Aller au contenu

Biessaten

Membres
  • Compteur de contenus

    100
  • Inscription

  • Dernière visite

Tout ce qui a été posté par Biessaten

  1. C'est fait, merci à vous
  2. Ok je desinstallerais avast et juste windows defenser suffit ? Il est sur le pc là et je l'avais activé vu que avast ne marchait plus. 1) http://www.cjoint.com/data/0BjpqSu8fiq.htm 2) http://cjoint.com/?0Bjr6RzD5Jg 3) Je ne pouvais pas réinitialiser vu que je n'avais pas accès à Chrome. J'ai désinstallé puis réinstaller, ça fonctionne. 4) Java à jour 5) http://cjoint.com/?0Bjr7hB9hTQ
  3. Bonjour, Mon père a installé depuis quelques jours des logiciels de conversation vocale. Il m'a dit qu'il avait installé notamment Google Talk et que ca avait installé "autre chose" mais qu'il avait tout supprimé. A partir de là, après l'ecran de connexion a une session au demarrage de Windows, j'avais un écran noir, seulement accès au gestionnaire des taches. J'ai eut acces aux options de reparation au demarrage. La reparation n'a rien donné mais j'ai pu restaurer le pc a une version du 03/02 par là. Le problème d'écran noir est réglé mais le pc etait tres lent. J'ai enlevé les logiciels de pub avec adwcleaner et le probleme de lenteur a l'air resolu. Par contre, je ne peux pas reactiver avast. Lorsque je veux l'activer, j'ai la fenetre de confirmation j'accepte mais rien ne se passe. Je ne peux pas non plus ouvrir Chrome par la barre de tache ou directement en allant dans son dossier d'installation. Voici le rapport ZHDiag: http://cjoint.com/?0BjnWRBAMEs
  4. Biessaten

    Écran bleu au démarrage

    Rapport de ZHPFix 1.12.3280 par Nicolas Coolman, Update du 02/05/2011 Fichier d'export Registre : Run by Salignac at 06/05/2011 22:25:16 Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002) Web site : ZHPFix Fix de rapport ========== Clé(s) du Registre ========== O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM] -- PokerStars.fr => Désinstallation logicielle annulée par l'utilisateur ou désinstallation partielle! HKCU\Software\SweetIM => Clé supprimée avec succès HKLM\Software\SweetIM => Clé supprimée avec succès HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask.com Search Assistant => Clé supprimée avec succès HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{eee6c35b-6118-11dc-9c72-001320c79847} => Clé supprimée avec succès HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{eee6c35b-6118-11dc-9c72-001320c79847} => Clé supprimée avec succès O23 - Service: (CLTNetCnService) - Clé orpheline => Clé supprimée avec succès HKCU\Software\Boonty => Clé supprimée avec succès ========== Valeur(s) du Registre ========== O47 - AAKE:Key Export SP - "D:\PPMate\ppmate.exe" [Enabled] .(.) -- D:\PPMate\ppmate.exe (.not file.) => Valeur supprimée avec succès O47 - AAKE:Key Export SP - "D:\PPMate\ppamnet.exe" [Enabled] .(.) -- D:\PPMate\ppamnet.exe (.not file.) => Valeur supprimée avec succès O52 - TDSD: \Drivers32\"msacm.l3codecp"="" . (.Pas de propriétaire - Pas de description.) -- (.not file.) => Valeur supprimée avec succès O52 - TDSD: \drivers.desc\"l3codecp.acm"="" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\l3codecp.acm => Valeur supprimée avec succès TCP Query User{5BD4E122-B3CC-4636-AAFC-F660C9D220B3}D:\ppmate\ppamnet.exe => Valeur supprimée avec succès UDP Query User{75858DAF-908A-43E4-9D84-F17A27736F7C}D:\ppmate\ppamnet.exe => Valeur supprimée avec succès TCP Query User{E66263DF-6D65-4AA3-A803-6A2DCB64D64C}D:\tvants\tvants.exe => Valeur supprimée avec succès UDP Query User{DE1BBFFD-C417-4E11-975E-D283303BCA6D}D:\tvants\tvants.exe => Valeur supprimée avec succès TCP Query User{CACBBCCA-122A-4301-905E-7243E2EBDFA9}D:\tvants\tvants.exe => Valeur supprimée avec succès UDP Query User{CD31D448-43AD-4D0C-8C0F-FC012B5132C8}D:\tvants\tvants.exe => Valeur supprimée avec succès TCP Query User{4736CEA9-A5BB-4ACC-8193-DA91F0C48192}D:\syllabik\mirc.exe => Valeur supprimée avec succès UDP Query User{D0915088-9404-431F-B05B-C6294C88585C}D:\syllabik\mirc.exe => Valeur supprimée avec succès {6618C7A0-716C-4F9D-9E1A-DAEFEB0507AE} => Valeur supprimée avec succès {38A9DC71-93D2-4C14-A1B4-A4367E3BAC98} => Valeur supprimée avec succès TCP Query User{0053435F-FC3B-492E-9C80-7B864D3454DA}D:\trackmania nations eswc\tmnationseswc.exe => Valeur supprimée avec succès UDP Query User{9005091B-73E9-4188-90A3-BD6AC910C2D8}D:\trackmania nations eswc\tmnationseswc.exe => Valeur supprimée avec succès TCP Query User{F31D6993-B773-4DAE-BCFA-2F7431B32C80}D:\trackmania nations eswc\tmnationseswc.exe => Valeur supprimée avec succès UDP Query User{368CE820-333C-4258-AAD1-8CD61BB397F1}D:\trackmania nations eswc\tmnationseswc.exe => Valeur supprimée avec succès TCP Query User{EBD48E44-49CB-4A05-8F80-5E1CF7D9CD63}D:\tvuplayer\tvuplayer.exe => Valeur supprimée avec succès UDP Query User{8499F95F-DD12-460C-9CF3-E644EB93D67F}D:\tvuplayer\tvuplayer.exe => Valeur supprimée avec succès TCP Query User{616DF52A-02F3-4750-B988-5811A41D22F6}C:\users\salignac\appdata\local\temp\rar$ex01.274\nexuiz\nexuiz.exe => Valeur supprimée avec succès UDP Query User{DE4E3233-1D10-42CD-BC34-9EFDEC1B546F}C:\users\salignac\appdata\local\temp\rar$ex01.274\nexuiz\nexuiz.exe => Valeur supprimée avec succès TCP Query User{7626BF8B-73A2-421B-99C4-18F1EAEAAFB8}D:\perfect battle online 1.0b\perfect battle online.exe => Valeur supprimée avec succès UDP Query User{51A6B07C-5E49-46E3-914D-5FD5DAE49437}D:\perfect battle online 1.0b\perfect battle online.exe => Valeur supprimée avec succès TCP Query User{7E7517B1-2741-4ABA-91CF-4841AB36EC58}D:\bsmaxscript[7.0]\mirc.exe => Valeur supprimée avec succès UDP Query User{2E296385-C7B8-4812-B4FE-DF39FA381F04}D:\bsmaxscript[7.0]\mirc.exe => Valeur supprimée avec succès TCP Query User{96F3CC36-B88C-4941-ACF9-BB5B9D58752F}D:\yu-gi-oh virtual battle 5\yvb5.exe => Valeur supprimée avec succès UDP Query User{05464C87-9051-45A3-957B-196F83E7B61F}D:\yu-gi-oh virtual battle 5\yvb5.exe => Valeur supprimée avec succès TCP Query User{B34B6204-664A-4959-96BB-C1B7D5376E12}D:\goa\gunbound\gunbound\gunbound.gme => Valeur supprimée avec succès UDP Query User{3E20CD24-FE44-4754-B669-A3C6FEE48412}D:\goa\gunbound\gunbound\gunbound.gme => Valeur supprimée avec succès {7A1AEBD4-119D-4382-B196-33FC9C35625C} => Valeur supprimée avec succès {48FBB0E5-9A32-4300-8189-797A3D0D1AE2} => Valeur supprimée avec succès TCP Query User{8BE8A501-8663-4EDB-B72C-79C646E9FB47}D:\goa\gunbound\gunbound\gunbound.gme => Valeur supprimée avec succès UDP Query User{3B178A1D-F3D4-48E8-A066-5611EABBD04E}D:\goa\gunbound\gunbound\gunbound.gme => Valeur supprimée avec succès TCP Query User{4C4BAB5E-5E4A-4281-B09D-E475BBB55EBC}D:\tvuplayer\tvuplayer.exe => Valeur supprimée avec succès UDP Query User{73765BB1-39CC-44EB-A7F9-9EB7B5E2B460}D:\tvuplayer\tvuplayer.exe => Valeur supprimée avec succès TCP Query User{4C5F2C7F-C68C-4DAF-9FB3-C16801535CCC}D:\kvirc\kvirc.exe => Valeur supprimée avec succès UDP Query User{D5CB628C-351B-4F6B-A4EF-F9EB761D2C4B}D:\kvirc\kvirc.exe => Valeur supprimée avec succès {7532A3F9-CBE2-46B5-85B6-DFDC82284DBD} => Valeur supprimée avec succès {26BD9C7C-09AD-41DD-8E61-61184FBAA339} => Valeur supprimée avec succès O4 - HKLM\..\Run: [tsnp2std] . (.SONIX - tsnp2std Microsoft.) -- C:\Windows\tsnp2std.exe => Valeur supprimée avec succès O4 - HKLM\..\Run: [snp2std] . (.Sonix - CameraMonitor Application.) -- C:\Windows\vsnp2std.exe => Valeur supprimée avec succès ========== Dossier(s) ========== C:\Users\Salignac\Appdata\Local\PokerStars.FR => Supprimé et mis en quarantaine ========== Fichier(s) ========== d:\ppmate\ppmate.exe => Fichier absent d:\ppmate\ppamnet.exe => Fichier absent c:\windows\system32\l3codecp.acm => Supprimé et mis en quarantaine c:\users\salignac\appdata\local\pokerstars.fr => Fichier absent c:\documents and settings\salignac\local settings\application data\pokerstars.fr => Fichier absent c:\windows\tsnp2std.exe => Supprimé et mis en quarantaine c:\windows\vsnp2std.exe => Supprimé et mis en quarantaine ========== Récapitulatif ========== 8 : Clé(s) du Registre 42 : Valeur(s) du Registre 1 : Dossier(s) 7 : Fichier(s) End of the scan
  5. Biessaten

    Écran bleu au démarrage

    Cijoint.fr - Service gratuit de dépôt de fichiers
  6. Biessaten

    Écran bleu au démarrage

    Le programme de protection des ressources Windows n'a trouvé aucune violation d'intégrité.
  7. Biessaten

    Écran bleu au démarrage

    Le souci vient de ntkrnlpa.exe. Je ne sais pas quoi faire là...
  8. Bonsoir, On m'a conseillé de venir ici pour résoudre mon problème d'écran bleu au démarrage qui arrive souvent. Obligé de redémarrer plusieurs fois pour que l'ordi s'allume normalement. près le redémarrage, windows m'indique qu'il a eut des soucis, voici le rapport: Signature du problème : Nom d’événement de problème: BlueScreen Version du système: 6.0.6002.2.2.0.768.2 Identificateur de paramètres régionaux: 1036 Informations supplémentaires sur le problème : BCCode: 1 BCP1: 82C20626 BCP2: 00000000 BCP3: 0000FFFE BCP4: 00000000 OS Version: 6_0_6002 Service Pack: 2_0 Product: 768_1 Fichiers aidant à décrire le problème : C:\Windows\Minidump\Mini033011-02.dmp C:\Users\Salignac\AppData\Local\Temp\WER-158060-0.sysdata.xml C:\Users\Salignac\AppData\Local\Temp\WER9368.tmp.version.txt Lire notre déclaration de confidentialité : Analyse des incidents Microsoft en ligne
  9. Le problème d'écran bleu n'est pas résolu...
  10. Je ne sais pas comment augmenter la mémoire. Je ne connaissais pas le dossier, je l'ai supprimé et j'ai aussi désinstaller PricePong. On m'a effectivement demandé de redémarrer le pc à la fin de la correction mais après au démarrage j'ai encore eut l'écran tout bleu. J'ai éteins le pc par le bouton et j'ai démarré sans souci cette fois. Voici le rapport OTL: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ not found. File C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jswtrayutil deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\chat-land.org\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47e200e1-83eb-11db-9964-001921745b98}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47e200e1-83eb-11db-9964-001921745b98}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47e200e1-83eb-11db-9964-001921745b98}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47e200e1-83eb-11db-9964-001921745b98}\ not found. File K:\USBAutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8f9b1c9-87df-11de-8308-001921745b98}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8f9b1c9-87df-11de-8308-001921745b98}\ not found. File K:\start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8f9b1c9-87df-11de-8308-001921745b98}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8f9b1c9-87df-11de-8308-001921745b98}\ not found. File K:\start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8f9b1ce-87df-11de-8308-001921745b98}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8f9b1ce-87df-11de-8308-001921745b98}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8f9b1ce-87df-11de-8308-001921745b98}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8f9b1ce-87df-11de-8308-001921745b98}\ not found. File K:\LaunchU3.exe -a not found. C:\Windows\PEV.exe moved successfully. C:\Windows\sed.exe moved successfully. C:\Windows\grep.exe moved successfully. C:\Windows\zip.exe moved successfully. ADS C:\ProgramData\TEMP:052A05A1 deleted successfully. ADS C:\Users\Salignac\Desktop\MOV00785.AVI:TOC.WMV deleted successfully. ADS C:\Users\Salignac\Desktop\MOV00777.AVI:TOC.WMV deleted successfully. ADS C:\Users\Salignac\Desktop\MOV00249.AVI:TOC.WMV deleted successfully. ADS C:\Users\Salignac\Desktop\MOV00245.AVI:TOC.WMV deleted successfully. ADS C:\Users\Salignac\Desktop\MOV00238.AVI:TOC.WMV deleted successfully. ADS C:\Users\Salignac\Desktop\MOV00233.AVI:TOC.WMV deleted successfully. ADS C:\ProgramData\TEMP:F67AAFC5 deleted successfully. ADS C:\ProgramData\TEMP:B12D1A7D deleted successfully. ADS C:\ProgramData\TEMP:4E6B8D68 deleted successfully. ADS C:\ProgramData\TEMP:6BD304B9 deleted successfully. ADS C:\ProgramData\TEMP:708BB0FA deleted successfully. ADS C:\ProgramData\TEMP:43E95997 deleted successfully. ADS C:\ProgramData\TEMP:BDF08FAF deleted successfully. ADS C:\ProgramData\TEMP:667565EE deleted successfully. ADS C:\ProgramData\TEMP:7AF9CAEB deleted successfully. ADS C:\ProgramData\TEMP:F50F1555 deleted successfully. ADS C:\ProgramData\TEMP:912389B7 deleted successfully. ADS C:\ProgramData\TEMP:52E1DB1D deleted successfully. ADS C:\ProgramData\TEMP:DF2EA4BB deleted successfully. ADS C:\ProgramData\TEMP:9FE30AB2 deleted successfully. ADS C:\ProgramData\TEMP:4E9307D7 deleted successfully. ADS C:\ProgramData\TEMP:A42A9F39 deleted successfully. ADS C:\ProgramData\TEMP:FF8F1AE3 deleted successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\PriceGong not found. ========== FILES ========== File\Folder C:\Program Files\PriceGong not found. C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\sqmdata00.sqm moved successfully. C:\sqmnoopt00.sqm moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Salignac ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 525487377 bytes ->Java cache emptied: 1289516 bytes ->FireFox cache emptied: 76582440 bytes ->Google Chrome cache emptied: 17560586 bytes ->Flash cache emptied: 202516 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 60253179 bytes RecycleBin emptied: 10587125 bytes Total Files Cleaned = 660,00 mb [EMPTYFLASH] User: Administrator User: All Users User: Default User: Default User User: Public User: Salignac ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.22.3 log created on 04082011_185429 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...
  11. OTL Extras logfile created on: 08/04/2011 12:19:24 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Salignac\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 447,00 Mb Total Physical Memory | 153,00 Mb Available Physical Memory | 34,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 45,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 71,28 Gb Total Space | 33,49 Gb Free Space | 46,98% Space Free | Partition Type: NTFS Drive D: | 70,94 Gb Total Space | 42,99 Gb Free Space | 60,60% Space Free | Partition Type: NTFS Drive M: | 1,91 Gb Total Space | 0,33 Gb Free Space | 17,37% Space Free | Partition Type: FAT32 Computer Name: PC-DE-SALIGNAC | User Name: Salignac | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu "C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption "C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption "D:\PPMate\ppmate.exe" = D:\PPMate\ppmate.exe:*:Enabled:PPMate "D:\PPMate\ppamnet.exe" = D:\PPMate\ppamnet.exe:*:Enabled:PPMate ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{15D99BAF-90B9-49A2-B199-428553FB0600}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{197E5175-BE5E-43A8-A0AC-304ACCA67757}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{1B026C55-7AE8-40EF-8D73-89B76A8D581D}" = lport=2869 | protocol=6 | dir=in | app=system | "{1C7464E4-7D22-46F0-855F-0C55764F16F1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{1F182B0F-243E-4870-8E5D-476110E87F64}" = lport=2869 | protocol=6 | dir=in | app=system | "{3B1ED88C-657E-437B-9156-82E40810BA06}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{614BA8BF-AD3D-420B-9A54-9B1885D7CEEC}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp | "{6D00FA1E-E68D-4035-90BC-F83F2C385B21}" = lport=6990 | protocol=17 | dir=in | name=league of legends launcher | "{75027846-ED37-4543-A5B5-6FDB750393CB}" = lport=2869 | protocol=6 | dir=in | app=system | "{8ACD1F42-144B-46CC-AF1A-B8F8F2319AAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{8E321268-5E48-42EE-8D85-7373DD555A04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{8FF327CE-5386-4ADE-AD93-06B811E5D26E}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp | "{93E1099B-FA71-46AB-8246-8ADAA9ED64F2}" = lport=6990 | protocol=6 | dir=in | name=league of legends launcher | "{AD430890-D7A7-4D5B-8E56-9AD2D5A89F18}" = lport=2869 | protocol=6 | dir=in | app=system | "{B66E6801-00BE-400D-8D6E-16915904B346}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{BE5FD5DF-2F65-4F06-8D6B-DCA8603CD5DA}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0BDF670F-4AE3-4D36-9413-98AEA69C78AA}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{152308B8-FCEF-48C5-9CBC-BEB919503CC2}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{15A2D556-4554-4C5C-9551-686A21EC8EE8}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | "{18C5A4A2-74B0-4780-ADFB-F53C93D5B28F}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe | "{1C1047D2-8CE6-45B4-B47F-0F0319958657}" = protocol=6 | dir=in | app=d:\yahoo!\messenger\yahoomessenger.exe | "{1EC27BEE-258C-48E8-B3FE-2E0DAA5637C0}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe | "{1FD7B26F-31B0-49E6-8611-C3DF783DBC99}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{2030CDB3-E7A6-4BEA-B7A0-9AA5AD631814}" = protocol=6 | dir=in | app=c:\acer\empowering technology\emode\pcm\pcmservice.exe | "{21BEA6E3-41C0-4465-9FE1-9DFF52FB4938}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{26BD9C7C-09AD-41DD-8E61-61184FBAA339}" = protocol=17 | dir=in | app=c:\users\salignac\desktop\sweetimsetup.exe | "{27674EA0-FE08-4965-B8DB-58882479F43E}" = protocol=17 | dir=in | app=d:\adsltv\adsltv.exe | "{2A5AF146-7F75-4668-BC5F-484CA3B3AB6B}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{2D47F8EB-E4B5-4DF4-B82C-ED2DADCA4FB7}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{38A9DC71-93D2-4C14-A1B4-A4367E3BAC98}" = protocol=17 | dir=in | app=d:\football manager 2008\fm.exe | "{39949F9C-A852-426D-97E5-41092B7E92DD}" = protocol=17 | dir=in | app=d:\yahoo!\messenger\yahoomessenger.exe | "{3BA3277C-EB6A-45A2-AAEC-74819E44BDCD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{41659434-2739-4E20-8829-21C371CF8CF9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{43C9D8FB-2A59-4DA9-8336-1A835F1D8373}" = protocol=6 | dir=in | app=d:\league of legends\air\lolclient.exe | "{516EC8D1-3499-450F-9938-FEB56AA0C231}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{578FD4BD-EA6A-4C59-A426-10EAF665DB9E}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{58850717-2ABA-4A44-A949-72F37374B836}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{6618C7A0-716C-4F9D-9E1A-DAEFEB0507AE}" = protocol=6 | dir=in | app=d:\football manager 2008\fm.exe | "{6A75778E-A8B9-408A-9297-EFA9DC0AC368}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{6D0B52F2-56D2-4604-A7F5-8E6C545ECE13}" = protocol=17 | dir=in | app=d:\league of legends\air\lolclient.exe | "{731C494A-EF0F-44A3-A73F-F56686C26880}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{7532A3F9-CBE2-46B5-85B6-DFDC82284DBD}" = protocol=6 | dir=in | app=c:\users\salignac\desktop\sweetimsetup.exe | "{8FBC33AA-18DD-4006-83C4-041FC34C4818}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe | "{9459CCBC-51C8-415B-B7A7-59141B0934B9}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{94C62AAB-DA5C-43FB-8337-CE81EBBE7B0F}" = protocol=6 | dir=in | app=d:\adsltv\adsltv.exe | "{990AA129-5B49-4D0A-B1A6-43BE98ED1AAD}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{9C2CC974-4634-433B-918B-638A0138D2A1}" = protocol=17 | dir=in | app=d:\adsltv\vlc\vlc.exe | "{A1AB562D-DEFC-4ADB-88B6-A2F2748CB25F}" = protocol=6 | dir=in | app=d:\league of legends\game\league of legends.exe | "{A36B4161-BBCD-4513-926B-2440C7FD7404}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{A6FD98EE-476C-4942-A804-CBA75A8FDBF3}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | "{AC4D3FCF-E7D8-48B4-988F-355F6FD18896}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{C18200A8-B581-4308-A719-918101CFB7CB}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{C54517E0-F923-49FC-B366-1EC15169F3C6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{CA64D56B-ED90-4160-ADCA-420399940561}" = protocol=17 | dir=in | app=c:\acer\empowering technology\emode\pcm\pcmservice.exe | "{DB891366-B097-4EA5-A8F6-A50D81A2C9B1}" = protocol=6 | dir=in | app=d:\adsltv\vlc\vlc.exe | "{E3209CBD-3A4B-4E0D-A67A-CE4A9BE332B6}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{E5EE3443-2420-4147-A04B-405370EFC69D}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{E7547D29-3284-482B-A4FF-0184D831E812}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{EE917CFB-5516-4CB1-9C3E-F21A20C5FA46}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{F3F090CD-6CB4-4B47-AA35-04AF4FE58BEA}" = protocol=17 | dir=in | app=d:\league of legends\game\league of legends.exe | "{F981A7F4-20B8-4792-AF47-A0420DF8BDFB}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe | "TCP Query User{0053435F-FC3B-492E-9C80-7B864D3454DA}D:\trackmania nations eswc\tmnationseswc.exe" = protocol=6 | dir=in | app=d:\trackmania nations eswc\tmnationseswc.exe | "TCP Query User{0721C5FA-8E3B-48A1-B41C-99E0AE5493C1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{1082E2F8-C24E-4128-829F-74DA4DE6E0CD}D:\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=d:\league of legends\lol.launcher.exe | "TCP Query User{12B178E3-C2F9-4524-9D23-F12A50EFA007}D:\goa\gunbound\gunbound.gme" = protocol=6 | dir=in | app=d:\goa\gunbound\gunbound.gme | "TCP Query User{393E5927-8CAC-4A3D-813F-E3831A788F50}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{4736CEA9-A5BB-4ACC-8193-DA91F0C48192}D:\syllabik\mirc.exe" = protocol=6 | dir=in | app=d:\syllabik\mirc.exe | "TCP Query User{4892CBFB-35C1-43D1-AFA7-98913965624A}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "TCP Query User{4C4BAB5E-5E4A-4281-B09D-E475BBB55EBC}D:\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=d:\tvuplayer\tvuplayer.exe | "TCP Query User{4C5F2C7F-C68C-4DAF-9FB3-C16801535CCC}D:\kvirc\kvirc.exe" = protocol=6 | dir=in | app=d:\kvirc\kvirc.exe | "TCP Query User{501012D0-0AA0-4499-A92E-A587B184FFA1}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "TCP Query User{530D7CDF-0223-452E-8E80-11012B1EA3E1}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{5AF1DE73-6C1A-4D62-8B64-16577A911487}C:\program files\sports interactive\football manager 2007\fm.exe" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2007\fm.exe | "TCP Query User{5BD4E122-B3CC-4636-AAFC-F660C9D220B3}D:\ppmate\ppamnet.exe" = protocol=6 | dir=in | app=d:\ppmate\ppamnet.exe | "TCP Query User{616DF52A-02F3-4750-B988-5811A41D22F6}C:\users\salignac\appdata\local\temp\rar$ex01.274\nexuiz\nexuiz.exe" = protocol=6 | dir=in | app=c:\users\salignac\appdata\local\temp\rar$ex01.274\nexuiz\nexuiz.exe | "TCP Query User{68CB852B-270F-4EFD-8B05-3D79325F989D}D:\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\skype\phone\skype.exe | "TCP Query User{6C243AEB-7785-4ACF-8C1C-EEB7E7DCAA11}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | "TCP Query User{6F8CD8B1-436C-4550-844D-CBB858BC5F65}D:\tvup\tvuplayer.exe" = protocol=6 | dir=in | app=d:\tvup\tvuplayer.exe | "TCP Query User{7626BF8B-73A2-421B-99C4-18F1EAEAAFB8}D:\perfect battle online 1.0b\perfect battle online.exe" = protocol=6 | dir=in | app=d:\perfect battle online 1.0b\perfect battle online.exe | "TCP Query User{7943BC1B-0481-45FE-8ABB-5B48179A677E}C:\program files\netscape\netscape\netscp.exe" = protocol=6 | dir=in | app=c:\program files\netscape\netscape\netscp.exe | "TCP Query User{7DF33745-9F87-4960-A259-65CF5C175408}C:\program files\messengerdiscovery\messengerdiscovery live.exe" = protocol=6 | dir=in | app=c:\program files\messengerdiscovery\messengerdiscovery live.exe | "TCP Query User{7E7517B1-2741-4ABA-91CF-4841AB36EC58}D:\bsmaxscript[7.0]\mirc.exe" = protocol=6 | dir=in | app=d:\bsmaxscript[7.0]\mirc.exe | "TCP Query User{849D2C0E-6B37-4DCE-A87E-E9EB585C38A5}D:\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\skype\phone\skype.exe | "TCP Query User{85E26757-CBA6-434E-92E4-F64EB51C77EC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{8BA3DEE5-829D-4896-983E-9C8A4C2291D8}C:\program files\messengerdiscovery\messengerdiscovery live.exe" = protocol=6 | dir=in | app=c:\program files\messengerdiscovery\messengerdiscovery live.exe | "TCP Query User{8BE8A501-8663-4EDB-B72C-79C646E9FB47}D:\goa\gunbound\gunbound\gunbound.gme" = protocol=6 | dir=in | app=d:\goa\gunbound\gunbound\gunbound.gme | "TCP Query User{8BF04CFC-1392-43CC-A8BE-B77B7AAECAB8}D:\goa\gunbound\gunbound.gme" = protocol=6 | dir=in | app=d:\goa\gunbound\gunbound.gme | "TCP Query User{9098F925-6331-4F49-984C-36E435D6826C}D:\teamscript4\mirc.exe" = protocol=6 | dir=in | app=d:\teamscript4\mirc.exe | "TCP Query User{955FF4B2-B03B-4242-887E-DFB11EF7CAA2}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "TCP Query User{96F3CC36-B88C-4941-ACF9-BB5B9D58752F}D:\yu-gi-oh virtual battle 5\yvb5.exe" = protocol=6 | dir=in | app=d:\yu-gi-oh virtual battle 5\yvb5.exe | "TCP Query User{B34B6204-664A-4959-96BB-C1B7D5376E12}D:\goa\gunbound\gunbound\gunbound.gme" = protocol=6 | dir=in | app=d:\goa\gunbound\gunbound\gunbound.gme | "TCP Query User{BC78BC7A-7C68-4708-9100-48FCBFF7DB79}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{C9A05465-E990-48E3-B51A-45B002F26C06}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{CACBBCCA-122A-4301-905E-7243E2EBDFA9}D:\tvants\tvants.exe" = protocol=6 | dir=in | app=d:\tvants\tvants.exe | "TCP Query User{CEAB09B6-DDEE-4EA0-A8BE-FDF7B024939B}C:\users\salignac\appdata\roaming\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\users\salignac\appdata\roaming\sopcast\adv\sopadver.exe | "TCP Query User{E5DE59BA-EE2D-46CE-BE46-EC83ECB0437B}D:\teamscript4\mirc.exe" = protocol=6 | dir=in | app=d:\teamscript4\mirc.exe | "TCP Query User{E66263DF-6D65-4AA3-A803-6A2DCB64D64C}D:\tvants\tvants.exe" = protocol=6 | dir=in | app=d:\tvants\tvants.exe | "TCP Query User{EBD48E44-49CB-4A05-8F80-5E1CF7D9CD63}D:\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=d:\tvuplayer\tvuplayer.exe | "TCP Query User{F31D6993-B773-4DAE-BCFA-2F7431B32C80}D:\trackmania nations eswc\tmnationseswc.exe" = protocol=6 | dir=in | app=d:\trackmania nations eswc\tmnationseswc.exe | "TCP Query User{FD88A564-5C64-48C9-A2A7-37158927C857}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{003625C5-0260-4508-9F74-C759F79F1764}D:\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=d:\league of legends\lol.launcher.exe | "UDP Query User{05464C87-9051-45A3-957B-196F83E7B61F}D:\yu-gi-oh virtual battle 5\yvb5.exe" = protocol=17 | dir=in | app=d:\yu-gi-oh virtual battle 5\yvb5.exe | "UDP Query User{172F0D19-0F60-4161-BA4C-BF7FF351FEB9}C:\program files\sports interactive\football manager 2007\fm.exe" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2007\fm.exe | "UDP Query User{28EE7CB8-4051-4D7E-8378-D0DB05FDAF89}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{2A443D99-B39D-45DD-AB80-7E62F9C2849E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{2E296385-C7B8-4812-B4FE-DF39FA381F04}D:\bsmaxscript[7.0]\mirc.exe" = protocol=17 | dir=in | app=d:\bsmaxscript[7.0]\mirc.exe | "UDP Query User{368CE820-333C-4258-AAD1-8CD61BB397F1}D:\trackmania nations eswc\tmnationseswc.exe" = protocol=17 | dir=in | app=d:\trackmania nations eswc\tmnationseswc.exe | "UDP Query User{3B178A1D-F3D4-48E8-A066-5611EABBD04E}D:\goa\gunbound\gunbound\gunbound.gme" = protocol=17 | dir=in | app=d:\goa\gunbound\gunbound\gunbound.gme | "UDP Query User{3E20CD24-FE44-4754-B669-A3C6FEE48412}D:\goa\gunbound\gunbound\gunbound.gme" = protocol=17 | dir=in | app=d:\goa\gunbound\gunbound\gunbound.gme | "UDP Query User{46031905-BD5A-49CC-95B6-BB76CE62CCE9}D:\tvup\tvuplayer.exe" = protocol=17 | dir=in | app=d:\tvup\tvuplayer.exe | "UDP Query User{4A256535-A461-4008-935B-6A562C2676C2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{4C4F96E5-9EF9-42E8-B385-1EFE446449D0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{4E441AD1-99BB-454E-9E62-D704C1976E21}D:\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\skype\phone\skype.exe | "UDP Query User{517A9338-2A41-4747-8D67-966F4A9B52DC}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{51A6B07C-5E49-46E3-914D-5FD5DAE49437}D:\perfect battle online 1.0b\perfect battle online.exe" = protocol=17 | dir=in | app=d:\perfect battle online 1.0b\perfect battle online.exe | "UDP Query User{53324679-6082-4CEC-ABEF-7FFD7C219E37}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "UDP Query User{5B116A3C-F984-47C1-ACFC-D86D660B2BF9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{64F7BB6E-F31A-48EC-B121-2BC48582DCD8}D:\teamscript4\mirc.exe" = protocol=17 | dir=in | app=d:\teamscript4\mirc.exe | "UDP Query User{73765BB1-39CC-44EB-A7F9-9EB7B5E2B460}D:\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=d:\tvuplayer\tvuplayer.exe | "UDP Query User{75858DAF-908A-43E4-9D84-F17A27736F7C}D:\ppmate\ppamnet.exe" = protocol=17 | dir=in | app=d:\ppmate\ppamnet.exe | "UDP Query User{82F36EC5-BBE4-4A45-905B-4B842194A413}D:\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\skype\phone\skype.exe | "UDP Query User{8499F95F-DD12-460C-9CF3-E644EB93D67F}D:\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=d:\tvuplayer\tvuplayer.exe | "UDP Query User{9005091B-73E9-4188-90A3-BD6AC910C2D8}D:\trackmania nations eswc\tmnationseswc.exe" = protocol=17 | dir=in | app=d:\trackmania nations eswc\tmnationseswc.exe | "UDP Query User{98BB6EBF-D7EF-427C-8667-C902FB00670C}D:\teamscript4\mirc.exe" = protocol=17 | dir=in | app=d:\teamscript4\mirc.exe | "UDP Query User{9FDB016F-65E2-4841-ABDE-0C8CB7050379}D:\goa\gunbound\gunbound.gme" = protocol=17 | dir=in | app=d:\goa\gunbound\gunbound.gme | "UDP Query User{A57D1B85-47D9-4E77-BF1C-F11C8481064B}C:\users\salignac\appdata\roaming\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\users\salignac\appdata\roaming\sopcast\adv\sopadver.exe | "UDP Query User{CD31D448-43AD-4D0C-8C0F-FC012B5132C8}D:\tvants\tvants.exe" = protocol=17 | dir=in | app=d:\tvants\tvants.exe | "UDP Query User{CD43E3C4-E30C-4148-B003-979FC3C1C23A}D:\goa\gunbound\gunbound.gme" = protocol=17 | dir=in | app=d:\goa\gunbound\gunbound.gme | "UDP Query User{D0915088-9404-431F-B05B-C6294C88585C}D:\syllabik\mirc.exe" = protocol=17 | dir=in | app=d:\syllabik\mirc.exe | "UDP Query User{D5CB628C-351B-4F6B-A4EF-F9EB761D2C4B}D:\kvirc\kvirc.exe" = protocol=17 | dir=in | app=d:\kvirc\kvirc.exe | "UDP Query User{D86BA327-DBFF-453B-BF81-FD7D45C2ACB1}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "UDP Query User{D8918C39-088F-4883-A8AA-25DAD5AA3E1C}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | "UDP Query User{DE1BBFFD-C417-4E11-975E-D283303BCA6D}D:\tvants\tvants.exe" = protocol=17 | dir=in | app=d:\tvants\tvants.exe | "UDP Query User{DE4E3233-1D10-42CD-BC34-9EFDEC1B546F}C:\users\salignac\appdata\local\temp\rar$ex01.274\nexuiz\nexuiz.exe" = protocol=17 | dir=in | app=c:\users\salignac\appdata\local\temp\rar$ex01.274\nexuiz\nexuiz.exe | "UDP Query User{E20FC178-BFC6-4F8B-A04D-D47985B0AABD}C:\program files\messengerdiscovery\messengerdiscovery live.exe" = protocol=17 | dir=in | app=c:\program files\messengerdiscovery\messengerdiscovery live.exe | "UDP Query User{E963EFC3-07D4-4575-B318-9ADBDDD5D225}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{EB2C2267-28CB-40CC-8662-0E70D8306FC3}C:\program files\netscape\netscape\netscp.exe" = protocol=17 | dir=in | app=c:\program files\netscape\netscape\netscp.exe | "UDP Query User{F0A6CC79-747E-4FD4-9670-7FBDAB347489}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "UDP Query User{F174102F-BCC5-4BDF-85A4-97F66BAF831D}C:\program files\messengerdiscovery\messengerdiscovery live.exe" = protocol=17 | dir=in | app=c:\program files\messengerdiscovery\messengerdiscovery live.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA "{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}" = Gestionnaire pour appareils Windows Mobile "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2 "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{3AFDD2C6-8663-46B5-B195-6CEB00D44768}" = adsl TV "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A712D29-DBE3-4381-A331-AF4AE5BEB244}" = ArcSoft Software Suite "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5 "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202) "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CB8CA439-DA83-419C-A4CF-5A0A50025144}" = Mise à jour du pilote du Gestionnaire pour appareils Windows Mobile "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "avast5" = avast! Free Antivirus "AVS DVD Player_is1" = AVS DVD Player version 2.4 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Fourmis v1.2" = Fourmis v1.2 "Google Chrome" = Google Chrome "HijackThis" = HijackThis 2.0.2 "InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "Java Web Start" = Java Web Start "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA "mIRC" = mIRC "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "PhotoFiltre" = PhotoFiltre "PokerStars.fr" = PokerStars.fr "PriceGong" = PriceGong 2.1.0 "TeamScripT 4" = TeamScripT 4 "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TVUPlayer" = TVUPlayer 2.4.5.3 "Veoh Video Compass" = Veoh Video Compass "VLC media player" = VLC media player 0.9.9 "WinISO_is1" = WinISO 5.3 "WinLiveSuite" = Windows Live "WinRAR archiver" = WinRAR archiver "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "PhotoFiltre" = PhotoFiltre ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 02/04/2011 16:45:48 | Computer Name = PC-de-Salignac | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1031 Description = Error - 03/04/2011 06:54:26 | Computer Name = PC-de-Salignac | Source = Windows Search Service | ID = 3013 Description = Error - 03/04/2011 06:54:26 | Computer Name = PC-de-Salignac | Source = Windows Search Service | ID = 3013 Description = Error - 04/04/2011 11:47:02 | Computer Name = PC-de-Salignac | Source = Application Error | ID = 1000 Description = Application défaillante Explorer.EXE, version 6.0.6002.18005, horodatage 0x49e01da5, module défaillant ntdll.dll, version 6.0.6002.18327, horodatage 0x4cb73436, code d’exception 0xc0000374, décalage d’erreur 0x000b06fc, ID du processus 0x760, heure de début de l’application 0x01cbf2a5d5e8d0d9. Error - 05/04/2011 07:50:25 | Computer Name = PC-de-Salignac | Source = Application Hang | ID = 1002 Description = Le programme iexplore.exe version 8.0.6001.19019 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 1cec Heure de début : 01cbf37230fe9ea3 Heure de fin : 0 Error - 06/04/2011 17:00:40 | Computer Name = PC-de-Salignac | Source = Application Hang | ID = 1002 Description = Le programme firefox.exe version 1.9.2.3909 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 9a74 Heure de début : 01cbf4907236e7e0 Heure de fin : 21540 Error - 06/04/2011 17:00:53 | Computer Name = PC-de-Salignac | Source = Application Error | ID = 1000 Description = Application défaillante plugin-container.exe, version 1.9.2.3909, horodatage 0x4c8fdc89, module défaillant ntdll.dll, version 6.0.6002.18327, horodatage 0x4cb73436, code d’exception 0xc0000005, décalage d’erreur 0x00048822, ID du processus 0xa988, heure de début de l’application 0x01cbf49810b2c9f0. Error - 07/04/2011 17:48:11 | Computer Name = PC-de-Salignac | Source = Application Hang | ID = 1002 Description = Le programme iexplore.exe version 8.0.6001.19019 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 1c14 Heure de début : 01cbf555aa28cfb3 Heure de fin : 0 Error - 07/04/2011 17:48:23 | Computer Name = PC-de-Salignac | Source = Application Hang | ID = 1002 Description = Le programme firefox.exe version 1.9.2.3909 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 343c Heure de début : 01cbf5645d5195f3 Heure de fin : 672 Error - 07/04/2011 17:48:29 | Computer Name = PC-de-Salignac | Source = Application Error | ID = 1000 Description = Application défaillante plugin-container.exe, version 1.9.2.3909, horodatage 0x4c8fdc89, module défaillant ntdll.dll, version 6.0.6002.18327, horodatage 0x4cb73436, code d’exception 0xc0000005, décalage d’erreur 0x00048822, ID du processus 0x27f4, heure de début de l’application 0x01cbf564a008e6a3. [ System Events ] Error - 07/04/2011 01:27:10 | Computer Name = PC-de-Salignac | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2 Description = Error - 07/04/2011 01:29:04 | Computer Name = PC-de-Salignac | Source = LSM | ID = 1048 Description = Error - 07/04/2011 13:38:45 | Computer Name = PC-de-Salignac | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2 Description = Error - 07/04/2011 13:38:45 | Computer Name = PC-de-Salignac | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2 Description = Error - 07/04/2011 13:40:31 | Computer Name = PC-de-Salignac | Source = LSM | ID = 1048 Description = Error - 07/04/2011 13:45:48 | Computer Name = PC-de-Salignac | Source = Service Control Manager | ID = 7022 Description = Error - 07/04/2011 13:52:30 | Computer Name = PC-de-Salignac | Source = Service Control Manager | ID = 7022 Description = Error - 08/04/2011 04:17:29 | Computer Name = PC-de-Salignac | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2 Description = Error - 08/04/2011 04:17:29 | Computer Name = PC-de-Salignac | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2 Description = Error - 08/04/2011 04:20:03 | Computer Name = PC-de-Salignac | Source = LSM | ID = 1048 Description = < End of report >
  12. OTL logfile created on: 08/04/2011 12:19:24 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Salignac\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 447,00 Mb Total Physical Memory | 153,00 Mb Available Physical Memory | 34,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 45,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 71,28 Gb Total Space | 33,49 Gb Free Space | 46,98% Space Free | Partition Type: NTFS Drive D: | 70,94 Gb Total Space | 42,99 Gb Free Space | 60,60% Space Free | Partition Type: NTFS Drive M: | 1,91 Gb Total Space | 0,33 Gb Free Space | 17,37% Space Free | Partition Type: FAT32 Computer Name: PC-DE-SALIGNAC | User Name: Salignac | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/04/08 12:14:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Salignac\Desktop\OTL.exe PRC - [2011/01/13 10:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- D:\Avast5\AvastUI.exe PRC - [2011/01/13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- D:\Avast5\AvastSvc.exe PRC - [2009/12/10 11:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe PRC - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2007/05/28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2007/01/05 18:12:58 | 000,258,048 | ---- | M] (SONIX) -- C:\Windows\tsnp2std.exe PRC - [2006/12/08 15:45:32 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2006/11/23 16:24:54 | 000,319,488 | ---- | M] () -- C:\Windows\System32\SysMonitor.exe PRC - [2006/11/12 21:35:08 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe PRC - [2006/11/09 04:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006/09/15 14:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe ========== Modules (SafeList) ========== MOD - [2011/04/08 12:14:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Salignac\Desktop\OTL.exe MOD - [2011/01/13 10:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- D:\Avast5\snxhk.dll MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2011/01/13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100) SRV - [2009/11/05 16:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi) SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/05/28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2007/01/24 13:21:24 | 000,375,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/01/24 13:21:14 | 000,177,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006/12/08 15:45:32 | 000,045,056 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006/11/12 21:35:08 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService) ========== Driver Services (SafeList) ========== DRV - [2011/01/13 10:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/01/13 10:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/01/13 10:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/01/13 10:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011/01/13 10:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009/11/27 03:47:00 | 001,384,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur) DRV - [2009/04/11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2008/11/01 23:50:18 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008/10/08 06:15:12 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2008/05/15 02:28:00 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf) DRV - [2007/04/27 19:02:08 | 012,039,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD) DRV - [2007/02/08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2007/01/19 18:20:54 | 000,021,728 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\scmndisp.sys -- (SCMNdisP) DRV - [2006/12/07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006/11/24 15:46:36 | 002,085,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006/07/05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2006/06/14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2005/06/17 10:27:42 | 000,379,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WlanUIG.sys -- (WlanUIG) DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = {searchTerms} - Yahoo! Search Results IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Freebox, la meilleure offre ADSL : Internet, Téléphone, Télévision IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="'>http://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "megaup" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://www.google.fr/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..network.proxy.http: "148.233.159.58" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.socks_version: 4 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Yahoo" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/29 13:47:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/29 13:47:40 | 000,000,000 | ---D | M] [2008/09/08 18:46:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Salignac\AppData\Roaming\mozilla\Extensions [2010/11/22 14:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Salignac\AppData\Roaming\mozilla\Firefox\Profiles\8q9g78ds.default\extensions [2009/09/02 14:36:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Salignac\AppData\Roaming\mozilla\Firefox\Profiles\8q9g78ds.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/29 13:49:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Salignac\AppData\Roaming\mozilla\Firefox\Profiles\8q9g78ds.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/09/29 14:28:11 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Salignac\AppData\Roaming\mozilla\Firefox\Profiles\8q9g78ds.default\extensions\firefox@tvunetworks.com [2010/11/22 14:46:08 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Salignac\AppData\Roaming\mozilla\Firefox\Profiles\8q9g78ds.default\extensions\illimitux@illimitux.net [2008/12/07 14:51:40 | 000,000,000 | ---D | M] (Oberon Game Host) -- C:\Users\Salignac\AppData\Roaming\mozilla\Firefox\Profiles\8q9g78ds.default\extensions\OberonGameHost@OberonGames.com [2010/10/19 19:42:24 | 000,003,915 | ---- | M] () -- C:\Users\Salignac\AppData\Roaming\Mozilla\Firefox\Profiles\8q9g78ds.default\searchplugins\sweetim.xml [2010/09/29 13:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2007/07/18 16:34:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/06/19 01:22:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/06/19 01:21:37 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/09/14 23:32:19 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml [2010/09/14 23:32:19 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/09/14 23:32:19 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml [2010/09/14 23:32:19 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml [2010/09/14 23:32:19 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong) O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks) O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe () O4 - HKLM..\Run: [avast5] D:\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [jswtrayutil] File not found O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix) O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe (SONIX) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: chat-land.org ([]* in Trusted sites) O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://www.maalaimalar.com/wfplayer/tdserver.cab (TDServer Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240 O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img27.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img27.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{47e200e1-83eb-11db-9964-001921745b98}\Shell - "" = AutoRun O33 - MountPoints2\{47e200e1-83eb-11db-9964-001921745b98}\Shell\AutoRun\command - "" = K:\USBAutoRun.exe O33 - MountPoints2\{e8f9b1c9-87df-11de-8308-001921745b98}\Shell\AutoRun\command - "" = K:\start.exe O33 - MountPoints2\{e8f9b1c9-87df-11de-8308-001921745b98}\Shell\iledefrance\command - "" = K:\start.exe O33 - MountPoints2\{e8f9b1ce-87df-11de-8308-001921745b98}\Shell - "" = AutoRun O33 - MountPoints2\{e8f9b1ce-87df-11de-8308-001921745b98}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler) Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - File not found Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation) Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin ========== Files/Folders - Created Within 30 Days ========== [2011/04/08 12:14:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Salignac\Desktop\OTL.exe [2011/04/06 12:02:00 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Salignac\Desktop\mbam-setup.exe [2011/03/30 09:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\eBpIdDbMiOn28604 [2011/03/23 08:56:05 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011/03/23 08:56:04 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2008/02/13 19:59:29 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll [2008/02/13 19:59:27 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll [2007/07/17 16:29:34 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2006/12/15 17:20:23 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [1 C:\Users\Salignac\*.tmp files -> C:\Users\Salignac\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/04/08 12:24:04 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/04/08 12:23:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2011/04/08 12:18:51 | 000,678,804 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2011/04/08 12:18:51 | 000,592,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/04/08 12:18:51 | 000,126,420 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2011/04/08 12:18:51 | 000,100,378 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/04/08 12:18:25 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/04/08 12:18:25 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/04/08 12:14:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Salignac\Desktop\OTL.exe [2011/04/08 10:18:45 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/04/08 10:18:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/04/07 23:51:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011/04/07 22:37:29 | 000,009,877 | ---- | M] () -- C:\Users\Salignac\Desktop\NT_215934000000.jpg [2011/04/07 16:57:13 | 004,448,328 | ---- | M] () -- C:\Users\Salignac\Desktop\FLUVORE_colonel_reyel__aureelie_72184.mp3 [2011/04/07 16:47:50 | 000,373,320 | ---- | M] () -- C:\Users\Salignac\Desktop\colonel_reyel__aurelie.mp3 [2011/04/07 07:27:50 | 142,109,721 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/04/05 14:32:22 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Salignac\Desktop\mbam-setup.exe [2011/04/05 14:31:46 | 000,879,081 | ---- | M] () -- C:\Users\Salignac\Desktop\SecurityCheck.exe [2011/04/01 14:23:19 | 000,002,685 | ---- | M] () -- C:\Users\Salignac\Desktop\Microsoft Office Word 2003.lnk [2011/03/27 00:29:39 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011/03/24 23:32:41 | 000,000,393 | ---- | M] () -- C:\Users\Salignac\Desktop\Ordinateur salon - Raccourci.lnk [1 C:\Users\Salignac\*.tmp files -> C:\Users\Salignac\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/04/08 12:23:16 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2011/04/07 22:39:01 | 000,009,877 | ---- | C] () -- C:\Users\Salignac\Desktop\NT_215934000000.jpg [2011/04/07 16:57:13 | 004,448,328 | ---- | C] () -- C:\Users\Salignac\Desktop\FLUVORE_colonel_reyel__aureelie_72184.mp3 [2011/04/07 16:47:37 | 000,373,320 | ---- | C] () -- C:\Users\Salignac\Desktop\colonel_reyel__aurelie.mp3 [2011/04/06 12:02:10 | 000,879,081 | ---- | C] () -- C:\Users\Salignac\Desktop\SecurityCheck.exe [2011/03/30 13:36:52 | 001,734,285 | ---- | C] () -- C:\Users\Salignac\Desktop\SDC10107.JPG [2011/03/30 13:36:52 | 001,696,712 | ---- | C] () -- C:\Users\Salignac\Desktop\SDC10108.JPG [2011/03/30 13:36:52 | 001,685,841 | ---- | C] () -- C:\Users\Salignac\Desktop\SDC10109.JPG [2011/03/30 13:36:52 | 001,679,229 | ---- | C] () -- C:\Users\Salignac\Desktop\SDC10106.JPG [2011/03/30 13:36:52 | 000,040,090 | ---- | C] () -- C:\Users\Salignac\Desktop\sagay.JPG [2011/03/30 13:36:52 | 000,015,649 | ---- | C] () -- C:\Users\Salignac\Desktop\DSC00207.JPG [2011/03/24 23:32:41 | 000,000,393 | ---- | C] () -- C:\Users\Salignac\Desktop\Ordinateur salon - Raccourci.lnk [2009/09/16 22:05:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/09/16 22:05:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/01 19:38:22 | 000,000,600 | ---- | C] () -- C:\Users\Salignac\AppData\Local\PUTTY.RND [2009/06/15 21:42:13 | 000,155,136 | ---- | C] () -- C:\Windows\PEV.exe [2009/06/15 21:42:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2009/06/15 21:42:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2009/06/15 21:42:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2008/11/21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008/09/30 20:12:45 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI [2008/09/07 20:29:26 | 000,007,268 | ---- | C] () -- C:\Users\Salignac\AppData\Local\d3d9caps.dat [2008/08/28 22:30:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/02/13 19:59:45 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini [2008/02/13 19:59:40 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys [2008/02/13 19:59:34 | 012,039,552 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys [2008/01/13 18:00:04 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI [2007/11/17 12:07:36 | 000,228,648 | ---- | C] () -- C:\Windows\OptChecker.exe [2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll [2007/10/30 14:22:50 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007/09/11 18:16:57 | 000,000,018 | ---- | C] () -- C:\Windows\cnc.ini [2007/09/01 08:39:54 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2007/08/04 13:31:25 | 000,000,060 | ---- | C] () -- C:\Users\Salignac\AppData\Roaming\AVSDVDPlayer.m3u [2007/08/04 13:20:03 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007/08/04 13:20:03 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007/07/28 18:23:03 | 000,000,014 | ---- | C] () -- C:\Windows\Powerplayer.ini [2007/07/28 18:22:58 | 000,000,544 | ---- | C] () -- C:\Windows\psnetwork.ini [2007/07/18 12:03:51 | 000,095,232 | ---- | C] () -- C:\Users\Salignac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/07/17 21:33:42 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2007/07/17 21:31:22 | 000,005,420 | ---- | C] () -- C:\Windows\mozver.dat [2007/07/17 16:32:37 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2007/07/17 16:32:36 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2007/07/17 16:29:34 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll [2006/12/16 01:37:08 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2006/12/16 00:53:56 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2006/12/16 00:53:56 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006/12/16 00:53:56 | 000,138,101 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006/12/16 00:53:56 | 000,000,937 | ---- | C] () -- C:\Windows\generic.ini [2006/12/16 00:53:56 | 000,000,113 | ---- | C] () -- C:\Windows\Alaunch.ini [2006/12/15 17:20:27 | 000,319,488 | ---- | C] () -- C:\Windows\System32\SysMonitor.exe [2006/12/15 17:20:25 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2006/12/15 17:17:15 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe [2006/12/15 17:15:42 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys [2006/11/16 13:20:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2006/11/16 13:19:10 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll [2006/11/02 17:45:36 | 000,678,804 | ---- | C] () -- C:\Windows\System32\perfh00C.dat [2006/11/02 17:45:36 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat [2006/11/02 17:45:36 | 000,126,420 | ---- | C] () -- C:\Windows\System32\perfc00C.dat [2006/11/02 17:45:36 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat [2006/11/02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 14:44:53 | 000,371,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 12:33:01 | 000,592,304 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 12:33:01 | 000,100,378 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009/04/11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2006/12/16 00:54:25 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2009/06/15 21:59:11 | 000,021,106 | ---- | M] () -- C:\ComboFix.txt [2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2007/11/18 12:49:33 | 000,001,327 | ---- | M] () -- C:\error.log [2007/11/17 13:53:14 | 000,168,376 | ---- | M] () -- C:\ExtractLog.txt [2007/09/11 18:18:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007/09/11 18:18:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011/04/08 10:18:07 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys [2011/04/08 12:23:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2006/12/15 17:17:17 | 000,000,351 | ---- | M] () -- C:\RHDSetup.log [2007/07/17 16:49:42 | 000,000,091 | ---- | M] () -- C:\Setup.log [2010/03/14 16:06:13 | 000,921,624 | ---- | M] () -- C:\snp2sxp-001.raw [2010/02/15 18:41:17 | 000,230,424 | ---- | M] () -- C:\snp2sxp-002.raw [2010/02/15 19:15:17 | 000,460,824 | ---- | M] () -- C:\snp2sxp-003.raw [2010/01/01 16:55:31 | 000,230,424 | ---- | M] () -- C:\snp2sxp-004.raw [2007/07/18 16:35:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2007/07/18 16:35:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2010/03/04 15:20:10 | 000,000,162 | ---- | M] () -- C:\YServer.txt < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\drivers\*.sys /90 > [2011/01/13 10:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011/01/13 10:37:19 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011/01/13 10:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011/01/13 10:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011/01/13 10:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011/01/20 18:37:37 | 000,638,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-08 08:38:04 ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:052A05A1 @Alternate Data Stream - 64 bytes -> C:\Users\Salignac\Desktop\MOV00785.AVI:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Salignac\Desktop\MOV00777.AVI:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Salignac\Desktop\MOV00249.AVI:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Salignac\Desktop\MOV00245.AVI:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Salignac\Desktop\MOV00238.AVI:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Salignac\Desktop\MOV00233.AVI:TOC.WMV @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:F67AAFC5 @Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:B12D1A7D @Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:4E6B8D68 @Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:6BD304B9 @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:708BB0FA @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:43E95997 @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:BDF08FAF @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:667565EE @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:7AF9CAEB @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F50F1555 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:912389B7 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:52E1DB1D @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:DF2EA4BB @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9FE30AB2 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4E9307D7 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A42A9F39 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:FF8F1AE3 < End of report >
  13. Je crois qu'il n'a pas détecté d'erreurs donc je n'ai pas pu "afficher les résultat" et supprimer la sélection. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Version de la base de données: 6302 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 07/04/2011 19:58:18 mbam-log-2011-04-07 (19-58-17).txt Type d'examen: Examen rapide Elément(s) analysé(s): 150898 Temps écoulé: 13 minute(s), 7 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Results of screen317's Security Check version 0.99.10 Windows Vista Service Pack 2 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: avast! Free Antivirus WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 Java Web Start Java 6 Update 20 Java 6 Update 2 Java 2 Runtime Environment, SE v1.4.1_02 Out of date Java installed! Adobe Flash Player 10.0.45.2 Adobe Reader 7.0.9 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Common Files Microsoft Shared Windows Live AvastSvc.exe -?- AvastUI.exe ``````````End of Log````````````
  14. http://forum.zebulon.fr/probleme-de-demarrage-et-lenteur-t184198.html Je n'ai aucune réponse.
  15. Bonjour, J'ai 2 fois sur 3 un problème pour démarrer mon pc. Il démarre jusqu'au chargement de windows puis écran tout bleu (sans message) plus rien ne se passe. Il faut redémarrer plusieurs fois pour arriver jusqu'au bureau. Le pc est aussi horriblement lent quand ça marche. Je dois aussi indiquer que mon antivirus a déjà stoppé des virus donc peut-être que certains sont passés entre les mailles. Après le redémarrage, windows m'indique qu'il a eut des soucis, voici le rapport: Signature du problème : Nom d’événement de problème: BlueScreen Version du système: 6.0.6002.2.2.0.768.2 Identificateur de paramètres régionaux: 1036 Informations supplémentaires sur le problème : BCCode: 1 BCP1: 82C20626 BCP2: 00000000 BCP3: 0000FFFE BCP4: 00000000 OS Version: 6_0_6002 Service Pack: 2_0 Product: 768_1 Fichiers aidant à décrire le problème : C:\Windows\Minidump\Mini033011-02.dmp C:\Users\Salignac\AppData\Local\Temp\WER-158060-0.sysdata.xml C:\Users\Salignac\AppData\Local\Temp\WER9368.tmp.version.txt Lire notre déclaration de confidentialité : Analyse des incidents Microsoft en ligne Voici aussi un rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:42:23, on 30/03/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\SysMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\tsnp2std.exe C:\Windows\vsnp2std.exe D:\Avast5\AvastUI.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\NETGEAR\WNA1100\WNA1100.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Salignac\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Freebox, la meilleure offre ADSL : Internet, Téléphone, Télévision R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe" O4 - HKLM\..\Run: [avast5] "D:\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Assistant de configuration NETGEAR WNA1100.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: *.chat-land.org O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.maalaimalar.com/wfplayer/tdserver.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - D:\Avast5\AvastSvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- End of file - 5861 bytes
  16. Il s'agit d'un Packard Bell (rien trouvé sur leur site). Modèle : IMEDIA 6439 Une tour. edit: on m'a trouvé le bon pilote sur un chat informatique, merci de ton aide.
  17. Bonjour, Après une réinstallation de Windows, j'ai du mettre les pilotes à jour. Cependant, il y en a qui pose souci : IXP SB400 SMBus Controller (Aucun driver installé) Fabricant : ATI Technologies Inc | Classe: unknown J'ai essayé un tas de pilotes qui n'a rien donné. Sur le site ma-config, il ne propose aucune pilote pour ceci.
  18. Oh désolé, je pensais ne pas avoir de réponse et j'avais rien trouvé sur le net. J'ai procédé à la réinstallation de windows, merci quand même de ton aide.
  19. Bonjour, J'étais sur un site. Avast a bloqué des malwares nommé exc.exe. Mais le souci c'est qu'il les bloquait à répétition même en ayant fermé Internet Explorer, ça m'envoyait encore des alertes. J'ai ouvert alors Avast et vu qu'une mise à jour était disponible, je l'ai installé puis j'ai redémarré le pc. Mais là quand ça démarre j'ai l'écran du "BIOS" je crois comme d'habitude (l'écran qui dit ESC, F2 ou F8) mais ensuite plus rien écran noir complet. J'ai essayé de démarrer en mode sans échec ou faire une restauration des derniers paramètres fonctionnels mais ça ne fonctionne pas : écran noir, rien ne se lance. Merci de votre aide. PS : J'ai le CD pour réinstaller Windows XP et dessus j'ai une option pour réparer quand je sélectionne, j'arrive à une "invite de commande" comme je n'y connais pas grand chose je n'ai rien tenté. Mais peut-être faudrait essayer de supprimer le virus par là ou quelque chose comme ca ? J'ai essayé chkdsk /p /r. Le scan se passe mais quand c'est fini, ça n'arrange pas le problème.
  20. Ca marche, merci
  21. Quand je veux installer IE8, je recois un message "Installation IE8 a cessé de fonctionner : Un problème a fait que le programme a cessé de fonctionner normalement. Windows va fermer ce programme et vous indiquer si une solution est disponible." mais il m'indique rien. Sinon le pc a l'air d'être un peu moins lent, merci de ton aide.
  22. Le ficher log : Cijoint.fr - Service gratuit de dépôt de fichiers Pas de trace du fichier info ni dans la barre de tache ni dans C://RSIT où il y a le fichier log mais qu'un fichier info d'un ancien rapport :/ Peut-être dois je supprimer ces deux fichiers dans le dossier RSIT puis relancer l'application ?
  23. Désolé pour WinRAR, erreur de ma part... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4724 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 30/09/2010 22:39:43 mbam-log-2010-09-30 (22-39-43).txt Type d'examen: Examen complet (C:\|D:\|M:\|) Elément(s) analysé(s): 269537 Temps écoulé: 1 heure(s), 42 minute(s), 22 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Users\Salignac\Desktop\WinRAR\KeyGen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. D:\TeamScripT4\system\dlls\nHTML295.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Salignac\AppData\Roaming\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
  24. ======= RAPPORT D'AD-REMOVER 2.0.0.1,F | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par C_XX le 16/09/10 à 13:30 Contact: AdRemover.contact[AT]gmail.com Site web: TEAM X SCRIPT : UsbFix - AD-Remover - FindyKill C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 19:56:41 le 30/09/2010, Mode normal Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 (X86) Salignac@PC-DE-SALIGNAC ( ) ============== ACTION(S) ============== 0,Fichier supprimé: C:\Users\Salignac\AppData\Roaming\Mozilla\FireFox\Profiles\8q9g78ds.default\prefs.js.ask.bak 0,Fichier supprimé: C:\Users\Salignac\AppData\Roaming\Mozilla\FireFox\Profiles\8q9g78ds.default\searchplugins\ask.uk.xml 0,Fichier supprimé: C:\Users\Salignac\AppData\Roaming\Mozilla\FireFox\Profiles\8q9g78ds.default\searchplugins\conduit.xml 0,Dossier supprimé: C:\Users\Salignac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ask Search Assistant 0,Dossier supprimé: C:\Program Files\Ask Search Assistant 0,Dossier supprimé: C:\Users\Salignac\AppData\LocalLow\Conduit 0,Dossier supprimé: C:\Program Files\Conduit 0,Dossier supprimé: C:\Users\Salignac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eurobarre 0,Dossier supprimé: C:\ProgramData\GamesBar 0,Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poker 770 (!) -- Fichiers temporaires supprimés. -- Fichier ouvert: C:\Users\Salignac\AppData\Roaming\Mozilla\FireFox\Profiles\8q9g78ds.default\Prefs.js -- Ligne supprimée: user_pref("CT2567681.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_... Ligne supprimée: user_pref("CT2567681.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT256... Ligne supprimée: user_pref("browser.search.defaultthis.engineName", "Messenger Plus Live France Customized Web Search... Ligne supprimée: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567681&Sea... Ligne supprimée: user_pref("browser.search.selectedEngine", "Messenger Plus Live France Customized Web Search"); Ligne supprimée: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2567681&SearchSource=13"); Ligne supprimée: user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567681&q="); -- Fichier Fermé -- 0,Clé supprimée: HKLM\Software\Classes\Toolbar.CT2519687 0,Clé supprimée: HKLM\Software\Classes\Toolbar.CT2567681 0,Clé supprimée: HKLM\Software\Conduit 0,Clé supprimée: HKLM\Software\Games-Attack 0,Clé supprimée: HKLM\Software\Poker 770 0,Clé supprimée: HKCU\Software\AskSearchAsst 0,Clé supprimée: HKCU\Software\Games-Attack 0,Clé supprimée: HKCU\Software\Poker 770 0,Clé supprimée: HKCU\Software\PopCap 0,Clé supprimée: HKCU\Software\VB and VBA Program Settings\eurobarre 0,Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit 0,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Ask Search Assistant 0,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Eurobarre 0,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\GamesBar 3,Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} 3,Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} 0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ask.com Search Assistant 0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\AskSearchAsst.exe ============== SCAN ADDITIONNEL ============== ** Mozilla Firefox Version [3.6.10 (fr)] ** -- C:\Users\Salignac\AppData\Roaming\Mozilla\FireFox\Profiles\8q9g78ds.default\Prefs.js -- browser.download.dir, C:\\Users\\Salignac\\Downloads browser.download.lastDir, C:\\Users\\Salignac\\Desktop browser.search.defaultenginename, Yahoo browser.startup.homepage_override.mstone, rv:1.9.2.10 privacy.popups.showBrowserMessage, false ======================================== ** Internet Explorer Version [7.0.6002.18005] ** [HKCU\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\Windows\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Custom Search URL: 1 [HKLM\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\Windows\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files\Ad-Remover\Quarantine: 21 Fichier(s) C:\Program Files\Ad-Remover\Backup: 17 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 30/09/2010 (5386 Octet(s)) C:\Ad-Report-SCAN[1].txt - 30/09/2010 (5605 Octet(s)) Fin à: 20:00:17, 30/09/2010 ============== E.O.F ==============
×
×
  • Créer...