Bardamus

Membres

Afficher le profil Afficher son activité

Compteur de contenus
11
Inscription
le 16 juillet 2011
Dernière visite
le 30 juillet 2011

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par Bardamus

[Résolu] Pop-Ups incessantes

Bardamus a répondu à un(e) sujet de Bardamus dans Analyses et éradication malwares

Bonsoir Avant de fermer le post je tenais à te remercier encore une fois de tes compétences et de ta disponibilité et de ta façon très simple et complète pour expliquer les choses bonne soirée JP
- le 25 juillet 2011
- 20 réponses
[Résolu] Pop-Ups incessantes

Bardamus a répondu à un(e) sujet de Bardamus dans Analyses et éradication malwares

bonjour apres avoir passé Dr.Web CureIt dont voici le rapport ci dessous sd4hide.exe D:\Dossier perso\Margot\A rtier Tool.DiskHide Quarantaine. UnityWebPlayerBootstrap.exe C:\Documents and Settings\Famille\Local Settings\Apps\2.0\JYYO89JK.E89\4R66AL7Z.MVB\unit...app_d6f49eb96193782e_0001.0000_12555 Trojan.DownLoader4.5079 Quarantaine. bugwatch.exe C:\Program Files\DIABASS4.DMO\support Probablement BACKDOOR.Trojan Quarantaine. j'ai enfin pu passer SecurityCheck dont voici également le log Results of screen317's Security Check version 0.99.7 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Securitoo AntiVirus Firewall ``````````````````````````````` Anti-malware/Other Utilities Check: Windows Defender CCleaner Adobe Flash Player Adobe Reader 9.4.5 - Français Out of date Adobe Reader installed! Mozilla Firefox (x86 fr..) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log```````````` voila merci et bonne journée
- le 25 juillet 2011
- 20 réponses
[Résolu] Pop-Ups incessantes

Bardamus a répondu à un(e) sujet de Bardamus dans Analyses et éradication malwares

bonsoir, toujours impossible d'utiliser ComboFix en mode normal j'ai donc utilisé ce dernier en mode sans echec et pu générer le log ci dessous que je te livre ci dessous voilà et bien sur toujours merci ComboFix 11-07-24.01 - Administrateur 24/07/2011 19:24:59.1.2 - x86 NETWORK Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.649 [GMT 2:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe AV: Securitoo AntiVirus Firewall 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: Securitoo AntiVirus Firewall 9.01 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrateur\WINDOWS c:\documents and settings\Default User\WINDOWS c:\documents and settings\Famille\WINDOWS c:\program files\Uninstall.exe c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\lsprst7.dll c:\windows\system32\ssprs.dll . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-06-24 au 2011-07-24 )))))))))))))))))))))))))))))))))))) . . 2011-07-24 12:37 . 2011-07-24 17:28 -------- d-----w- c:\documents and settings\Administrateur 2011-07-23 15:37 . 2011-07-23 15:37 -------- d-----w- C:\_OTL 2011-07-22 20:01 . 2011-07-22 20:13 512 ----a-w- C:\PhysicalMBR.bin 2011-07-22 13:32 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9AB3EF94-D306-42E9-820A-2484486240C4}\mpengine.dll 2011-07-19 14:53 . 2011-07-19 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-07-15 07:17 . 2011-07-15 07:17 -------- d-----w- c:\documents and settings\LocalService\Bureau 2011-07-15 06:52 . 2011-07-23 07:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2011-07-14 17:17 . 2011-07-14 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft 2011-07-13 21:10 . 2011-07-13 21:11 -------- d-----w- c:\program files\Trend Micro 2011-07-13 08:08 . 2011-07-16 21:18 -------- d-sh--w- c:\documents and settings\Famille\UserData 2011-07-13 07:55 . 2011-07-13 07:56 -------- d-----w- c:\program files\CCleaner 2011-07-09 20:59 . 2011-07-09 20:59 1025 ----a-w- c:\windows\system32\clauth2.dll 2011-07-09 20:59 . 2011-07-09 20:59 1025 ----a-w- c:\windows\system32\clauth1.dll 2011-07-09 20:59 . 2011-07-09 20:59 1025 ----a-w- c:\windows\system32\sysprs7.dll 2011-07-09 20:59 . 2011-07-09 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Minnetonka Audio Software 2011-07-08 10:06 . 2011-07-08 10:06 -------- d-----w- c:\program files\Alp-Software 2011-07-02 21:25 . 2011-07-08 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2011-07-02 20:51 . 2011-07-02 20:51 -------- d-----w- c:\program files\Fichiers communs\Macrovision Shared . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-26 21:24 . 2011-05-22 11:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-07 15:55 . 2010-11-21 14:54 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-06-06 11:35 . 2004-08-05 19:00 1859072 ----a-w- c:\windows\system32\win32k.sys 2011-05-24 17:14 . 2010-11-21 14:54 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-02 15:31 . 2004-10-21 19:21 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2004-08-05 19:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2004-08-05 19:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07 . 2004-08-05 19:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-04-26 11:07 . 2004-08-05 19:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2010-11-21 19:36 . 2010-11-21 19:36 1293312 ----a-w- c:\program files\All T4C.exe 2011-04-14 16:47 . 2011-05-16 06:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CARPService"="carpserv.exe" [2001-12-23 4608] "WINCINEMAMGR"="c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2004-12-30 270336] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "F-Secure Manager"="c:\program files\Securitoo\av_fw\Common\FSM32.EXE" [2009-08-05 199264] "F-Secure TNB"="c:\program files\Securitoo\av_fw\FSGUI\TNBUtil.exe" [2009-08-05 2349664] "LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936] "AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] . c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-22 113664] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo Scheduler server.lnk] backup=c:\windows\pss\InterVideo Scheduler server.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk] backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Famille^Menu Démarrer^Programmes^Démarrage^Logitech . Enregistrement du produit.lnk] backup=c:\windows\pss\Logitech . Enregistrement du produit.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2008-02-13 11:06 2196240 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] 2001-07-25 08:00 192568 ----a-w- c:\program files\Microsoft Money\System\Money Express.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0] 2001-07-25 08:00 245810 ----a-w- c:\program files\Microsoft Money\System\Activation.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 . R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [21/10/2010 21:08 80000] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592] S0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [21/10/2010 21:08 42664] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Securitoo\av_fw\HIPS\drivers\fshs.sys [21/10/2010 21:08 68064] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/10/2010 22:13 136176] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/08/2010 11:38 92008] S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [22/10/2010 04:59 1287296] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Securitoo\av_fw\Anti-Virus\minifilter\fsgk.sys [21/10/2010 21:08 148648] S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Securitoo\av_fw\ORSP Client\fsorsp.exe [21/10/2010 21:08 61088] S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [22/10/2010 22:13 136176] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Securitoo\av_fw\Anti-Virus\win2k\fsfilter.sys [21/10/2010 21:08 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Securitoo\av_fw\Anti-Virus\win2k\fsrec.sys [21/10/2010 21:08 25184] . Contenu du dossier 'Tâches planifiées' . 2011-07-24 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] . . ------- Examen supplémentaire ------- . LSP: c:\program files\Securitoo\av_fw\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - . - - - - ORPHELINS SUPPRIMES - - - - . MSConfigStartUp-autoupdater - c:\documents and settings\Famille\Application Data\Agence-Exclusive\Agence-Exclusive\autoupdater.exe AddRemove-All T4C - c:\program files\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-07-24 19:28 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-1483813894-2362329480-3824206441-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,f4,ec,30,56,fc,30,4e,a6,c5,83,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,f4,ec,30,56,fc,30,4e,a6,c5,83,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:71,17,32,b3,d9,1b,a9,14,a3,f4,93,9a,c4,2a,8d,95,e3,fc,be,1c,ef, 24,a5,d4,a6,92,38,f0,bd,ba,81,c7,9b,0f,a6,0d,f1,6c,85,97,a7,73,51,42,5e,55,\ . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:71,17,32,b3,d9,1b,a9,14,a3,f4,93,9a,c4,2a,8d,95,e3,fc,be,1c,ef, 24,a5,d4,a6,92,38,f0,bd,ba,81,c7,9b,0f,a6,0d,f1,6c,85,97,a7,73,51,42,5e,55,\ . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'winlogon.exe'(448) c:\windows\system32\Ati2evxx.dll c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\windows\system32\sirenacm.dll . Heure de fin: 2011-07-24 19:30:13 ComboFix-quarantined-files.txt 2011-07-24 17:30 . Avant-CF: 210 435 743 744 octets libres Après-CF: 210 382 372 864 octets libres . WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn . - - End Of File - - 53378A7E35EE5CA1DB4B047F50EE2D27
- le 24 juillet 2011
- 20 réponses
[Résolu] Pop-Ups incessantes

Bardamus a répondu à un(e) sujet de Bardamus dans Analyses et éradication malwares

Bonjour voici le rapport généré par OTL en mode sans échec cependant je ne suis pas parvenu a installer rkill (aucune des 3 version)en mode sans échec j'ai a chaque fois eu l'installation a échoué par contre OTL lui a fonctionné et a demandé un redémarrage avant de généré lé rapport ci dessous Vraiment un grand merci pour tout le temps que tu consacre a m'aider JP All processes killed ========== OTL ========== Service HidServ stopped successfully! Service HidServ deleted successfully! Service AppMgmt stopped successfully! Service AppMgmt deleted successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{465E08E7-F005-4389-980F-1D8764B3486C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465E08E7-F005-4389-980F-1D8764B3486C}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully. C:\Program Files\Microsoft Money\System\mnyviewer.dll moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\autoupdater deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\earthclock not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. C:\Documents and Settings\Famille\Bureau\ComboFix.exe moved successfully. C:\WINDOWS\system32\drivers\SBREDrv.sys moved successfully. C:\Documents and Settings\Famille\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine folder moved successfully. C:\Documents and Settings\Famille\Local Settings\Application Data\Sunbelt Software\CounterSpy folder moved successfully. C:\Documents and Settings\Famille\Local Settings\Application Data\Sunbelt Software folder moved successfully. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\pctuto\Tuto Ccleaner folder moved successfully. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\pctuto folder moved successfully. C:\Documents and Settings\Famille\Local Settings\Application Data\uTorrent\Cache folder moved successfully. C:\Documents and Settings\Famille\Local Settings\Application Data\uTorrent folder moved successfully. C:\Documents and Settings\Famille\Mes documents\HostsXpert.zip moved successfully. C:\Documents and Settings\All Users\Application Data\bcdwrylw.kdv moved successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\eMule not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\uTorrent not found. ========== FILES ========== < ipconfig /flushdns /c > Configuration IP de Windows Cache de résolution DNS vidé. C:\Documents and Settings\Administrateur\Bureau\cmd.bat deleted successfully. C:\Documents and Settings\Administrateur\Bureau\cmd.txt deleted successfully. C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\WINDOWS\tasks\MP Scheduled Scan.job moved successfully. File\Folder C:\*.sqm not found. File\Folder C:\WINDOWS\System32\*.tmp not found. C:\WINDOWS\msdownld.tmp folder moved successfully. C:\WINDOWS\SET3.tmp moved successfully. C:\WINDOWS\SET4.tmp moved successfully. C:\WINDOWS\SET8.tmp moved successfully. File\Folder D:\telechargement\Adobe Premiere Pro CS3 Multi-Language + Crack not found. File\Folder D:\telechargement\securité\unlocker_unlocker_1.9.1_32_bits_francais_20237.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 5362078 bytes ->Temporary Internet Files folder emptied: 4129341 bytes ->Flash cache emptied: 56958 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 56502 bytes User: Famille ->Temp folder emptied: 452447811 bytes ->Temporary Internet Files folder emptied: 192361768 bytes ->FireFox cache emptied: 44357752 bytes ->Flash cache emptied: 61409 bytes User: LocalService ->Temp folder emptied: 115348 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 678510 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 145914412 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 120666657 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34313 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 922,00 mb [EMPTYFLASH] User: Administrateur ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Flash cache emptied: 0 bytes User: Famille ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb HOSTS file reset successfully ========== OTL ========== Error: No service named HidServ was found to stop! Service\Driver key HidServ not found. Error: No service named AppMgmt was found to stop! Service\Driver key AppMgmt not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{465E08E7-F005-4389-980F-1D8764B3486C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465E08E7-F005-4389-980F-1D8764B3486C}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found. File C:\Program Files\Microsoft Money\System\mnyviewer.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\autoupdater not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\earthclock not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. File C:\Documents and Settings\Famille\Bureau\ComboFix.exe not found. File C:\WINDOWS\System32\drivers\SBREDrv.sys not found. Folder C:\Documents and Settings\Famille\Local Settings\Application Data\Sunbelt Software\ not found. Folder C:\Documents and Settings\All Users\Menu Démarrer\Programmes\pctuto\ not found. Folder C:\Documents and Settings\Famille\Local Settings\Application Data\uTorrent\ not found. File C:\Documents and Settings\Famille\Mes documents\HostsXpert.zip not found. File C:\Documents and Settings\All Users\Application Data\bcdwrylw.kdv not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\eMule not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\uTorrent not found. ========== FILES ========== < ipconfig /flushdns /c > Configuration IP de Windows Cache de résolution DNS vidé. C:\Documents and Settings\Administrateur\Bureau\cmd.bat deleted successfully. C:\Documents and Settings\Administrateur\Bureau\cmd.txt deleted successfully. File\Folder C:\WINDOWS\tasks\*.job not found. File\Folder C:\*.sqm not found. File\Folder C:\WINDOWS\System32\*.tmp not found. File\Folder C:\WINDOWS\*.tmp not found. File\Folder D:\telechargement\Adobe Premiere Pro CS3 Multi-Language + Crack not found. File\Folder D:\telechargement\securité\unlocker_unlocker_1.9.1_32_bits_francais_20237.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 267837 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Famille ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 0,00 mb [EMPTYFLASH] User: Administrateur ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Flash cache emptied: 0 bytes User: Famille ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.26.1 log created on 07242011_144552 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temp\~DFE33B.tmp not found! File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temp\~DFE348.tmp not found! File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temp\~DFE3A2.tmp not found! File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temp\~DFE3AF.tmp not found! File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\XUPMCQY0\ads[2].htm not found! File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\XUPMCQY0\povh[1].htm not found! File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\W4GACSVF\AP_CPL_728x90[1].htm not found! File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\W4GACSVF\AP_VIA_300x250[1].htm not found! File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\W4GACSVF\AP_VIA_728x90[1].htm not found! File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\NKY37KM5\ads[2].htm not found! File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\NKY37KM5\afr[1].htm not found! File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\NKY37KM5\AP_ADV_300x250[1].htm not found! File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\NKY37KM5\AP_ADV_728x90[1].htm not found! File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\NKY37KM5\hijackthis-t186641[1].htm not found! File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3E7WXY6G\ads[3].htm not found! File\Folder C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3E7WXY6G\afr[1].htm not found! Registry entries deleted on Reboot...
- le 24 juillet 2011
- 20 réponses
[Résolu] Pop-Ups incessantes

Bardamus a répondu à un(e) sujet de Bardamus dans Analyses et éradication malwares

Bonjour, Je ne parviens pas a effectuer la correction avec OTL lorsque je lance l’opération toutes les icones disparaissent et puis plus rien… j’ai attendu plusieurs heures …. Par contre je ne sais pas comment désactiver Windows Defender cela explique peut être l’impossibilité d’effectuer la correction avec OTL et l’impossibilité t’utiliser ComboFix et SecurityCheck en ce qui concerne les pop up plus d’ennuis … j'attends vos indications merci et bonne journée
- le 24 juillet 2011
- 20 réponses
[Résolu] Pop-Ups incessantes

Bardamus a répondu à un(e) sujet de Bardamus dans Analyses et éradication malwares

bonsoir Effectivement je n’avais pas jusqu’ alors envisagé cet aspect des choses et surtout je te remercie de ne pas avoir eu de propos moralisateur… et surtout du temps que tu me consacre voici les logs générés par OTL OTL Extras logfile created on: 22/07/2011 22:12:33 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Famille\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1023,48 Mb Total Physical Memory | 288,33 Mb Available Physical Memory | 28,17% Memory free 2,40 Gb Paging File | 1,81 Gb Available in Paging File | 75,31% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 228,98 Gb Total Space | 194,70 Gb Free Space | 85,03% Space Free | Partition Type: NTFS Drive D: | 931,50 Gb Total Space | 752,32 Gb Free Space | 80,76% Space Free | Partition Type: NTFS Drive K: | 959,97 Mb Total Space | 28,52 Mb Free Space | 2,97% Space Free | Partition Type: FAT Drive L: | 1,88 Gb Total Space | 0,62 Gb Free Space | 32,96% Space Free | Partition Type: FAT Computer Name: 240746F0C7A9498 | User Name: Famille | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\8.0\ACDSee8.exe" "%1" (ACD Systems Ltd.) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518) "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{16E79B1D-D1C2-4CA6-8B23-F4D890E0DCB9}" = Orange Plug-in messagerie vocale 888 "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4 "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman) "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3FA86A9F-D47C-3953-5FE7-F0AF19F0C98E}" = VirginMega DownloadManager V3 "{43002AE2-4093-49E0-A03D-990EE184C568}" = Lyrics Plugin for Windows Media Player "{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4 "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs "{5253F9D9-8E8A-452F-9BA5-E537CCB369C5}" = Aqua Deskperience "{548CBD79-054A-42F1-A1DA-B4F3FEF490ED}_is1" = Geonaute Software "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection "{6444D9D9-CD6C-4464-B970-55C606C944DC}" = Logitech QuickCam "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Utilitaire de sauvegarde Windows "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{88872E86-59A5-4213-A609-FDCFA4D9BEA6}" = Universalis 9 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AEEE6D6-C95D-465A-B8D3-B7AE2FA7B8B4}" = InterVideo Launcher "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12 "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007 "{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007 "{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007 "{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007 "{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{997C3902-3A9A-44A2-B793-1E5561C5BEC5}" = Alp-Enveloppe "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.5 - Français "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B8906BF4-2B85-42C9-A40B-2C8A13DE6930}" = Geonaute KeyMaze 500-700 "{B99D5C2B-B812-469C-8EF5-E7DF81F4A315}" = Horas "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Extension Système de Microsoft Money "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{DD54C6DE-B787-406D-A5A7-A49E0471E45B}" = ACDSee 8 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E08EC542-BC5F-4F26-BBB9-E426BA007A31}" = OneTouch USB Driver "{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites "{E7298FD8-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F2A056D9-54B2-4F2B-8DD8-A42A73D1E5E7}" = Logiciel OneTouch "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP "Actionaz 2_is1" = Actionaz 2.0.8.0 "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection "All T4C" = All T4C 2.0.4 "ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000 "ATI Display Driver" = ATI Display Driver "Audacity_is1" = Audacity 1.2.6 "AVS Image Converter_is1" = AVS Image Converter 1.3.2.141 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "Canon ScanGear Toolbox CS 2.2" = Canon ScanGear Toolbox CS 2.2 "CCleaner" = CCleaner "C-Media Audio Driver" = C-Media High Definition Audio Driver "CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_200414F1" = SoftK56 Data Fax Voice Speakerphone CARP "DIABASS4 (DEMO)" = DIABASS4 (DEMO) "Download Manager" = Download Manager 2.3.10 "eMule" = eMule "EPSON Stylus S20 Series" = EPSON Stylus S20 Series Printer Uninstall "FileZilla Client" = FileZilla Client 3.3.4.1 "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.94 "Freecorder5.01" = Freecorder 5 "F-Secure Product 440" = Securitoo AntiVirus Firewall "ie8" = Windows Internet Explorer 8 "LMS" = C-Dilla Licence Management System "lvdrivers_11.70" = Coffret de pilotes Logitech QuickCam "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 4.0.1 (x86 fr)" = Mozilla Firefox 4.0.1 (x86 fr) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition "Philips Media Manager 3.3.12.0004" = Philips Media Manager 3.3.12.0004 "PriceGong" = PriceGong 2.1.0 "PROPLUS" = Microsoft Office Professional Plus 2007 "Repertoire" = Repertoire "Shockwave" = Shockwave "ST6UNST #1" = Quetes_T4C_Install "ST6UNST #2" = Quetes_T4C_Install (C:\Program Files\Quêtes de T4C\) "StarCraft II" = StarCraft II "T4C- NMS Révolution" = T4C- NMS Révolution "TomTom HOME" = TomTom HOME 2.7.6.2056 "Toptime" = Toptime "uTorrent" = µTorrent "VirginMega.DownloadManager.v3.4AE6D9B37411D7D7A2C457954142B8FA4EE6E198.1" = VirginMega DownloadManager V3 "VLC media player" = VLC media player 1.1.10 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "Windows XP Service" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Installation Windows Live "WinRAR archiver" = Archiveur WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 20/07/2011 23:25:04 | Computer Name = 240746F0C7A9498 | Source = Application Hang | ID = 1002 Description = Application bloquée ComboFix.exe, version 11.7.20.2, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 21/07/2011 13:26:07 | Computer Name = 240746F0C7A9498 | Source = Application Error | ID = 1000 Description = Application défaillante explorer.exe, version 6.0.2900.5512, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x026b3404. Error - 21/07/2011 15:18:06 | Computer Name = 240746F0C7A9498 | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 21/07/2011 23:41:37 | Computer Name = 240746F0C7A9498 | Source = WinDefendRtp | ID = 3003 Description = Le point de contrôle de la protection en temps réel %%827 a rencontré une erreur et n’a pas pu démarrer. Utilisateur : 240746F0C7A9498\Famille Agent : 1 Code de l’erreur : 0x80070005 Description de l’erreur : Accès refusé. Error - 21/07/2011 23:41:37 | Computer Name = 240746F0C7A9498 | Source = WinDefendRtp | ID = 3003 Description = Le point de contrôle de la protection en temps réel %%827 a rencontré une erreur et n’a pas pu démarrer. Utilisateur : 240746F0C7A9498\Famille Agent : 1 Code de l’erreur : 0x8000ffff Description de l’erreur : Défaillance irrémédiable Error - 22/07/2011 14:55:57 | Computer Name = 240746F0C7A9498 | Source = MsiInstaller | ID = 11719 Description = Product: Adobe Setup -- Error 1719.Le service Windows Installer n'est pas accessible. Cela peut se produire si vous exécutez Windows en mode sans échec, ou si Windows Installer n'est pas correctement installé. Contactez votre service de support pour obtenir de l'assistance. Error - 22/07/2011 15:00:26 | Computer Name = 240746F0C7A9498 | Source = WinDefendRtp | ID = 3003 Description = Le point de contrôle de la protection en temps réel %%827 a rencontré une erreur et n’a pas pu démarrer. Utilisateur : 240746F0C7A9498\Famille Agent : 1 Code de l’erreur : 0x80070005 Description de l’erreur : Accès refusé. Error - 22/07/2011 15:00:26 | Computer Name = 240746F0C7A9498 | Source = WinDefendRtp | ID = 3003 Description = Le point de contrôle de la protection en temps réel %%827 a rencontré une erreur et n’a pas pu démarrer. Utilisateur : 240746F0C7A9498\Famille Agent : 1 Code de l’erreur : 0x8000ffff Description de l’erreur : Défaillance irrémédiable Error - 22/07/2011 15:18:43 | Computer Name = 240746F0C7A9498 | Source = WinDefendRtp | ID = 3003 Description = Le point de contrôle de la protection en temps réel %%827 a rencontré une erreur et n’a pas pu démarrer. Utilisateur : 240746F0C7A9498\Famille Agent : 1 Code de l’erreur : 0x80070005 Description de l’erreur : Accès refusé. Error - 22/07/2011 15:18:43 | Computer Name = 240746F0C7A9498 | Source = WinDefendRtp | ID = 3003 Description = Le point de contrôle de la protection en temps réel %%827 a rencontré une erreur et n’a pas pu démarrer. Utilisateur : 240746F0C7A9498\Famille Agent : 1 Code de l’erreur : 0x8000ffff Description de l’erreur : Défaillance irrémédiable [ OSession Events ] Error - 19/05/2011 14:58:01 | Computer Name = 240746F0C7A9498 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4186 seconds with 2460 seconds of active time. This session ended with a crash. [ System Events ] Error - 20/07/2011 16:31:36 | Computer Name = 240746F0C7A9498 | Source = F-Secure Gatekeeper | ID = 327681 Description = Error - 20/07/2011 16:31:36 | Computer Name = 240746F0C7A9498 | Source = F-Secure Gatekeeper | ID = 327681 Description = Error - 20/07/2011 16:33:15 | Computer Name = 240746F0C7A9498 | Source = F-Secure Gatekeeper | ID = 327681 Description = Error - 20/07/2011 16:33:39 | Computer Name = 240746F0C7A9498 | Source = F-Secure Gatekeeper | ID = 327681 Description = Error - 20/07/2011 16:33:39 | Computer Name = 240746F0C7A9498 | Source = F-Secure Gatekeeper | ID = 327681 Description = Error - 20/07/2011 16:33:47 | Computer Name = 240746F0C7A9498 | Source = F-Secure Gatekeeper | ID = 327681 Description = Error - 20/07/2011 16:34:53 | Computer Name = 240746F0C7A9498 | Source = F-Secure Gatekeeper | ID = 327681 Description = Error - 20/07/2011 16:35:25 | Computer Name = 240746F0C7A9498 | Source = F-Secure Gatekeeper | ID = 327681 Description = Error - 20/07/2011 16:36:30 | Computer Name = 240746F0C7A9498 | Source = F-Secure Gatekeeper | ID = 327681 Description = Error - 21/07/2011 13:36:46 | Computer Name = 240746F0C7A9498 | Source = MRxSmb | ID = 8003 Description = Le maître explorateur a reçu une annonce de serveur de l'ordinateur PC-DE-MARGOT qui pense qu'il est le maître explorateur sur le domaine pour le transport NetBT_Tcpip_{D3DAD458-0D8E-4. Le maître explorateur s'arrête ou une élection est provoquée. < End of report > OTL logfile created on: 22/07/2011 22:12:33 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Famille\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1023,48 Mb Total Physical Memory | 288,33 Mb Available Physical Memory | 28,17% Memory free 2,40 Gb Paging File | 1,81 Gb Available in Paging File | 75,31% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 228,98 Gb Total Space | 194,70 Gb Free Space | 85,03% Space Free | Partition Type: NTFS Drive D: | 931,50 Gb Total Space | 752,32 Gb Free Space | 80,76% Space Free | Partition Type: NTFS Drive K: | 959,97 Mb Total Space | 28,52 Mb Free Space | 2,97% Space Free | Partition Type: FAT Drive L: | 1,88 Gb Total Space | 0,62 Gb Free Space | 32,96% Space Free | Partition Type: FAT Computer Name: 240746F0C7A9498 | User Name: Famille | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/07/22 05:57:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Famille\Bureau\OTL.exe PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/06/09 05:03:04 | 000,983,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe PRC - [2011/06/09 05:03:04 | 000,508,456 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32.exe PRC - [2011/05/23 13:38:56 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Securitoo\av_fw\ORSP Client\fsorsp.exe PRC - [2011/04/04 15:14:19 | 000,484,520 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe PRC - [2011/03/24 08:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe PRC - [2010/08/24 11:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010/08/24 11:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2009/08/05 17:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE PRC - [2009/08/05 17:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE PRC - [2009/08/05 17:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Securitoo\av_fw\Common\FSHDLL32.EXE PRC - [2009/08/05 17:57:20 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Securitoo\av_fw\FWES\program\fsdfwd.exe PRC - [2009/08/05 17:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe PRC - [2009/04/01 13:41:08 | 001,378,040 | ---- | M] (Basta Computing) -- C:\Program Files\Basta Computing\Horas\Horas.exe PRC - [2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/02/13 13:02:46 | 000,564,496 | ---- | M] () -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe PRC - [2008/02/05 18:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2008/02/05 18:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe PRC - [2006/11/03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe PRC - [2006/07/14 09:48:16 | 000,136,704 | ---- | M] (Royal Philips Electronics Inc) -- C:\Program Files\Philips\Media Manager\Philips Media Manager.exe PRC - [2004/12/30 21:46:12 | 000,270,336 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe PRC - [2003/04/01 10:21:48 | 000,046,080 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE PRC - [2001/12/23 20:02:06 | 000,004,608 | ---- | M] (Conexant Systems) -- C:\WINDOWS\system32\carpserv.exe PRC - [2001/07/25 10:00:00 | 000,049,206 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Money\System\urlmap.exe ========== Modules (SafeList) ========== MOD - [2011/07/22 21:18:34 | 000,018,432 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\Famille\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll MOD - [2011/07/22 05:57:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Famille\Bureau\OTL.exe MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2009/08/05 17:59:08 | 000,256,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Securitoo\av_fw\Spam Control\fsscoepl.dll MOD - [2009/08/05 17:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\securitoo\av_fw\hips\fshook32.dll MOD - [2008/02/05 18:20:30 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011/07/20 17:44:13 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/07/02 22:51:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/05/23 13:38:56 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Securitoo\av_fw\ORSP Client\fsorsp.exe -- (FSORSPClient) SRV - [2010/08/24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2009/08/05 17:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE -- (FSMA) SRV - [2009/08/05 17:57:20 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe -- (FSDFWD) SRV - [2009/08/05 17:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter) SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/02/05 18:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) SRV - [2008/02/05 18:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008/02/05 18:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer) SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003/04/01 10:21:48 | 000,046,080 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv) ========== Driver Services (SafeList) ========== DRV - [2011/07/20 17:47:01 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2011/07/20 17:45:27 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/06/09 05:03:54 | 000,148,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Securitoo\av_fw\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - [2010/12/15 17:01:31 | 000,042,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts) DRV - [2009/11/19 14:33:20 | 000,051,200 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2009/08/05 17:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Securitoo\av_fw\HIPS\drivers\fshs.sys -- (F-Secure HIPS) DRV - [2009/08/05 17:57:20 | 000,080,000 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW) DRV - [2009/08/05 17:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Securitoo\av_fw\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter) DRV - [2009/08/05 17:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Securitoo\av_fw\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer) DRV - [2008/02/06 04:21:25 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008/02/06 04:20:40 | 000,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2008/02/06 04:17:37 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV - [2008/02/06 04:17:26 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter) DRV - [2008/02/05 18:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008/02/05 18:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap) DRV - [2005/12/12 05:40:44 | 001,414,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/05/12 14:39:56 | 001,287,296 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax) DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003/08/13 16:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023) DRV - [2003/04/01 10:23:22 | 000,058,288 | ---- | M] (Macrovision) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla) DRV - [2001/12/23 20:02:20 | 000,033,548 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher) DRV - [2001/12/23 20:00:02 | 000,160,083 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2001/12/23 19:59:26 | 001,171,488 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2001/12/23 19:53:18 | 000,591,536 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Portail Orange : Actu, Sport, Assistance Internet, Web Mail Orange IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.orange.fr/portail" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Famille\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Securitoo\av_fw\NRS\litmus-ff@f-secure.com [2011/07/13 15:27:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 08:16:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/22 15:19:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Famille\Application Data\Mozilla\Extensions [2010/10/22 15:19:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Famille\Application Data\Mozilla\Extensions\home2@tomtom.com [2011/05/16 08:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- [2011/07/13 15:27:58 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES\SECURITOO\AV_FW\NRS\LITMUS-FF@F-SECURE.COM [2010/10/24 23:35:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/04/14 18:47:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml [2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml [2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml [2010/01/01 10:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml Hosts file not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Securitoo\av_fw\NRS\iescript\baselitmus.dll (F-Secure Corporation) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Securitoo\av_fw\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [autoupdater] File not found O4 - HKLM..\Run: [CARPService] C:\WINDOWS\System32\carpserv.exe (Conexant Systems) O4 - HKLM..\Run: [Cmaudio] File not found O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [WINCINEMAMGR] C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [earthclock] File not found O4 - HKCU..\Run: [EPSON Stylus S20 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Démarrage\Horas.lnk = C:\Program Files\Basta Computing\Horas\Horas.exe (Basta Computing) O4 - Startup: C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Démarrage\Philips Media Manager.lnk = C:\Program Files\Philips\Media Manager\Philips Media Manager.exe (Royal Philips Electronics Inc) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Securitoo\av_fw\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Securitoo\av_fw\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Securitoo\av_fw\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Securitoo\av_fw\FSPS\program\FSLSP.DLL (F-Secure Corporation) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/10/21 21:24:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011/05/16 15:28:53 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011/05/16 15:28:53 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin ========== Files/Folders - Created Within 30 Days ========== [2011/07/22 21:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype [2011/07/22 05:57:52 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Famille\Bureau\OTL.exe [2011/07/21 19:43:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Outils d'administration [2011/07/20 19:12:34 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/07/20 19:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware [2011/07/20 19:12:26 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/07/20 19:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/07/20 17:47:38 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2011/07/20 17:05:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} [2011/07/20 17:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2011/07/20 17:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Lavasoft [2011/07/20 15:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Bureau\securite [2011/07/20 15:42:50 | 004,150,919 | R--- | C] (Swearware) -- C:\Documents and Settings\Famille\Bureau\ComboFix.exe [2011/07/19 16:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Application Data\Malwarebytes [2011/07/19 16:53:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/07/16 23:18:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Famille\Recent [2011/07/15 08:58:23 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011/07/15 08:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Local Settings\Application Data\Sunbelt Software [2011/07/15 08:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2011/07/14 19:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2011/07/14 16:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Application Data\vlc [2011/07/14 16:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\VideoLAN [2011/07/14 12:23:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2011/07/13 23:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011/07/13 10:08:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Famille\UserData [2011/07/13 09:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CCleaner [2011/07/13 09:55:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011/07/12 17:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\pctuto [2011/07/09 22:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software [2011/07/09 17:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Local Settings\Application Data\uTorrent [2011/07/08 12:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Alp-Software [2011/07/08 12:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Local Settings\Application Data\Alp-Software [2011/07/08 12:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Alp-Enveloppe [2011/07/02 23:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Mes documents\Adobe [2011/07/02 23:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet [2011/07/02 22:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Master Collection CS4 [2011/07/02 22:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Macrovision Shared [2011/06/24 11:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Mes documents\Freecorder [2011/06/24 11:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Freecorder [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/22 22:13:45 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2011/07/22 21:28:01 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/07/22 21:26:32 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk [2011/07/22 21:21:36 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/07/22 21:18:48 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/07/22 21:18:35 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/07/22 21:18:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/07/22 05:57:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Famille\Bureau\OTL.exe [2011/07/21 05:31:07 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2011/07/21 05:31:07 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2011/07/20 17:45:27 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2011/07/20 17:05:34 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\Famille\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk [2011/07/20 15:43:04 | 004,150,919 | R--- | M] (Swearware) -- C:\Documents and Settings\Famille\Bureau\ComboFix.exe [2011/07/20 00:25:37 | 000,001,515 | ---- | M] () -- C:\WINDOWS\pstudio.ini [2011/07/20 00:25:37 | 000,000,028 | ---- | M] () -- C:\WINDOWS\album.ini [2011/07/19 16:09:07 | 000,000,216 | RHS- | M] () -- C:\boot.ini [2011/07/18 01:12:10 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz [2011/07/18 01:12:10 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll [2011/07/18 01:12:09 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz [2011/07/18 01:12:09 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll [2011/07/17 23:29:11 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011/07/17 12:52:06 | 000,357,766 | ---- | M] () -- C:\Documents and Settings\Famille\Mes documents\HostsXpert.zip [2011/07/15 08:58:19 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011/07/14 20:54:01 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Famille\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/07/13 03:18:37 | 002,154,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/07/09 22:59:38 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll [2011/07/09 22:59:38 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll [2011/07/09 22:59:37 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz [2011/07/09 22:59:37 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll [2011/07/09 16:07:17 | 000,001,360 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.old [2011/07/09 16:04:15 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/07/09 01:11:28 | 000,054,160 | ---- | M] () -- C:\Documents and Settings\Famille\Mes documents\happy 2007 .jpg [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/06/29 23:11:41 | 000,521,048 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2011/06/29 23:11:41 | 000,451,714 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/06/29 23:11:41 | 000,089,310 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2011/06/29 23:11:41 | 000,075,706 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/06/26 23:24:42 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/22 22:01:40 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2011/07/22 21:26:32 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk [2011/07/20 17:05:34 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\Famille\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk [2011/07/17 12:51:58 | 000,357,766 | ---- | C] () -- C:\Documents and Settings\Famille\Mes documents\HostsXpert.zip [2011/07/15 08:59:00 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/07/15 08:59:00 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011/07/15 08:58:58 | 000,000,506 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/07/09 22:59:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2011/07/09 22:59:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2011/07/09 22:59:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz [2011/07/09 22:59:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2011/07/09 22:59:37 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz [2011/07/09 22:59:37 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2011/07/09 22:59:37 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz [2011/07/09 22:59:37 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2011/05/16 08:16:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011/04/08 22:47:12 | 000,004,987 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bcdwrylw.kdv [2011/03/03 20:45:59 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2011/02/25 09:52:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011/01/26 06:47:28 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/11/21 21:36:07 | 001,293,312 | ---- | C] () -- C:\Program Files\All T4C.exe [2010/11/21 20:22:35 | 001,123,840 | ---- | C] () -- C:\Program Files\Uninstall.exe [2010/11/01 23:37:01 | 000,000,034 | ---- | C] () -- C:\WINDOWS\diabass.ini [2010/11/01 23:36:43 | 000,000,027 | ---- | C] () -- C:\WINDOWS\madiacompat.drv [2010/11/01 23:36:43 | 000,000,027 | ---- | C] () -- C:\WINDOWS\System32\dcompatchk04.dat [2010/11/01 23:24:29 | 000,000,361 | ---- | C] () -- C:\WINDOWS\rdaccu.ini [2010/11/01 23:24:29 | 000,000,055 | ---- | C] () -- C:\WINDOWS\rdreflx.ini [2010/11/01 18:17:47 | 000,000,051 | ---- | C] () -- C:\WINDOWS\npornap.INI [2010/10/22 23:14:57 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010/10/22 23:14:55 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Famille\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/22 21:15:14 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini [2010/10/22 21:15:14 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini [2010/10/22 21:15:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\Twscan32.dll [2010/10/22 21:15:00 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\Image32.dll [2010/10/22 21:15:00 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Png32.dll [2010/10/22 21:15:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll [2010/10/22 21:15:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Tga32.dll [2010/10/22 21:15:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Pcx32.dll [2010/10/22 10:54:49 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI [2010/10/22 04:59:30 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT [2010/10/22 04:59:25 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe [2010/10/22 04:59:25 | 000,112,421 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2010/10/22 04:59:25 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2010/10/22 04:59:25 | 000,001,176 | ---- | C] () -- C:\WINDOWS\ImpTable.bin [2010/10/21 22:25:18 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI [2010/10/21 22:23:33 | 000,001,515 | ---- | C] () -- C:\WINDOWS\pstudio.ini [2010/10/21 22:23:33 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini [2010/10/21 22:23:33 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini [2010/10/21 21:40:38 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2010/10/21 21:19:09 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Famille\Local Settings\Application Data\fusioncache.dat [2010/10/21 21:09:16 | 000,000,015 | ---- | C] () -- C:\WINDOWS\wgedit.ini [2010/10/21 21:08:58 | 000,042,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2010/10/21 21:08:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2010/10/21 21:08:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2010/10/21 21:08:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2010/10/21 21:08:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2010/10/21 21:08:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2010/10/21 21:08:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2010/10/21 21:07:39 | 000,026,694 | ---- | C] () -- C:\WINDOWS\HWS.exe [2010/10/21 21:07:39 | 000,026,694 | ---- | C] () -- C:\WINDOWS\HMD.exe [2008/02/05 18:20:08 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2005/02/16 19:52:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/02/16 19:25:13 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe [2004/10/21 23:01:11 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/10/21 23:00:03 | 002,154,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/10/21 21:26:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/10/21 21:21:44 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/08/05 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/05 21:00:00 | 000,521,048 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat [2004/08/05 21:00:00 | 000,451,714 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/05 21:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat [2004/08/05 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/05 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/05 21:00:00 | 000,089,310 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat [2004/08/05 21:00:00 | 000,075,706 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/05 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/05 21:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat [2004/08/05 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/05 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/05 21:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/05 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003/07/15 16:45:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2003/07/15 16:44:28 | 000,004,562 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2003/03/21 17:43:08 | 000,000,336 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL [2000/07/15 01:00:00 | 000,030,720 | ---- | C] () -- C:\WINDOWS\regtlib.exe ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2011/07/19 16:49:18 | 000,002,262 | ---- | M] () -- C:\aaw7boot.log [2004/10/21 21:24:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2011/07/19 16:09:07 | 000,000,216 | RHS- | M] () -- C:\boot.ini [2004/08/05 21:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2004/10/21 21:24:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011/02/07 12:21:13 | 001,572,930 | ---- | M] () -- C:\Imprim écran 1.bmp [2011/02/07 12:23:35 | 001,572,930 | ---- | M] () -- C:\Imprim écran 2.bmp [2011/02/07 12:25:03 | 001,572,930 | ---- | M] () -- C:\Imprim écran 3.bmp [2011/02/07 12:27:13 | 001,572,930 | ---- | M] () -- C:\Imprim écran 4.bmp [2011/02/07 12:29:06 | 001,572,930 | ---- | M] () -- C:\Imprim écran 5.bmp [2011/02/07 12:31:19 | 001,572,930 | ---- | M] () -- C:\Imprim écran 6.bmp [2011/02/07 12:31:27 | 001,572,930 | ---- | M] () -- C:\Imprim écran 7.bmp [2011/02/07 15:13:56 | 001,572,930 | ---- | M] () -- C:\Imprim écran 8.bmp [2011/02/11 20:27:03 | 001,572,930 | ---- | M] () -- C:\Imprim écran 9.bmp [2004/10/21 21:24:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2004/10/21 21:24:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/05 21:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010/10/21 20:41:28 | 000,252,240 | RHS- | M] () -- C:\ntldr [2011/07/22 21:18:21 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2011/07/22 22:13:45 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2010/10/21 21:07:30 | 000,000,002 | RHS- | M] () -- C:\USER < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2004/10/21 22:59:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2004/10/21 22:59:12 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2004/10/21 22:59:12 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\drivers\*.sys /90 > [2011/07/20 17:45:27 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2011/04/29 18:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys [2011/07/15 08:58:19 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-22 13:33:01 < > < > < End of report >
- le 22 juillet 2011
- 20 réponses
[Résolu] Pop-Ups incessantes

Bardamus a répondu à un(e) sujet de Bardamus dans Analyses et éradication malwares

bonsoir, toujours impossible de lancer SecurityCheck le message est toujours le meme : " Windows ne parvient pas à accéder au périphérique, au chemin d'accès ou au fichier spécifié. Vous ne disposez peut-être pas des autorisations appropriées pour avoir accès à l'élément." par contre pas de problemes avec CKScanner dont voici le log CKScanner - Additional Security Risks - These are not necessarily bad c:\program files\adobe\adobe premiere pro cs3\plug-ins\fr_fr\vstplugins\decrackler1.dll c:\program files\adobe\adobe premiere pro cs3\plug-ins\fr_fr\vstplugins\decrackler2.dll c:\program files\adobe\adobe premiere pro cs3\plug-ins\fr_fr\vstplugins\decrackler6.dll hosts 127.0.0.1 activate.adobe.com hosts 127.0.0.1 practivate.adobe.com hosts 127.0.0.1 ereg.adobe.com hosts 127.0.0.1 activate.wip3.adobe.com hosts 127.0.0.1 wip3.adobe.com hosts 127.0.0.1 3dns-3.adobe.com hosts 127.0.0.1 3dns-2.adobe.com hosts 127.0.0.1 adobe-dns.adobe.com hosts 127.0.0.1 adobe-dns-2.adobe.com hosts 127.0.0.1 adobe-dns-3.adobe.com hosts 127.0.0.1 ereg.wip3.adobe.com hosts 127.0.0.1 activate-sea.adobe.com hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com hosts 127.0.0.1 activate-sjc0.adobe.com hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com scanner sequence 3.II.11.IIAPEL ----- EOF ----- merci encore a tous de votre aide JP
- le 21 juillet 2011
- 20 réponses
[Résolu] Pop-Ups incessantes

Bardamus a répondu à un(e) sujet de Bardamus dans Analyses et éradication malwares

Bonjour Bien qu'ayant suivis scrupuleusement l'ensemble de tes instructions impossible d'utiliser ComboFix celui ci se lance et une fenêtre type dos apparait et absolument aucune progression bien que laissé en place durant plus de 12 heures ... j'ai une capture écran de la fenêtre qui apparait mais je ne sais pas comment l'insérer au message... merci de me dire si je dois laisser ComboFix encore plus longtemps et si oui l'utilisation de l'ordi peut elle se faire durant son utilisation merci
- le 21 juillet 2011
- 20 réponses
[Résolu] Pop-Ups incessantes

Bardamus a répondu à un(e) sujet de Bardamus dans Analyses et éradication malwares

bonsoir voici les resultats des procédures que vous m'avea demandé ... par contre imposible d'installer SecurityCheck lors de l'intallation le message suivant apparait: " Windows ne parvient pas à accéder au périphérique, au chemin d'accès ou au fichier spécifié. Vous ne disposez peut-être pas des autorisations appropriées pour avoir accès à l'élément." j'ai supprimé les 2 programmes mis en cause par ESET Online Scanner je vous joint ci dessous •Malwarebytes Anti-Malware log •scan-results.txt en vous remerciant encore une fois de votre aide car a premiere vu cela semble deja aller beaucoup mieux Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Version de la base de données: 7200 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 19/07/2011 17:46:32 mbam-log-2011-07-19 (17-46-32).txt Type d'examen: Examen rapide Elément(s) analysé(s): 172640 Temps écoulé: 10 minute(s), 40 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} (Trojan.Eorezo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) scan-results.txt D:\telechargement\Adobe Premiere Pro CS3 Multi-Language + Crack\Adobe Premiere Pro CS3 MultiLanguage.iso a variant of Win32/Keygen.AH application D:\telechargement\securité\unlocker_unlocker_1.9.1_32_bits_francais_20237.exe Win32/Adware.ADON application
- le 19 juillet 2011
- 20 réponses
[Résolu] Pop-Ups incessantes

Bardamus a répondu à un(e) sujet de Bardamus dans Analyses et éradication malwares

bonjour, merci de cette premiere réponse je procede de suite a l'ensemble de vos instructions et vous post les réponse encore une fois merci
- le 19 juillet 2011
- 20 réponses
[Résolu] Pop-Ups incessantes

Bardamus a posté un sujet dans Analyses et éradication malwares

Bonsoir Malgré un antivirus mis a jour et l’utilisation Ad-Aware et AGV je suis victime depuis quelques jours d’une série de pop-up très désagréable j'ai donc rédigé un rapport hijackthis dont vous trouverez le log ci-dessous si vous pouvez me venir en aide je vous en remercie par avance JP Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:38:59, on 16/07/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\carpserv.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Freecorder\FLVSrvc.exe C:\Program Files\Agence-Exclusive\pctuto.exe C:\Documents and Settings\Famille\Application Data\Agence-Exclusive\Agence-Exclusive\autoupdater.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Basta Computing\Horas\Horas.exe C:\Program Files\Philips\Media Manager\Philips Media Manager.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Securitoo\av_fw\Common\FSHDLL32.EXE C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe C:\WINDOWS\explorer.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\hijackthis\HJKJPP.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Portail Orange : Actu, Sport, Assistance Internet, Web Mail Orange R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: PCTBHO - {293A63F7-C3B6-423a-9845-901AC0A7EE6E} - C:\Program Files\Agence-Exclusive\pctutoBHO.dll O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Securitoo\av_fw\NRS\iescript\baselitmus.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Securitoo\av_fw\NRS\iescript\baselitmus.dll O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [pctuto] "C:\Program Files\Agence-Exclusive\pctuto.exe" O4 - HKLM\..\Run: [autoupdater] C:\Documents and Settings\Famille\Application Data\Agence-Exclusive\Agence-Exclusive\autoupdater.exe O4 - HKCU\..\Run: [EPSON Stylus S20 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE /FU "C:\DOCUME~1\Famille\LOCALS~1\Temp\E_S19.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [earthclock] "C:\Program Files\EarthClock\EarthClock.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Horas.lnk = C:\Program Files\Basta Computing\Horas\Horas.exe O4 - Startup: Philips Media Manager.lnk = C:\Program Files\Philips\Media Manager\Philips Media Manager.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\ORSP Client\fsorsp.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 11899 bytes
- le 16 juillet 2011
- 20 réponses
- - 1

Connexion

Bardamus

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par Bardamus

[Résolu] Pop-Ups incessantes

[Résolu] Pop-Ups incessantes

[Résolu] Pop-Ups incessantes

[Résolu] Pop-Ups incessantes

[Résolu] Pop-Ups incessantes

[Résolu] Pop-Ups incessantes

[Résolu] Pop-Ups incessantes

[Résolu] Pop-Ups incessantes

[Résolu] Pop-Ups incessantes

[Résolu] Pop-Ups incessantes

[Résolu] Pop-Ups incessantes

Zebulon

Outils en ligne

Naviguer