Infection PC

[salio]

Mon lien

 

Bonjour,pouvez-vous m'aider à désinfecter mon PC?

MERCI

 

 

Ton rapport montre des signes d'infection.

 

Ouvre un nouveau sujet ds la section Analyse et éradication des malwares : http://forum.zebulon...-topic-f51.html.

 

Rajoute ds ton sujet un lien avec le présent sujet.

 

Ensuite, lorsque la désinfection aura été menée à son terme, tu pourras revenir ici, si tu le souhaites, pour optimiser ton PC.

 

Bon we,

Tonton

[lance_yien]

Bonjour salio,

 

---

Très Important!

 

>>> A faire immédiatement:

En haut de ce message cliquer sur le bouton "Suivre ce sujet", en choisissant "Notification immédiate" => "Soumettre" tu seras avisé en temps réel pour les réponses apportées à ton sujet et de ce fait, ta machine sera nettoyée dans les meilleurs délais.

 

>>> Que faire durant ce nettoyage, merci de NE PAS utiliser, installer et/ou désinstaller aucun programme à part ceux qui sont proposés à chaque étape ce qui a pour but d'éviter tout problème d'incompatibilité entre les outils.

 

>>> Que faire à la réception de nouvelles instructions,

• Lire la totalité du message.
  
• Télécharger et enregistrer les utilitaires DIRECTEMENT sur le Bureau ou les déplacer (tout de suite après par un clic-droit dessus => "Couper" puis clic-droit sur le Bureau => "Coller".
  Certains programmes peuvent créer des problèmes s'ils ne sont pas lancés depuis le Bureau.
  
• Prendre l'habitude de désactiver tous les programmes de protection au début de chaque nouvelle étape et de les réactiver à la fin.
  
• Procéder toujours dans l'ordre donné et demander des clarifications si nécessaire AVANT de commencer.
  
• NE PAS hésiter à commenter et signaler tout changement (en bien ou en mal) dans le comportement de la machine ou par rapport au problème initial.
  

>>> Comment répondre: Cliquer sur le bouton car je n'ai pas besoin de relire mes messages précédents.

---

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau:

• Malware Bytes Anti-Malware depuis ici.
• OTL (par OldTimer) depuis ici ou ici.

 

>>> OTL Brancher et allumer tous les médias amovibles ayant servi à un quelconque transfert de données (clés USB...).

Fermer tout et double-cliquer sur OTL.exe (Vista/ Windows7, clic-droit dessus => Exécuter en tant qu'Admin).

Copiez/ Collez ces lignes (commençant par netsvcs) dans l'espace sous "Personnalisation":

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

Sans rien changer, cliquer sur le bouton bleu Analyse et laisser faire.

A la fin du scan, 2 rapports seront créés: OTL.txt (qui s'ouvre dans le bloc-note) et Extras.txt (qui sera minimisé dans la Barre des tâches).

Copier/ Coller le contenu de chaque rapport, un seul par message parce qu'ils sont souvent très longs et dépassent la limite autorisée par le forum.

 

>>> Malwarebytes' Anti-Malware Fermer tout et cliquer sur mbam-setup.exe. Suivre les indications en laissant tout par défaut. Cliquer sur Terminer sans rien changer.

- Lancer le programme depuis son icône sur le bureau ou depuis "Démarrer" => "Tous les programmes" => "Malwarebytes' Anti-Malware".

- Faire les Mises à jour depuis l'onglet du même nom). Si problème avec les mises à jour automatiques, cliquer ICI pour les télécharger et les installer manuellement.

- Dans l'onglet "Recherche" laisser la case "Exécuter un examen rapide" cochée et cliquer sur "Rechercher".

 

 

Patienter jusqu'à la fin (affichage du message ci-dessous)

 

 

Cliquer sur OK, pour fermer ce message.

 

- Cliquer sur "Afficher les résultats" puis sur "Supprimer la sélection".

 

Le programme procède alors au nettoyage. S'il vous demande de redémarrer le PC, ACCEPTER (c'est pour supprimer certains fichiers spécifiques).

A la fin un rapport s'affiche (accessible à tout moment depuis l'onglet Rapport/Logs de la fenêtre principale de MBAM. Poster son contenu dans la prochaine réponse.

 

Rapports demandés:

• OTL.txt
• Extras.txt
• Malwarebytes Anti-Malware log

[salio]

Rapport OTL

 

OTL logfile created on: 21/11/2010 21:10:33 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\user\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000040C | Country: França | Language: FRA | Date Format: dd/MM/yyyy

 

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931,41 Gb Total Space | 683,76 Gb Free Space | 73,41% Space Free | Partition Type: NTFS

Drive D: | 7,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive G: | 3,73 Gb Total Space | 1,35 Gb Free Space | 36,20% Space Free | Partition Type: FAT32

 

Computer Name: USER-PC | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2010/11/21 21:01:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

PRC - [2010/11/19 23:03:07 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe

PRC - [2010/04/26 10:06:44 | 000,096,112 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe

PRC - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2009/11/24 23:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Programas\Alwil Software\Avast4\ashDisp.exe

PRC - [2009/11/24 23:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Programas\Alwil Software\Avast4\ashServ.exe

PRC - [2009/11/24 23:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009/11/24 23:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Programas\Alwil Software\Avast4\ashWebSv.exe

PRC - [2009/11/24 23:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2008/03/19 00:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe

PRC - [2007/04/23 22:13:30 | 000,528,441 | ---- | M] (Green Eclipse) -- C:\Program Files (x86)\StickyPad\StickyPad.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010/11/21 21:01:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009/11/24 23:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV:64bit: - [2009/11/24 23:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV:64bit: - [2009/11/24 23:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV:64bit: - [2009/11/24 23:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV:64bit: - [2007/05/29 06:06:05 | 001,053,104 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdfcoms.exe -- (lxdf_device)

SRV:64bit: - [2007/05/29 06:05:48 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdfserv.exe -- (lxdfCATSCustConnectService)

SRV - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/29 23:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2009/09/23 14:50:28 | 000,238,960 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files (x86)\ma-config.com\maconfservice.exe -- (maconfservice)

SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2007/05/29 06:06:44 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdfcoms.exe -- (lxdf_device)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2009/12/05 13:12:31 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2009/11/24 23:50:05 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2009/11/24 23:49:56 | 000,065,616 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2009/10/16 01:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2009/09/23 18:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/08/23 05:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)

DRV:64bit: - [2009/07/14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 00:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/14 00:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009/06/10 20:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2007/06/25 12:30:10 | 000,602,880 | ---- | M] (Atheros Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)

DRV:64bit: - [2007/06/25 12:30:10 | 000,602,880 | ---- | M] (Atheros Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZD1211BU.sys -- (WN4501HLFIR)

DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV - [2009/09/23 14:53:22 | 000,015,872 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys -- (driverhardwarev2x64)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2542115

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 8A E2 57 EC 6D CA 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/21 10:55:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/02 22:29:36 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2010/10/06 20:25:09 | 000,421,699 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123fporn.info

O1 - Hosts: 14539 more lines...

O2:64bit: - BHO: (Programa Auxiliar de Início de Sessão do Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKCU..\Run: [sticky Pad] C:\Program Files (x86)\StickyPad\StickyPad.exe (Green Eclipse)

O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091210075554 (PhotoboxPhotowaysUploader5 Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_3_0.cab (HardwareDetection Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/11/21 21:07:55 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.46.exe

[2010/11/21 21:01:32 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

[2010/11/21 18:07:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Windows Live

[2010/11/21 18:06:38 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2010/11/21 18:06:38 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2010/11/21 18:06:38 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll

[2010/11/21 18:06:38 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll

[2010/11/21 18:06:38 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll

[2010/11/21 18:06:37 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll

[2010/11/21 18:06:37 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll

[2010/11/13 18:49:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared

[2010/11/13 11:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec

[2010/11/13 11:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2010/11/13 11:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2010/11/13 08:44:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe

[2010/10/30 12:42:41 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Lucia et JM

[2010/10/27 10:20:39 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll

[2010/10/27 10:20:39 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll

[2010/10/27 10:20:39 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll

[2010/10/27 10:20:38 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax

[2010/10/27 10:20:38 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax

[2010/10/27 10:20:38 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax

[2010/10/27 10:20:38 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax

[2010/10/27 10:18:01 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys

[2010/01/13 23:09:35 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfpmui.dll

[2010/01/13 23:09:35 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfinpa.dll

[2010/01/13 23:09:35 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfiesc.dll

[2010/01/13 23:09:34 | 001,200,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfserv.dll

[2010/01/13 23:09:34 | 000,950,272 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfusb1.dll

[2010/01/13 23:09:33 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfcomc.dll

[2010/01/13 23:09:33 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfhbn3.dll

[2010/01/13 23:09:33 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdflmpm.dll

[2010/01/13 23:09:33 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfcomm.dll

[2010/01/13 23:09:33 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfprox.dll

 

========== Files - Modified Within 30 Days ==========

 

[2010/11/21 21:09:32 | 000,000,162 | -H-- | M] () -- C:\Users\user\Desktop\~$sinfectin.docx

[2010/11/21 21:08:41 | 001,538,226 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/11/21 21:08:41 | 000,679,144 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat

[2010/11/21 21:08:41 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/11/21 21:08:41 | 000,133,554 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat

[2010/11/21 21:08:41 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/11/21 21:07:57 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.46.exe

[2010/11/21 21:03:56 | 000,053,894 | ---- | M] () -- C:\Users\user\Desktop\desinfectin.docx

[2010/11/21 21:01:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

[2010/11/21 20:35:00 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/21 18:35:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/21 18:09:55 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/11/21 18:09:55 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/11/21 18:02:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/11/21 18:02:29 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/21 09:10:05 | 000,016,811 | ---- | M] () -- C:\Users\user\Desktop\to do septembre.docx

[2010/11/20 09:21:22 | 000,134,214 | ---- | M] () -- C:\Users\user\Desktop\cc_20101120_092103.reg

[2010/11/12 17:49:12 | 000,000,741 | ---- | M] () -- C:\Users\user\Desktop\Incoming.lnk

[2010/11/05 23:45:26 | 004,036,961 | ---- | M] () -- C:\Users\user\Desktop\DSC04036.JPG

[2010/10/26 21:08:01 | 000,051,732 | ---- | M] () -- C:\Users\user\Desktop\top-10-classement-marques-ibrandz-millward-brown-2003.jpg

 

========== Files Created - No Company Name ==========

 

[2010/11/21 21:09:32 | 000,000,162 | -H-- | C] () -- C:\Users\user\Desktop\~$sinfectin.docx

[2010/11/21 21:03:55 | 000,053,894 | ---- | C] () -- C:\Users\user\Desktop\desinfectin.docx

[2010/11/20 09:21:08 | 000,134,214 | ---- | C] () -- C:\Users\user\Desktop\cc_20101120_092103.reg

[2010/11/12 17:44:05 | 000,000,741 | ---- | C] () -- C:\Users\user\Desktop\Incoming.lnk

[2010/11/06 17:44:45 | 004,036,961 | ---- | C] () -- C:\Users\user\Desktop\DSC04036.JPG

[2010/10/26 21:08:42 | 000,051,732 | ---- | C] () -- C:\Users\user\Desktop\top-10-classement-marques-ibrandz-millward-brown-2003.jpg

[2010/10/06 20:29:36 | 000,082,944 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/26 18:35:21 | 000,001,494 | ---- | C] () -- C:\Windows\disney.ini

[2010/04/20 17:28:52 | 000,011,379 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2010/02/28 19:29:26 | 000,000,071 | ---- | C] () -- C:\ProgramData\lxdf.log

[2010/02/21 03:48:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2010/01/13 23:09:38 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdfcomx.dll

[2010/01/13 23:09:38 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdfinst.dll

[2009/11/28 17:54:49 | 000,000,121 | ---- | C] () -- C:\Windows\WinInit.Ini

[2009/11/25 16:15:28 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll

[2009/11/25 16:15:28 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL

[2009/08/16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/05/29 14:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009/05/29 14:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

[2002/12/14 21:46:02 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\oggDS.dll

[2002/12/14 21:46:02 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll

[2002/12/14 21:46:02 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll

[2002/12/14 20:46:04 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll

[2002/11/15 12:11:26 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\MMSwitch.dll

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2010/01/09 12:00:09 | 000,006,129 | ---- | M] () -- C:\0x0409.ini

[2010/01/09 12:00:12 | 000,003,584 | ---- | M] () -- C:\1033.MST

[2010/01/09 12:00:22 | 026,443,776 | ---- | M] () -- C:\Arcor Wlan-Monitor 1.0.msi

[2010/11/21 18:02:29 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys

[2010/01/13 23:00:55 | 000,000,534 | ---- | M] () -- C:\lxdf.log

[2010/11/21 18:02:34 | 4294,107,136 | -HS- | M] () -- C:\pagefile.sys

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2009/07/14 01:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm60.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

 

< %systemroot%\system32\drivers\*.sys /90 >

 

< >

 

< End of report >

 

 

OTL Extras logfile created on: 21/11/2010 21:10:33 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\user\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000040C | Country: França | Language: FRA | Date Format: dd/MM/yyyy

 

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931,41 Gb Total Space | 683,76 Gb Free Space | 73,41% Space Free | Partition Type: NTFS

Drive D: | 7,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive G: | 3,73 Gb Total Space | 1,35 Gb Free Space | 36,20% Space Free | Partition Type: FAT32

 

Computer Name: USER-PC | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support

"{42FBA9A9-A14D-3918-BFE1-4FC8FEDDEF5C}" = Microsoft .NET Framework 4 Client Profile PTG Language Pack

"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64

"{79A72AAD-7ED4-49D8-872D-D1465061F9DB}" = HP Photosmart Wireless B109n-z All-in-One Driver Software 14.0 Rel. 6

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Assistente de Início de Sessão do Windows Live ID

"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer

"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"Lexmark 6500 Series" = Lexmark 6500 Series

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PTG Language Pack" = Microsoft .NET Framework 4 Client Profile PTG Language Pack

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"Shop for HP Supplies" = Shop for HP Supplies

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{06012FA4-5EFF-4756-AF55-005C3A2463D7}_is1" = 3nity Media Player 2.1.0.8

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{2C8574B5-6935-4FCE-860E-F4E8602378FF}" = OfferBox

"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status

"{425FFD94-36BD-4933-881B-FE0B9DADF2B7}" = Ma-Config.com

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live

"{4AC3BEAD-0906-4676-BF85-12306330A66C}" = StickyPad

"{53B20C18-D8D4-4588-8737-9BBFE303C354}" = Windows Live Movie Maker

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter

"{601F2C04-4E0A-464F-B9FE-4FD140098E21}" = PS_AIO_06_B109n-z_SW_Min

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007

"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007

"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007

"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-040C-1000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007

"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91853DD5-8E62-4711-9191-AACA39A2F0C0}" = Disney's Peter Pan Adventures in Never Land

"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz

"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply

"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.3 - Français

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F428DC33-C0E4-40A8-BFC3-B59957F86FE0}" = B109n-z

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit

"8461-7759-5462-8226" = Vuze

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"avast!" = avast! Antivirus

"CCleaner" = CCleaner (remove only)

"eMule" = eMule

"Picasa 3" = Picasa 3

"PokerStars" = PokerStars

"PROPLUS" = Microsoft Office Professional Plus 2007

"RealPlayer 12.0" = RealPlayer

"SLD Codec Pack" = SLD Codec Pack

"VLC media player" = VLC media player 1.0.3

"WinLiveSuite_Wave3" = Installation Windows Live

"Yahoo! Widget Engine" = Yahoo! Widgets

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

========== Last 10 Event Log Errors ==========

 

[ Antivirus Events ]

Error - 23/09/2010 15:41:16 | Computer Name = user-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

D:\Jules et Clémentine Escolinha da Ana 2009 2010\ASR01 (79).JPG failed, 00000017.

 

 

Error - 23/09/2010 16:05:05 | Computer Name = user-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

D:\Jules et Clémentine Escolinha da Ana 2009 2010\ASR01 (79).JPG failed, 00000017.

 

 

Error - 23/09/2010 16:19:27 | Computer Name = user-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

D:\Jules et Clémentine Escolinha da Ana 2009 2010\ASR01 (89).JPG failed, 00000017.

 

 

Error - 24/09/2010 13:09:29 | Computer Name = user-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

D:\Jules et Clémentine Escolinha da Ana 2009 2010\ASR01 (190).JPG failed, 00000017.

 

 

Error - 24/09/2010 13:19:08 | Computer Name = user-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

D:\Jules et Clémentine Escolinha da Ana 2009 2010\ASR01 (190).JPG failed, 00000017.

 

 

Error - 24/09/2010 13:19:13 | Computer Name = user-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

D:\Jules et Clémentine Escolinha da Ana 2009 2010\ASR01 (190).JPG failed, 00000017.

 

 

Error - 24/09/2010 13:30:54 | Computer Name = user-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

D:\Jules et Clémentine Escolinha da Ana 2009 2010\ASR01 (190).JPG failed, 00000017.

 

 

Error - 24/09/2010 13:58:13 | Computer Name = user-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

D:\Jules et Clémentine Escolinha da Ana 2009 2010\ASR01 (190).JPG failed, 00000017.

 

 

Error - 24/09/2010 19:02:32 | Computer Name = user-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

D:\Jules et Clémentine Escolinha da Ana 2009 2010\ASR01 (305).JPG failed, 00000017.

 

 

Error - 24/09/2010 19:09:17 | Computer Name = user-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

D:\Jules et Clémentine Escolinha da Ana 2009 2010\ASR01 (305).JPG failed, 00000017.

 

 

[ Application Events ]

Error - 19/11/2010 19:38:54 | Computer Name = user-PC | Source = SideBySide | ID = 16842787

Description = Falha ao gerar o contexto de activação para "C:\Program Files (x86)\Windows

Live\Photo Gallery\MovieMaker.Exe". Erro no ficheiro de manifesto ou de política

"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" na linha 8. A identidade

do componente existente no manifesto não corresponde à identidade do componente

necessário. A referência é WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

A

definição é WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Utilize

sxstrace.exe para obter um diagnóstico detalhado.

 

Error - 19/11/2010 19:38:54 | Computer Name = user-PC | Source = SideBySide | ID = 16842787

Description = Falha ao gerar o contexto de activação para "C:\Program Files (x86)\Windows

Live\Photo Gallery\MovieMaker.Exe". Erro no ficheiro de manifesto ou de política

"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" na linha 8. A identidade

do componente existente no manifesto não corresponde à identidade do componente

necessário. A referência é WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

A

definição é WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Utilize

sxstrace.exe para obter um diagnóstico detalhado.

 

Error - 19/11/2010 19:50:40 | Computer Name = user-PC | Source = Microsoft-Windows-RestartManager | ID = 10007

Description = Não foi possível reiniciar a aplicação ou serviço 'Windows Mobile

Device Center'.

 

Error - 19/11/2010 19:51:00 | Computer Name = user-PC | Source = SideBySide | ID = 16842787

Description = Falha ao gerar o contexto de activação para "C:\Program Files (x86)\Windows

Live\Photo Gallery\MovieMaker.Exe". Erro no ficheiro de manifesto ou de política

"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" na linha 8. A identidade

do componente existente no manifesto não corresponde à identidade do componente

necessário. A referência é WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

A

definição é WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Utilize

sxstrace.exe para obter um diagnóstico detalhado.

 

Error - 19/11/2010 19:51:00 | Computer Name = user-PC | Source = SideBySide | ID = 16842787

Description = Falha ao gerar o contexto de activação para "C:\Program Files (x86)\Windows

Live\Photo Gallery\MovieMaker.Exe". Erro no ficheiro de manifesto ou de política

"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" na linha 8. A identidade

do componente existente no manifesto não corresponde à identidade do componente

necessário. A referência é WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

A

definição é WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Utilize

sxstrace.exe para obter um diagnóstico detalhado.

 

Error - 19/11/2010 19:51:07 | Computer Name = user-PC | Source = SideBySide | ID = 16842787

Description = Falha ao gerar o contexto de activação para "C:\Program Files (x86)\Windows

Live\Photo Gallery\MovieMaker.Exe". Erro no ficheiro de manifesto ou de política

"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" na linha 8. A identidade

do componente existente no manifesto não corresponde à identidade do componente

necessário. A referência é WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

A

definição é WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Utilize

sxstrace.exe para obter um diagnóstico detalhado.

 

Error - 19/11/2010 19:51:07 | Computer Name = user-PC | Source = SideBySide | ID = 16842787

Description = Falha ao gerar o contexto de activação para "C:\Program Files (x86)\Windows

Live\Photo Gallery\MovieMaker.Exe". Erro no ficheiro de manifesto ou de política

"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" na linha 8. A identidade

do componente existente no manifesto não corresponde à identidade do componente

necessário. A referência é WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

A

definição é WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Utilize

sxstrace.exe para obter um diagnóstico detalhado.

 

Error - 19/11/2010 19:51:45 | Computer Name = user-PC | Source = SideBySide | ID = 16842787

Description = Falha ao gerar o contexto de activação para "C:\Program Files (x86)\Windows

Live\Photo Gallery\MovieMaker.Exe". Erro no ficheiro de manifesto ou de política

"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" na linha 8. A identidade

do componente existente no manifesto não corresponde à identidade do componente

necessário. A referência é WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

A

definição é WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Utilize

sxstrace.exe para obter um diagnóstico detalhado.

 

Error - 19/11/2010 19:51:45 | Computer Name = user-PC | Source = SideBySide | ID = 16842787

Description = Falha ao gerar o contexto de activação para "C:\Program Files (x86)\Windows

Live\Photo Gallery\MovieMaker.Exe". Erro no ficheiro de manifesto ou de política

"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" na linha 8. A identidade

do componente existente no manifesto não corresponde à identidade do componente

necessário. A referência é WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

A

definição é WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Utilize

sxstrace.exe para obter um diagnóstico detalhado.

 

Error - 19/11/2010 21:38:13 | Computer Name = user-PC | Source = SideBySide | ID = 16842787

Description = Falha ao gerar o contexto de activação para "c:\program files (x86)\windows

live\photo gallery\MovieMaker.Exe". Erro no ficheiro de manifesto ou de política

"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" na linha 8. A identidade

do componente existente no manifesto não corresponde à identidade do componente

necessário. A referência é WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

A

definição é WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Utilize

sxstrace.exe para obter um diagnóstico detalhado.

 

[ Media Center Events ]

Error - 23/05/2010 11:13:51 | Computer Name = user-PC | Source = MCUpdate | ID = 0

Description = 16:13:51 - Erro ao ligar à Internet. 16:13:51 - Não é possível

contactar o servidor..

 

Error - 23/05/2010 11:14:00 | Computer Name = user-PC | Source = MCUpdate | ID = 0

Description = 16:13:56 - Erro ao ligar à Internet. 16:13:56 - Não é possível

contactar o servidor..

 

Error - 23/05/2010 12:14:17 | Computer Name = user-PC | Source = MCUpdate | ID = 0

Description = 17:14:17 - Erro ao ligar à Internet. 17:14:17 - Não é possível

contactar o servidor..

 

Error - 23/05/2010 12:14:23 | Computer Name = user-PC | Source = MCUpdate | ID = 0

Description = 17:14:22 - Erro ao ligar à Internet. 17:14:22 - Não é possível

contactar o servidor..

 

Error - 29/05/2010 09:05:08 | Computer Name = user-PC | Source = MCUpdate | ID = 0

Description = 14:05:08 - Erro ao ligar à Internet. 14:05:08 - Não é possível

contactar o servidor..

 

Error - 29/05/2010 09:05:17 | Computer Name = user-PC | Source = MCUpdate | ID = 0

Description = 14:05:13 - Erro ao ligar à Internet. 14:05:13 - Não é possível

contactar o servidor..

 

Error - 29/05/2010 10:05:21 | Computer Name = user-PC | Source = MCUpdate | ID = 0

Description = 15:05:21 - Erro ao ligar à Internet. 15:05:21 - Não é possível

contactar o servidor..

 

Error - 29/05/2010 10:05:27 | Computer Name = user-PC | Source = MCUpdate | ID = 0

Description = 15:05:26 - Erro ao ligar à Internet. 15:05:26 - Não é possível

contactar o servidor..

 

Error - 29/05/2010 11:05:31 | Computer Name = user-PC | Source = MCUpdate | ID = 0

Description = 16:05:31 - Erro ao ligar à Internet. 16:05:31 - Não é possível

contactar o servidor..

 

Error - 29/05/2010 11:05:37 | Computer Name = user-PC | Source = MCUpdate | ID = 0

Description = 16:05:36 - Erro ao ligar à Internet. 16:05:36 - Não é possível

contactar o servidor..

 

[ OSession Events ]

Error - 06/10/2010 15:59:27 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 4

seconds with 0 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 22/05/2010 08:46:06 | Computer Name = user-PC | Source = cdrom | ID = 262155

Description = O controlador detectou um erro de controlador em \Device\CdRom0.

 

Error - 22/05/2010 08:46:14 | Computer Name = user-PC | Source = cdrom | ID = 262155

Description = O controlador detectou um erro de controlador em \Device\CdRom0.

 

Error - 22/05/2010 08:46:22 | Computer Name = user-PC | Source = cdrom | ID = 262155

Description = O controlador detectou um erro de controlador em \Device\CdRom0.

 

Error - 22/05/2010 08:46:30 | Computer Name = user-PC | Source = cdrom | ID = 262155

Description = O controlador detectou um erro de controlador em \Device\CdRom0.

 

Error - 22/05/2010 08:46:38 | Computer Name = user-PC | Source = cdrom | ID = 262155

Description = O controlador detectou um erro de controlador em \Device\CdRom0.

 

Error - 22/05/2010 08:46:46 | Computer Name = user-PC | Source = cdrom | ID = 262155

Description = O controlador detectou um erro de controlador em \Device\CdRom0.

 

Error - 23/05/2010 03:41:03 | Computer Name = user-PC | Source = Service Control Manager | ID = 7009

Description = Foi atingido o tempo limite (30000 milissegundos) ao aguardar pela

ligação do serviço lxdfCATSCustConnectService.

 

Error - 23/05/2010 03:41:03 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000

Description = O serviço lxdfCATSCustConnectService falhou o arranque devido ao seguinte

erro: %%1053

 

Error - 23/05/2010 04:29:41 | Computer Name = user-PC | Source = Service Control Manager | ID = 7009

Description = Foi atingido o tempo limite (30000 milissegundos) ao aguardar pela

ligação do serviço lxdfCATSCustConnectService.

 

Error - 23/05/2010 04:29:41 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000

Description = O serviço lxdfCATSCustConnectService falhou o arranque devido ao seguinte

erro: %%1053

 

 

< End of report >

 

 

MERCI POUR TON AIDE!

 

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 5166

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

21/11/2010 21:30:11

mbam-log-2010-11-21 (21-30-11).txt

 

Type d'examen: Examen rapide

Elément(s) analysé(s): 146589

Temps écoulé: 2 minute(s), 52 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 8

Fichier(s) infecté(s): 18

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files (x86)\OfferBox\OfferBox.exe (PUP.OfferBox) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files (x86)\OfferBox\OfferBoxEngine.dll (PUP.OfferBox) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Program Files (x86)\OfferBox (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Program Files (x86)\OfferBox\res (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Roaming\OfferBox (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\chrome (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\components (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\defaults (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\defaults\preferences (PUP.OfferBox) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Program Files (x86)\OfferBox\help.url (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Program Files (x86)\OfferBox\home.url (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Program Files (x86)\OfferBox\OfferBox.exe (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Program Files (x86)\OfferBox\OfferBoxEngine.dll (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Program Files (x86)\OfferBox\search.url (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Program Files (x86)\OfferBox\res\about_bk.bmp (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Program Files (x86)\OfferBox\res\Language.xml (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Program Files (x86)\OfferBox\res\loader.gif (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Program Files (x86)\OfferBox\res\tray-paused.ico (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Program Files (x86)\OfferBox\res\tray.ico (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Roaming\OfferBox\config.dat (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Roaming\OfferBox\config.xml (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\chrome.manifest (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\install.rdf (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\chrome\OfferBoxffx.jar (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\components\DataXPCOM.dll (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\components\DataXPCOM_TypeLib.xpt (PUP.OfferBox) -> Quarantined and deleted successfully.

C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\defaults\preferences\offerboxffxPrefs.js (PUP.OfferBox) -> Quarantined and deleted successfully.

[lance_yien]

Bonjour,

 

Quelques recherches et informations avant un 1er nettoyage:

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau:

 

• Security Check (par screen317) depuis ici ou ici.
  
• SystemLook (par jpshortstuff) depuis ici ou ici.

 

 

>>> SystemLook: Cliquer-droit sur SystemLook.exe => "Exécuter en tant que Admin..." et y copier/ coller le texte suivant (commençant par :filefind).

 

:filefind
*OfferBox*
:folderfind
*OfferBox*
:regfind
OfferBox

 

Cliquer sur le bouton Look et attendre que l'analyse se termine.

A la fin, un rapport s'ouvre dans le bloc-note et sera enregistré sur le Bureau sous le nom de "SystemLook.txt". Copier/ coller son contenu dans la prochaine réponse.

 

>>> SecurityCheck: Fermer tout et cliquer-droit sur SecurityCheck.exe => "Exécuter en tant que Admin...".

Appuyer sur une touche comme demandé et suivre les indications.

Note: Si un des programmes de sécurité demande la permission d'accéder à Internet depuis dig.exe, acceptez.

Le Rapport checkup.txt s'ouvre à la fin. Poster son contenu.

Ce rapport ne sera pas enregistré automatiquement. Si vous voulez en garder une copie, cliquez sur "Fichier" => "Enregistrer sous", choisissez un endroit (Bureau par exemple) et cliquez sur "Enregistrer" en bas à droite.

Poster son contenu.

 

 

Rapports demandés:

• checkup.txt
• SystemLook.txt

As- tu essayé, dans le passé, de désinstaller Norton et/ ou autres produits de chez Symantec?

[salio]

Bonsoir,

Merci encore pour l'aide.

Oui j'ai désinstallé un Norton la semaine passée...... erreur?

Ci-dessous les rapports :

 

 

Results of screen317's Security Check version 0.99.6

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

avast! Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner (remove only)

Adobe Flash Player

Adobe Reader 9.3.3 - Français

````````````````````````````````

Process Check:

objlist.exe by Laurent

Alwil Software Avast4 aswUpdSv.exe

Alwil Software Avast4 ashServ.exe

Alwil Software Avast4 ashDisp.exe

Alwil Software Avast4 ashMaiSv.exe

Alwil Software Avast4 ashWebSv.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

 

``````````End of Log````````````

 

 

 

 

 

 

 

SystemLook 04.09.10 by jpshortstuff

Log created at 21:09 on 22/11/2010 by user

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "*OfferBox* "

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfferBox\Aide Navigateur OfferBox.lnk --a---- 1875 bytes [16:05 02/05/2010] [16:05 02/05/2010] AC8C6A25FBFA0349BF0F2BA465051A68

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfferBox\Navigateur OfferBox.lnk --a---- 1899 bytes [16:05 02/05/2010] [16:05 02/05/2010] 91AB8839B64744950C47EC402BC0133F

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfferBox\Site Internet OfferBox.lnk --a---- 1875 bytes [16:05 02/05/2010] [16:05 02/05/2010] F594E5710DAE2967488E42419EF9F3B7

C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\OfferBox\Aide Navigateur OfferBox.lnk --a---- 1875 bytes [16:05 02/05/2010] [16:05 02/05/2010] AC8C6A25FBFA0349BF0F2BA465051A68

C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\OfferBox\Navigateur OfferBox.lnk --a---- 1899 bytes [16:05 02/05/2010] [16:05 02/05/2010] 91AB8839B64744950C47EC402BC0133F

C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\OfferBox\Site Internet OfferBox.lnk --a---- 1875 bytes [16:05 02/05/2010] [16:05 02/05/2010] F594E5710DAE2967488E42419EF9F3B7

 

========== folderfind ==========

 

Searching for "*OfferBox* "

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfferBox d------ [16:05 02/05/2010]

C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\OfferBox d------ [16:05 02/05/2010]

 

========== regfind ==========

 

Searching for "OfferBox"

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"offerboxffx@offerbox.com"="C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com"

[HKEY_CURRENT_USER\Software\OfferBox]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5B4758C25396ECF468E04F8E063287FF]

"ProductName"="OfferBox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5B4758C25396ECF468E04F8E063287FF\SourceList]

"PackageName"="OfferBox.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OfferBox]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OfferBox]

"item"="OfferBox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OfferBox]

"command"="C:\Program Files (x86)\OfferBox\OfferBox.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\OfferBox\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\OfferBox\res\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Users\user\AppData\Roaming\OfferBox\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\chrome\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\components\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\defaults\preferences\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\defaults\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfferBox\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1322A677E76161CFC67C36E4B6D42B49]

"5B4758C25396ECF468E04F8E063287FF"="C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\defaults\preferences\offerboxffxPrefs.js"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\281E074C2C4344E4A8BB2BAE65BE729B]

"5B4758C25396ECF468E04F8E063287FF"="C:\Program Files (x86)\OfferBox\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\48A0552292E14244E8F3980FD3D01541]

"5B4758C25396ECF468E04F8E063287FF"="C:\Program Files (x86)\OfferBox\res\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\503398D5204CBDD48A5EE476D0CFCFEC]

"5B4758C25396ECF468E04F8E063287FF"="C:\Program Files (x86)\OfferBox\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51C83A2C2B5C63748ACD3028A6DD53A5]

"5B4758C25396ECF468E04F8E063287FF"="C:\Program Files (x86)\OfferBox\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5BDF578D2C71DDC4997692F83B0A5C75]

"5B4758C25396ECF468E04F8E063287FF"="C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\67909B00FA069BE4E80548738FE558FB]

"5B4758C25396ECF468E04F8E063287FF"="C:\Users\user\AppData\Roaming\OfferBox\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8385B8BE0F211B245956C67BB4BAC17E]

"5B4758C25396ECF468E04F8E063287FF"="C?\Program Files (x86)\OfferBox\OfferBox.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9CC2018422A9EAF40A57249F42102B13]

"5B4758C25396ECF468E04F8E063287FF"="C:\Program Files (x86)\OfferBox\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9ED6CAB2F119182EB7D8CE7156DC0915]

"5B4758C25396ECF468E04F8E063287FF"="C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\components\DataXPCOM.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A3D6A80A87E22324A91C14AEBDF78525]

"5B4758C25396ECF468E04F8E063287FF"="C:\Program Files (x86)\OfferBox\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AA606EFD77B9CB34BB2DA2F45B67425E]

"5B4758C25396ECF468E04F8E063287FF"="C:\Program Files (x86)\OfferBox\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B767C33B25DCECA4FAD0D3B7D84B0A8E]

"5B4758C25396ECF468E04F8E063287FF"="C:\Program Files (x86)\OfferBox\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA177F87B6B147649BD37D43B50863E5]

"5B4758C25396ECF468E04F8E063287FF"="C:\Program Files (x86)\OfferBox\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEF27165872C9BEAACED23660032D2F2]

"5B4758C25396ECF468E04F8E063287FF"="C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com\chrome\OfferBoxffx.jar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFAEE3E72CC44004C998EBEE081CA40A]

"5B4758C25396ECF468E04F8E063287FF"="C?\Program Files (x86)\OfferBox\OfferBoxEngine.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5B4758C25396ECF468E04F8E063287FF\InstallProperties]

"InstallLocation"="C:\Program Files (x86)\OfferBox\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5B4758C25396ECF468E04F8E063287FF\InstallProperties]

"URLInfoAbout"="http://www.offerbox.com"'>http://www.offerbox.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5B4758C25396ECF468E04F8E063287FF\InstallProperties]

"DisplayName"="OfferBox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\OfferBox_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\OfferBox_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2C8574B5-6935-4FCE-860E-F4E8602378FF}]

"InstallLocation"="C:\Program Files (x86)\OfferBox\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2C8574B5-6935-4FCE-860E-F4E8602378FF}]

"URLInfoAbout"="http://www.offerbox.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2C8574B5-6935-4FCE-860E-F4E8602378FF}]

"DisplayName"="OfferBox"

[HKEY_USERS\S-1-5-21-20015447-110342008-204787854-1000\Software\Mozilla\Firefox\Extensions]

"offerboxffx@offerbox.com"="C:\Users\user\AppData\Roaming\OfferBox\offerboxffx@offerbox.com"

[HKEY_USERS\S-1-5-21-20015447-110342008-204787854-1000\Software\OfferBox]

 

-= EOF =-

[lance_yien]

... Oui j'ai désinstallé un Norton la semaine passée...... erreur?

Non, mais des restes! (on les supprime avec OTL.

 

Lancer OTL et copier la liste suivante (commençant par :OTL) et la coller dans l'espace sous "Personnalisation".

 

:OTL

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2542115

O4 - HKLM..\Run: [] File not found

O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)

 

:Files

C:\ProgramData\Symantec

C:\ProgramData\Norton

C:\ProgramData\NortonInstaller

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfferBox

C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\OfferBox

C:\Users\user\AppData\Roaming\OfferBox

C:\Program Files (x86)\OfferBox

 

:Services

 

:Commands

[EMPTYTEMP]

[RESETHOSTS]

[REBOOT]

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme vous demandera de redémarrer la machine pour finir le processus, cliquer sur Oui.

A la fin un rapport s'ouvre dans le bloc-note. Copier tout son contenu et le coller dans une nouvelle réponse du forum. Fermer le rapport et OTL.

 

Rapports demandés:

• OTL

As-tu encore des soucis avec ta machine?

[salio]

Bonsoir,

Voici le rapport OTL.

Je ne sais pas exactement ce que cette infection créait comme problème sur la machine, donc je ne vois pas de changement particulier.

En tous cas sur la lenteur ça n'a pas eu d'effet visible.

 

En terme de sécurité, est-ce que j'ai ce qu'il faut?

Merci

 

 

 

All processes killed

========== OTL ==========

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk moved successfully.

C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe moved successfully.

========== FILES ==========

C:\ProgramData\Symantec folder moved successfully.

C:\ProgramData\Norton folder moved successfully.

C:\ProgramData\NortonInstaller\Logs\11-19-2010-23h52m43s folder moved successfully.

C:\ProgramData\NortonInstaller\Logs\11-19-2010-23h52m32s folder moved successfully.

C:\ProgramData\NortonInstaller\Logs\11-13-2010-11h52m07s folder moved successfully.

C:\ProgramData\NortonInstaller\Logs folder moved successfully.

C:\ProgramData\NortonInstaller folder moved successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfferBox folder moved successfully.

File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\OfferBox not found.

File\Folder C:\Users\user\AppData\Roaming\OfferBox not found.

File\Folder C:\Program Files (x86)\OfferBox not found.

========== SERVICES/DRIVERS ==========

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: AppData

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: user

->Temp folder emptied: 9010399 bytes

->Temporary Internet Files folder emptied: 78040048 bytes

->Google Chrome cache emptied: 6715438 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 4967 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1089395 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 137592 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 91,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.17.3 log created on 11232010_182419

 

Files\Folders moved on Reboot...

C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\user\AppData\Local\Temp\~DF0290643E7929B653.TMP not found!

File\Folder C:\Users\user\AppData\Local\Temp\~DF0A359781737F7951.TMP not found!

File\Folder C:\Users\user\AppData\Local\Temp\~DF992A234AB9F3F169.TMP not found!

File\Folder C:\Users\user\AppData\Local\Temp\~DFA53D26930A5BF6D1.TMP not found!

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YWBWC962\ban_home_728x90[1].htm moved successfully.

File\Folder C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YWBWC962\launch[1].htm not found!

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XV3MRW5O\afr[1].htm moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XV3MRW5O\colorbox[1].js moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XV3MRW5O\infection-pc-t181101[1].htm moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XV3MRW5O\thickbox[1].js moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W66UL50X\AP_ADV_728x90[1].htm moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W66UL50X\football365_fr[1].htm moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W66UL50X\google_service[2].js moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W66UL50X\jquery-1.4.2[1].js moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W66UL50X\show_ads[1].js moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W66UL50X\swfobject[2].js moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W66UL50X\thickbox[1].css moved successfully.

File\Folder C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PE68W8QL\adsense[1].js not found!

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PE68W8QL\index[2].htm moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PE68W8QL\libs[1].shtml moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

File\Folder C:\Windows\temp\_avast4_\unp167639896.tmp not found!

File\Folder C:\Windows\temp\_avast4_\unp180260752.tmp not found!

File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

[lance_yien]

Bonjour,

Côté infection rien ne l'indique dans tes rapports (on fait un dernier contrôle avec les étapes suivantes).

"En terme de sécurité", tu sembles avoir ce qu'il faut, on y revient à la fin.

--

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau TDSSKiller.zip depuis ici.

Dézipper TDSSKiller.zip (clic-droit dessus => "Extraire ici". Glisser TDSSKiller.zip dans la corbeille pour le supprimer.

• Fermer tout et désactiver antivirus et tout autre programme de protection. Cliquer-droit sur TDSSKiller.exe => "Exécuter en tant qu'Admin.".
   
  
• Cliquer sur le bouton Start Scan et patienter jusqu'à la fin de l'analyse.
   
  
• Si un fichier infecté est détecté, l'action par défaut sera Cure. Cliquer sur le bouton Continue Sans rien changer.
   
  
• Si un fichier suspect est détecté, l'action par défaut sera Skip. Cliquer sur le bouton Continue Sans rien changer.

Si vous êtes invité à redémarre la machine pour finir le processus (reboot the computer to complete the process), cliquez sur le bouton Reboot Now. Le rapport sera sauvegardé à la racine de la partition système, là où Windows est installé (généralement C:\); son format est du type "TDSSKiller.[Version]_[Date]_[Heure]_log.txt" (par exemple, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Poster son contenu.

Si aucun redémarrage n'est requis, cliquer sur Report. Un fichier texte s'ouvre et sera sauvegardé de la même manière, poster son contenu.

 

 

>>> ESET Online Scanner: Désactiver antivirus/ parefeu et antispyware et utiliser Internet Explorer pour faire une analyse en ligne ICI.

 

• Cliquer sur le bouton vert ESET Online Scanner button, cocher la case YES, I accept the Terms of Use et cliquer sur Start.
  
• Accepter l'installation de l'ActiveX.
  
• Cocher Scan archives et cliquer Start.
  
• Eset téléchargera la base de données et commencera le scan. Le laisser finir son scan.
  
• Ensuite, cliquer sur "List of found threats"
  
• Cliquer sur "Export to text file..." et sauvegarder les résultats sur le Bureau en le nommant "scan-eset" pour les copier/coller ici.
  
• Cliquer sur le bouton "<< Back" et cocher la case Uninstall application on close pour supprimer ESET Online Scanner de la machine.
  
• Cliquer sur Finish et poster le rapport.

 

Rapports demandés:

• TDSSKiller_log.txt
• scan-results

[salio]

Bonjour!

 

Je ne suis pas sur de la manière dont je désactive les antivirus, pare-feu, antispy...

 

Merci

[lance_yien]

Généralement dans la zone de notification. Clic-droit sur le programme et cherche une ligne pour le désactiver (i.e. pour Avast, c'est "Gestion des Agents Avast" => et choisis le temps de désactivation).