manuellement oaevent.dll, mais il me dit toujours que le fichier est ouvert dans l'explorateur Windows !?

Je laisse comme ça, tant pis, l'ordi fonctionne très bien.

SkyTech · par **SkyTech** » 04 oct. 2010 19:23

Re,

On a presque fini ;)

Poste un nouveau rapport OTL (comme au début).

peplvm · par **peplvm** » 04 oct. 2010 23:25

Voici le nouveau rapport :

OTL logfile created on: 04/10/2010 23:20:06 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Bruno\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 522,63 Gb Free Space | 87,68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRUNO-PC
Current User Name: Bruno
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Bruno\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\Bruno\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (lnssvcVista) -- C:\Program Files\Soft4Ever\looknstop\LnsSvcVista.exe (Soft4Ever)
SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV:64bit: - (NitroReaderDriverReadSpool) -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe (Nitro PDF Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (OAnet) -- C:\Windows\SysNative\DRIVERS\oanet.sys File not found
DRV:64bit: - (lnsfw1) -- C:\Windows\SysNative\drivers\lnsfw1.sys ()
DRV:64bit: - (lnsfw) -- C:\Windows\SysNative\drivers\lnsfw.sys (GLOANNEC Frederic)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (oahlpXX) -- C:\Windows\SysWOW64\drivers\oahlp64.sys ()
DRV - (OAmon) -- C:\Windows\SysWOW64\drivers\OAmon.sys (Emsisoft)
DRV - (OADevice) -- C:\Windows\SysWOW64\drivers\OADriver.sys ()
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 A7 8E 60 FC 8D CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/22 16:14:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/22 16:14:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/10/03 19:37:27 | 000,000,000 | ---D | M]

[2010/06/25 18:22:01 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\mozilla\Extensions
[2010/10/04 19:59:17 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\qoctf00p.default\extensions
[2010/09/22 20:34:43 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\qoctf00p.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/09/30 11:16:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\qoctf00p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/22 16:51:56 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\qoctf00p.default\extensions\[email protected]
[2010/09/22 16:14:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/14 23:32:19 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/09/14 23:32:19 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/09/14 23:32:19 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/09/14 23:32:19 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/09/14 23:32:19 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Look 'n' Stop] C:\Program Files\Soft4Ever\looknstop\looknstop.exe (Soft4Ever)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{511a95b2-17aa-11df-896d-00261896dcba}\Shell - "" = AutoRun
O33 - MountPoints2\{511a95b2-17aa-11df-896d-00261896dcba}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f73c4afe-fa0d-11de-a288-00261896dcba}\Shell - "" = AutoRun
O33 - MountPoints2\{f73c4afe-fa0d-11de-a288-00261896dcba}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/04 13:58:30 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\looknstop
[2010/10/04 13:57:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/04 13:56:37 | 000,066,400 | ---- | C] (GLOANNEC Frederic) -- C:\Windows\SysNative\drivers\lnsfw.sys
[2010/10/04 13:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Soft4Ever
[2010/10/03 21:05:36 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/10/01 13:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/10/01 12:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2010/10/01 12:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ciel
[2010/10/01 12:25:00 | 000,000,000 | ---D | C] -- C:\Données Ciel
[2010/10/01 12:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Ciel
[2010/10/01 12:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ciel
[2010/10/01 12:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/09/29 08:52:56 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2010/09/28 20:28:26 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Célia
[2010/09/22 16:14:26 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\Mozilla
[2010/09/22 16:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/09/21 22:54:10 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Canneverbe Limited
[2010/09/21 22:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2010/09/21 22:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2010/09/21 21:53:46 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\ForceField Shared Files
[2010/09/21 21:53:35 | 000,046,472 | ---- | C] (Zone Labs Inc.) -- C:\Windows\SysWow64\vsutil_loc040c.dll
[2010/09/21 12:42:23 | 000,425,640 | ---- | C] (Emsi Software GmbH) -- C:\Windows\oaevent.dll
[2010/09/21 12:42:23 | 000,037,872 | ---- | C] (Emsisoft) -- C:\Windows\SysWow64\drivers\OAmon.sys
[2010/09/20 15:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010/09/20 15:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/18 17:28:51 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Documents\Technologie ~Cé
[2010/09/15 11:31:12 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/11 15:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC SOFT
[2010/09/07 16:17:23 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\gtk-2.0
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/04 23:20:04 | 004,718,592 | -HS- | M] () -- C:\Users\Bruno\ntuser.dat
[2010/10/04 14:14:51 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/04 14:14:51 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/04 14:07:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/04 14:07:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/04 14:07:35 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/04 14:06:45 | 002,551,944 | -H-- | M] () -- C:\Users\Bruno\AppData\Local\IconCache.db
[2010/10/04 13:56:37 | 000,082,784 | ---- | M] () -- C:\Windows\SysNative\drivers\lnsfw1.sys
[2010/10/04 13:56:37 | 000,066,400 | ---- | M] (GLOANNEC Frederic) -- C:\Windows\SysNative\drivers\lnsfw.sys
[2010/10/04 13:56:37 | 000,047,104 | ---- | M] () -- C:\Windows\SysNative\fwapi.dll
[2010/10/03 19:43:25 | 000,524,288 | -HS- | M] () -- C:\Users\Bruno\ntuser.dat{3acbd2ff-cf14-11df-985f-00261896dcba}.TMContainer00000000000000000002.regtrans-ms
[2010/10/03 19:43:25 | 000,524,288 | -HS- | M] () -- C:\Users\Bruno\ntuser.dat{3acbd2ff-cf14-11df-985f-00261896dcba}.TMContainer00000000000000000001.regtrans-ms
[2010/10/03 19:43:25 | 000,065,536 | -HS- | M] () -- C:\Users\Bruno\ntuser.dat{3acbd2ff-cf14-11df-985f-00261896dcba}.TM.blf
[2010/10/03 16:26:25 | 000,007,617 | ---- | M] () -- C:\Users\Bruno\AppData\Local\resmon.resmoncfg
[2010/10/01 18:37:18 | 000,708,614 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2010/10/01 18:37:18 | 000,619,952 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/01 18:37:18 | 000,132,628 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2010/10/01 18:37:18 | 000,108,134 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/01 18:37:17 | 001,562,454 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/27 21:37:19 | 000,316,797 | ---- | M] () -- C:\Users\Bruno\Documents\Doc1.docx
[2010/09/22 16:14:23 | 000,001,967 | ---- | M] () -- C:\Users\Bruno\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/21 16:51:13 | 000,000,857 | ---- | M] () -- C:\Users\Bruno\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/09/11 15:25:24 | 000,000,361 | ---- | M] () -- C:\Windows\sil_compta.ini
[2010/09/07 16:27:55 | 000,075,615 | ---- | M] () -- C:\Users\Bruno\Documents\Mes comptes.gsb
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/04 13:56:37 | 000,082,784 | ---- | C] () -- C:\Windows\SysNative\drivers\lnsfw1.sys
[2010/10/04 13:56:37 | 000,047,104 | ---- | C] () -- C:\Windows\SysNative\fwapi.dll
[2010/10/03 19:38:32 | 000,524,288 | -HS- | C] () -- C:\Users\Bruno\ntuser.dat{3acbd2ff-cf14-11df-985f-00261896dcba}.TMContainer00000000000000000002.regtrans-ms
[2010/10/03 19:38:32 | 000,524,288 | -HS- | C] () -- C:\Users\Bruno\ntuser.dat{3acbd2ff-cf14-11df-985f-00261896dcba}.TMContainer00000000000000000001.regtrans-ms
[2010/10/03 19:38:32 | 000,065,536 | -HS- | C] () -- C:\Users\Bruno\ntuser.dat{3acbd2ff-cf14-11df-985f-00261896dcba}.TM.blf
[2010/09/27 11:16:50 | 000,316,797 | ---- | C] () -- C:\Users\Bruno\Documents\Doc1.docx
[2010/09/22 16:14:23 | 000,001,967 | ---- | C] () -- C:\Users\Bruno\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/21 22:54:02 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010/09/21 22:54:02 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys
[2010/09/21 12:42:23 | 000,054,896 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2010/09/21 12:42:23 | 000,053,840 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2010/09/11 15:24:02 | 000,000,361 | ---- | C] () -- C:\Windows\sil_compta.ini
[2010/09/07 16:27:55 | 000,075,615 | ---- | C] () -- C:\Users\Bruno\Documents\Mes comptes.gsb
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/02/05 17:29:45 | 000,007,617 | ---- | C] () -- C:\Users\Bruno\AppData\Local\resmon.resmoncfg
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

SkyTech · par **SkyTech** » 04 oct. 2010 23:29

Re,

Cette fois désactive tes logiciels de protection, ça devrait passer :

Relance OTL.
o sous Personnalisation, copie_colle le contenu du cadre ci dessous et clic Correction, un rapport apparaitra suite à l'opération que tu conserveras sur clé usb par exemple afin d'en coller le résultat:

:OTL
DRV:64bit: - (OAnet) -- C:\Windows\SysNative\DRIVERS\oanet.sys File not found
DRV - (oahlpXX) -- C:\Windows\SysWOW64\drivers\oahlp64.sys ()
DRV - (OAmon) -- C:\Windows\SysWOW64\drivers\OAmon.sys (Emsisoft)
DRV - (OADevice) -- C:\Windows\SysWOW64\drivers\OADriver.sys ()
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
[2010/09/21 12:42:23 | 000,425,640 | ---- | C] (Emsi Software GmbH) -- C:\Windows\oaevent.dll
[2010/09/21 12:42:23 | 000,037,872 | ---- | C] (Emsisoft) -- C:\Windows\SysWow64\drivers\OAmon.sys
[2010/09/21 12:42:23 | 000,054,896 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2010/09/21 12:42:23 | 000,053,840 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys

:commands
[purity]
[emptytemp]
[emptyflash]

* redemarre le pc sous windows et poste le rapport ici

peplvm · par **peplvm** » 06 oct. 2010 12:44

Salut SkyTech,

Excuse pour la réponse tardive. Voilà, je me pose une question, j'ai trouvé à priori le dossier qui contient les oa... Voir captures ci-dessous, mais je n'arrive pas à supprimer, car je n'ai pas l'autorisation !? Est-ce peut-être ça le problème ? Je n'ai jamais créé de compte "Grand Administrateur" et j'ai essayé en suivant un Tuto : http://www.forum-seven.com/activer-le-c ... -seven-168 sauf que je n'ai pas "Système et Sécurité" ??

Est-ce pour ça aussi, que le système a planté en lançant OTL ?

SkyTech · par **SkyTech** » 06 oct. 2010 15:40

Salut,

Fais OTL et la suppression depuis OTLPE Network comme conseillé plus haut, ça ne posera pas de problème ces histoires de droit ;)

SkyTech a écrit :Re,

Va falloir virer les restes depuis un Live CD, fais le script depuis OTLPE :

Télécharge OTLPEnet :: http://oldtimer.geekstogo.com/OTLPENet.exe sur ton Bureau

* Quand le téléchargement sera fini, Double Clic sur OTLPENet.exe et assures-toi d'avoir insérer un CDR vierge dans ton graveur CD/DVD. Une fenêtre va s'ouvrir pour te demander si tu souhaites graver Le CD, clique sur le bouton Oui.
* Patiente le temps de la décompression et de la gravure du CD.
* demarrer sur le cdrom crée de Reatogo , voir exemple: http://forum.malekal.com/booter-sur-dvd-t9447.html

http://imagesup.org/images6/1272203242-otlpe01m.gif

http://imagesup.org/images6/1272203272-otlpe02m.gif

http://imagesup.org/images6/1272203333-otlpe03m.png

http://imagesup.org/images6/1274538354-reatogo.jpg

* Ton système doit montrer un bureau REATOGO-X-PE
* En fonction de votre type de connexion Internet, tu dois être en mesure d'accèder au Net, si bien que tu peux accéder à ce sujet plus facilement.
* Double-click sur l'icone OTLPE

» à ceci valider par ok:

http://imagesup.org/images6/1274092569-loqd1.jpg

» à ceci selectionner sa session:

http://imagesup.org/images6/1274092650-loqd2.jpg

* verifier que "Automatically Load All Remaining Users" est sélectionné et press OK

» OTLPE se lançe alors

...

peplvm · par **peplvm** » 06 oct. 2010 20:04

Re,

Si je veux faire la manip via le copier/coller de la liste avec OTL directement sans passer par le CDLive, il faut les droits d'admin ?

Autre question : est-ce que je peux supprimer simplement les fichiers en questions avec les chemins, avec droit aussi, je suppose ?

Merci.

Malekal.com forum

Supprimer oaevent.dll

Supprimer oaevent.dll

Re: Supprimer oaevent.dll

Re: Supprimer oaevent.dll

Re: Supprimer oaevent.dll

Re: Supprimer oaevent.dll

Re: Supprimer oaevent.dll

Re: Supprimer oaevent.dll

Re: Supprimer oaevent.dll

Re: Supprimer oaevent.dll

Re: Supprimer oaevent.dll

Re: Supprimer oaevent.dll

Re: Supprimer oaevent.dll

Re: Supprimer oaevent.dll

Re: Supprimer oaevent.dll

Re: Supprimer oaevent.dll