Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Infection PC par cookies traceur de Ads Regiepub

jdhog

Par jdhog
dans Analyses et éradication malwares

 Partager

Messages recommandés

jdhog Junior Member

jdhog

Posté(e)
  • Auteur
Posté(e)

oui je parle d'internet exploreur quand j'allume le PC la connection a la livebox

ce fait automatiquement en wifi pendant le demarrage de windows cela a recommancer au bout quelque minute sur le bureau j'ai la page d'internet exploreur qui s'ouvre avec au debut dans l'url ads regiepub passe aussi tot un site de jeu ,cadeau,rencontre,la redoute avant que ce probleme pour naviguer sur internet je cliquai sur licone d'internet exploreur

 

j'ai pas trouver la desinstallation de AD WARE donc le fait sur SPYBOT il a utilitaire

de desinstallation appriorie j'ai du mal faire je l'ai vu aussi dans le rapport je m'en occupe apres je fait le script que tu vien de mettre

 

par contre question quand je vais sur le systeme 32 il y DRVSTORE QUI EST EN SURBRILLANCE BLEU ET DEUX FICHIERS AUSSI EN BRILLANCE

jdhog Junior Member

jdhog

Posté(e)
  • Auteur
Posté(e)

j'ai desinstaller ad ware et redemarrer le pc et copie le script dans otl au bout d'une minute windows a redemarrer au redemmarrage je n'ai pas le rapport sur le bureau et toujour l'ouverture automatique internet exploreur avec la fenetre ads regiepub et pub pour les sonnerie de portable

j'ai essaye trois fois le script avec otl le resultat reste inchanger par contre les trois icone 2 desktop.ini et 1 thumbs.db

ils avaient disparu lors du script precedent

jdhog Junior Member

jdhog

Posté(e)
  • Auteur
Posté(e)

je viens de la faire,j'en est fait une aussi avec OTL dit si tu la veut

merci

 

Results of screen317's Security Check version 0.99.8

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

avast! Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 18

Java 6 Update 23

Out of date Java installed!

Adobe Flash Player 10.1.53.64

Adobe Reader 9.4.1 MUI

Out of date Adobe Reader installed!

Mozilla Firefox (3.6.6)

````````````````````````````````

Process Check:

objlist.exe by Laurent

GEANT Desktop anti virus SecurityCheck.exe

Alwil Software Avast5 AvastUI.exe

Alwil Software Avast5 AvastSvc.exe

``````````End of Log````````````

jdhog Junior Member

jdhog

Posté(e)
  • Auteur
Posté(e)

OTL logfile created on: 21/01/2011 18:06:57 - Run 5

OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\GEANT\Desktop\anti virus

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 157,77 Gb Total Space | 29,66 Gb Free Space | 18,80% Space Free | Partition Type: NTFS

Drive D: | 128,22 Gb Total Space | 12,22 Gb Free Space | 9,53% Space Free | Partition Type: NTFS

 

Computer Name: DIDIER-PC | User Name: GEANT | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/01/20 12:56:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GEANT\Desktop\anti virus\OTL.exe

PRC - [2011/01/13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/12/27 10:53:51 | 000,629,336 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

PRC - [2010/12/27 10:53:38 | 000,178,176 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe

PRC - [2010/12/09 10:52:54 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\cspep\cspep.exe

PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/08/24 10:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2010/08/24 10:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

PRC - [2010/08/04 16:18:56 | 000,966,656 | ---- | M] (PCTUTO) -- C:\Program Files (x86)\PCTuto\pctuto.exe

PRC - [2009/11/03 05:22:51 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2009/10/29 12:47:34 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

PRC - [2009/10/22 03:53:42 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe

PRC - [2009/10/13 20:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009/10/13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009/09/10 14:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

PRC - [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

PRC - [2009/08/18 10:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2009/08/04 06:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

PRC - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe

PRC - [2009/06/18 02:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

PRC - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

PRC - [2007/06/20 22:04:22 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WkCalRem.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011/01/20 12:56:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GEANT\Desktop\anti virus\OTL.exe

MOD - [2011/01/20 10:08:16 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll

MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2010/10/13 11:41:06 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)

SRV:64bit: - [2010/10/13 11:41:04 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)

SRV:64bit: - [2010/01/19 16:49:16 | 000,055,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)

SRV:64bit: - [2009/10/29 20:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 02:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)

SRV:64bit: - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/08/24 10:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/10/13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2009/09/10 14:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)

SRV - [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)

SRV - [2009/07/14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2009/07/14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2009/07/14 02:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2009/07/14 02:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)

SRV - [2009/06/18 02:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)

SRV - [2009/06/18 02:31:46 | 000,050,432 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011/01/13 09:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2010/10/05 13:26:10 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV:64bit: - [2010/04/03 09:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)

DRV:64bit: - [2009/11/13 09:47:38 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2009/10/13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/10/05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/09/22 00:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2009/09/02 17:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/08/21 10:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 01:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) Protocole RMCAST (multidiffusion fiable)

DRV:64bit: - [2009/06/18 13:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/06/15 12:45:35 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)

DRV:64bit: - [2009/06/15 12:45:35 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)

DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/02 12:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2009/06/02 12:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2009/06/02 12:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/05 09:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009/05/05 09:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2007/02/16 20:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV - [2009/09/02 02:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2009/03/26 04:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Portail Orange : Actu, Sport, Assistance Internet, Web Mail Orange

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: ""

FF - prefs.js..network.proxy.no_proxies_on: ""

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/15 10:00:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/15 10:00:42 | 000,000,000 | ---D | M]

 

[2010/12/07 20:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GEANT\AppData\Roaming\mozilla\Extensions

[2010/12/07 20:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GEANT\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2011/01/20 21:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GEANT\AppData\Roaming\mozilla\Firefox\Profiles\h80luezw.default\extensions

[2011/01/21 17:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/05/25 12:33:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/17 00:55:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/11/27 03:13:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

File not found (No name found) -- C:\USERS\GEANT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H80LUEZW.DEFAULT\EXTENSIONS\REDUCBARRE@REDUCBARRE.COM

[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/06/12 02:05:49 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/06/12 02:05:49 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/06/12 02:05:49 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml

[2010/06/12 02:05:49 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/06/12 02:05:49 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2011/01/21 11:01:37 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()

O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)

O4 - HKLM..\Run: [PCTuto] C:\Program Files (x86)\PCTuto\pctuto.exe (PCTUTO)

O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [bamboo Dock] C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe ()

O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O4 - HKLM..\RunOnce: [cspep.exe] C:\Program Files (x86)\cspep\cspep.exe ()

O4 - Startup: C:\Users\GEANT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Users\GEANT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WkCalRem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/01/20 21:14:18 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/01/20 01:02:42 | 000,000,000 | ---D | C] -- C:\Users\GEANT\Desktop\anti virus

[2011/01/19 23:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files

[2011/01/19 02:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2011/01/19 02:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2011/01/18 18:43:56 | 000,000,000 | ---D | C] -- C:\Users\GEANT\ZHP

[2011/01/17 19:03:21 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys

[2011/01/17 19:01:57 | 000,000,000 | ---D | C] -- C:\Users\GEANT\AppData\Local\Sunbelt Software

[2011/01/17 19:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2011/01/15 22:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\ZHP

[2011/01/15 22:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag

[2011/01/15 17:07:53 | 000,000,000 | ---D | C] -- C:\Users\GEANT\AppData\Roaming\Malwarebytes

[2011/01/15 17:07:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/01/15 17:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Malwarebytes' Anti-Malware

[2011/01/15 17:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/01/15 17:07:44 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/01/15 17:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/01/14 18:14:11 | 000,237,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2011/01/13 19:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Plugin Galaxy 2 Demo 64-bit

[2011/01/13 19:33:39 | 000,000,000 | ---D | C] -- C:\Users\GEANT\AppData\Roaming\ThePluginSite

[2011/01/13 19:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\PluginGalaxy2Demo_64bit

[2011/01/13 19:23:26 | 000,304,640 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\SysWow64\imgman32.dll

[2011/01/13 19:23:26 | 000,067,072 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\SysWow64\IM31jpg.dil

[2011/01/13 19:23:26 | 000,059,392 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\SysWow64\imhost32.dll

[2011/01/13 19:23:26 | 000,035,840 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\SysWow64\IM31bmp.dil

[2011/01/13 19:23:26 | 000,032,256 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\SysWow64\IM31xbmp.del

[2011/01/13 19:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Plugin Commander Light

[2011/01/13 19:23:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plugin Commander Light

[2011/01/12 22:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Auto FX Software

[2011/01/12 22:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auto FX Software

[2011/01/11 19:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\cspep

[2011/01/09 11:53:03 | 000,000,000 | ---D | C] -- C:\Windows\fr

[2011/01/09 11:52:51 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Windows Live

[2011/01/09 00:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM

[2011/01/06 16:46:38 | 000,000,000 | ---D | C] -- C:\Users\GEANT\AppData\Roaming\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1

[2011/01/06 13:38:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Bamboo

[2010/12/29 14:18:17 | 000,000,000 | ---D | C] -- C:\Users\GEANT\AppData\Roaming\wtablet

[2010/12/27 11:23:30 | 000,000,000 | ---D | C] -- C:\Users\GEANT\AppData\Roaming\Bamboo Explore

[2010/12/27 11:23:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bamboo Explore

[2010/12/27 10:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Wacom

[2010/12/27 10:53:49 | 000,000,000 | ---D | C] -- C:\Users\GEANT\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1

[2010/12/27 10:53:46 | 000,000,000 | ---D | C] -- C:\Users\GEANT\AppData\Roaming\Wacom

[2010/12/27 10:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Bamboo Dock

[2010/12/27 10:53:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bamboo Dock

[2010/12/27 10:51:51 | 000,749,936 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Touch_Tablet.dll

[2010/12/27 10:51:51 | 000,642,928 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Touch_Tablet.dll

[2010/12/27 10:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins

[2010/12/27 10:51:05 | 000,012,848 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacommousefilter.sys

[2010/12/27 10:50:58 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacomvhid.sys

[2010/12/27 10:50:56 | 000,018,288 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys

[2010/12/27 10:50:52 | 000,506,736 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wintab32.dll

[2010/12/27 10:50:51 | 000,650,096 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Tablet.dll

[2010/12/27 10:50:51 | 000,600,432 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wintab32.dll

[2010/12/27 10:50:50 | 000,756,592 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Tablet.dll

[2010/12/27 10:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet

[2009/11/03 05:04:33 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

 

========== Files - Modified Within 30 Days ==========

 

[2011/01/21 18:11:18 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/01/21 18:11:18 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/01/21 18:04:19 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/01/21 18:03:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/01/21 18:03:52 | 3166,154,752 | -HS- | M] () -- C:\hiberfil.sys

[2011/01/21 18:00:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/01/21 11:01:37 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2011/01/21 10:45:42 | 002,103,956 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/01/21 10:45:42 | 000,913,350 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat

[2011/01/21 10:45:42 | 000,805,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/01/21 10:45:42 | 000,209,296 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat

[2011/01/21 10:45:42 | 000,173,428 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/01/20 10:37:26 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI

[2011/01/19 23:10:40 | 000,144,945 | ---- | M] () -- C:\Users\GEANT\Documents\ZHPDiag rapport 19 janvier 2011

[2011/01/18 17:03:05 | 000,143,246 | ---- | M] () -- C:\Users\GEANT\Documents\ZHPDiag rapport

[2011/01/17 19:03:21 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys

[2011/01/15 22:33:30 | 000,001,214 | ---- | M] () -- C:\Users\GEANT\Application Data\Microsoft\Internet Explorer\Quick Launch\Gestion Commerciale.lnk

[2011/01/15 22:33:30 | 000,001,190 | ---- | M] () -- C:\Users\Public\Desktop\Gestion Commerciale.lnk

[2011/01/14 18:14:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2011/01/13 09:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/01/13 09:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2011/01/13 09:47:23 | 000,237,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2011/01/13 09:41:44 | 000,273,488 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2011/01/13 09:40:20 | 000,051,792 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2011/01/13 09:37:34 | 000,029,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2011/01/13 09:37:23 | 000,062,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2011/01/13 09:37:12 | 000,020,560 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2011/01/12 23:26:08 | 004,922,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/01/12 22:14:55 | 000,000,081 | ---- | M] () -- C:\Windows\s01on

[2011/01/10 13:45:45 | 000,405,078 | ---- | M] () -- C:\Users\GEANT\Documents\mariages-eglise-aveyron-internet.jpg

[2011/01/10 13:45:45 | 000,001,456 | ---- | M] () -- C:\Users\GEANT\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs

[2011/01/10 13:38:44 | 000,442,478 | ---- | M] () -- C:\Users\GEANT\Documents\marige-eglise-aveyron-internet.jpg

[2011/01/10 13:25:15 | 000,461,063 | ---- | M] () -- C:\Users\GEANT\Documents\mariage-mairie-st-affrique-internet.jpg

[2011/01/10 13:23:25 | 000,000,821 | ---- | M] () -- C:\Users\GEANT\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk

[2011/01/10 13:15:39 | 000,171,743 | ---- | M] () -- C:\Users\GEANT\Documents\montage-préparatif--mariages-noir-et-blanc-internet.jpg

[2011/01/08 19:03:57 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT

[2011/01/06 19:46:44 | 000,078,684 | ---- | M] () -- C:\Users\GEANT\Documents\Backup.tabletprefs

[2010/12/29 19:20:49 | 730,086,228 | ---- | M] () -- C:\Users\GEANT\Documents\DSCF0259 cheval detoure 2.psd

 

========== Files Created - No Company Name ==========

 

[2011/01/19 23:10:40 | 000,144,945 | ---- | C] () -- C:\Users\GEANT\Documents\ZHPDiag rapport 19 janvier 2011

[2011/01/18 17:03:05 | 000,143,246 | ---- | C] () -- C:\Users\GEANT\Documents\ZHPDiag rapport

[2011/01/13 19:23:26 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll

[2011/01/12 20:18:09 | 000,000,081 | ---- | C] () -- C:\Windows\s01on

[2011/01/10 13:45:45 | 000,405,078 | ---- | C] () -- C:\Users\GEANT\Documents\mariages-eglise-aveyron-internet.jpg

[2011/01/10 13:38:44 | 000,442,478 | ---- | C] () -- C:\Users\GEANT\Documents\marige-eglise-aveyron-internet.jpg

[2011/01/10 13:25:14 | 000,461,063 | ---- | C] () -- C:\Users\GEANT\Documents\mariage-mairie-st-affrique-internet.jpg

[2011/01/10 13:15:38 | 000,171,743 | ---- | C] () -- C:\Users\GEANT\Documents\montage-préparatif--mariages-noir-et-blanc-internet.jpg

[2011/01/08 15:22:34 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2011/01/06 19:46:44 | 000,078,684 | ---- | C] () -- C:\Users\GEANT\Documents\Backup.tabletprefs

[2010/12/29 19:18:26 | 730,086,228 | ---- | C] () -- C:\Users\GEANT\Documents\DSCF0259 cheval detoure 2.psd

[2010/12/27 10:52:49 | 000,000,002 | ---- | C] () -- C:\Users\GEANT\.bdockinstall.log

[2010/12/27 10:50:43 | 000,000,488 | ---- | C] () -- C:\Windows\SysNative\PenTouchTabletUserDefaults.xml

[2010/12/27 10:50:43 | 000,000,488 | ---- | C] () -- C:\Windows\SysNative\PenTabletUserDefaults.xml

[2010/11/03 10:30:43 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI

[2010/10/30 23:41:44 | 000,004,912 | ---- | C] () -- C:\ProgramData\mnjemahv.gza

[2010/10/30 23:32:17 | 000,004,948 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik

[2010/10/30 23:32:17 | 000,004,923 | ---- | C] () -- C:\ProgramData\drctchbl.xvi

[2010/10/07 09:45:54 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI

[2010/10/07 09:29:20 | 000,000,268 | RH-- | C] () -- C:\Users\GEANT\AppData\Roaming\Workflows

[2010/10/07 09:29:20 | 000,000,268 | RH-- | C] () -- C:\Users\GEANT\AppData\Roaming\Work - Home

[2010/10/07 09:29:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\filter

[2010/10/07 09:29:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\docInfo

[2010/10/07 09:29:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\deskjet

[2010/10/07 09:29:20 | 000,000,268 | RH-- | C] () -- C:\Users\GEANT\AppData\Roaming\business-inkjet

[2010/10/07 09:29:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT

[2010/10/07 09:29:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT

[2010/10/07 09:29:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT

[2010/10/07 09:29:20 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Ambient

[2010/10/07 09:29:20 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Alerts

[2010/10/07 09:29:20 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Action

[2010/06/11 16:54:34 | 002,082,270 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/06/03 15:23:31 | 000,000,109 | ---- | C] () -- C:\Windows\Kit.ini

[2010/05/17 17:51:07 | 000,000,017 | ---- | C] () -- C:\Users\GEANT\AppData\Local\resmon.resmoncfg

[2010/05/17 13:00:58 | 000,001,456 | ---- | C] () -- C:\Users\GEANT\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs

[2010/05/14 17:28:40 | 000,000,132 | ---- | C] () -- C:\Users\GEANT\AppData\Roaming\Préfs Filtre IllExportation Adobe CS5

[2010/03/09 11:43:18 | 000,005,120 | ---- | C] () -- C:\Users\GEANT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/05 23:58:39 | 000,000,858 | ---- | C] () -- C:\Users\GEANT\AppData\Roaming\wklnhst.dat

[2009/12/15 01:42:44 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2009/12/15 01:42:44 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2009/12/05 17:09:38 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

[2009/12/05 17:09:38 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini

[2009/11/03 05:32:49 | 000,008,415 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe3.log

[2009/11/03 05:04:12 | 000,192,484 | ---- | C] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

 

========== LOP Check ==========

 

[2010/03/16 22:29:03 | 000,000,000 | -HSD | M] -- C:\Users\GEANT\AppData\Roaming\.#

[2010/03/05 17:42:10 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\ACD Systems

[2010/12/27 11:38:18 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\Bamboo Explore

[2010/05/14 21:33:42 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/11/30 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\com.adobe.DC3Module.AdobeADC

[2011/01/06 16:46:41 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1

[2010/11/20 11:35:53 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\DxO Labs

[2010/03/09 21:09:36 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\eSobi

[2011/01/19 22:27:00 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\FileZilla

[2010/03/06 00:03:10 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\GameConsole

[2010/05/21 11:00:00 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\inkscape

[2010/10/30 23:41:45 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\Need4Video

[2010/10/28 17:12:29 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\Nikon

[2010/08/03 22:34:41 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\OpenCandy

[2010/05/25 12:40:38 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\OpenOffice.org

[2010/05/14 17:31:58 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\Opera

[2010/11/20 11:30:22 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\PACE Anti-Piracy

[2010/11/17 15:45:48 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\PCtuto

[2010/03/11 17:59:06 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\PlayFirst

[2010/05/14 17:27:33 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2010/05/21 13:45:09 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\Subversion

[2010/03/09 21:07:39 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\Template

[2011/01/13 19:33:39 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\ThePluginSite

[2010/12/07 20:51:56 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\TomTom

[2010/09/20 13:33:53 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\UDC Profiles

[2010/05/22 00:58:42 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\VTC Preferences Folder

[2010/12/27 10:53:46 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\Wacom

[2010/12/27 10:53:49 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1

[2010/04/01 19:35:13 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\Windows Live Writer

[2010/11/17 08:52:12 | 000,000,000 | ---D | M] -- C:\Users\GEANT\AppData\Roaming\XnView

[2011/01/05 11:37:05 | 000,032,482 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

< End of report >

jdhog Junior Member

jdhog

Posté(e)
  • Auteur
Posté(e)

pour la page fantome ?

je pense que tu parle de la page ads regiepub sa fonctionne comme une redirection

tu 1° url qui s'affiche en ads regie pub soit adstream regie pub ou ave adstream

soit sa par 1 ou 2 de ces url avant d'affiche la page de pub avec url reel du site

ou defois la page est avec adstream

je ne sais comment on fait les captures d'ecran sur le clavier pour te l'envoyer

lance_yien Full Patch Member

lance_yien

Posté(e)
Posté(e)

Bonjour,

 

Il y a deux programmes qui restent et qui peuvent faire ça: "PCTuto" et "cspep"

Cherche-les dans Ajout/suppression de programmes et désinstalle-les si trouvé.

 

Ensuite, relancer OTL et copier la liste suivante (commençant par :OTL) et la coller dans l'espace sous "Personnalisation" (les : au début et le ] à la fin sont très important, merci de vérifier).

 

:OTL

PRC - [2010/08/04 16:18:56 | 000,966,656 | ---- | M] (PCTUTO) -- C:\Program Files (x86)\PCTuto\pctuto.exe

PRC - [2010/12/09 10:52:54 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\cspep\cspep.exe

[2011/01/11 19:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\cspep

O4 - HKLM..\Run: [PCTuto] C:\Program Files (x86)\PCTuto\pctuto.exe (PCTUTO)

O4 - HKLM..\RunOnce: [cspep.exe] C:\Program Files (x86)\cspep\cspep.exe ()

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - Startup: C:\Users\GEANT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Users\GEANT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WkCalRem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)

 

:Services

 

:Reg

 

:Files

C:\Users\GEANT\AppData\Roaming\PCtuto

C:\ProgramData\Lavasoft

C:\Program Files (x86)\PCTuto

C:\Program Files (x86)\cspep

 

:Commands

[EMPTYTEMP]

[EMPTYFLASH]

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme demandera de redémarrer la machine pour finir le processus, cliquer sur Oui.

A la fin un rapport s'ouvre dans le bloc-note. Copier son contenu et le coller dans une nouvelle réponse. Fermer le rapport et OTL.

 

As-tu toujours cette page de pub?

jdhog Junior Member

jdhog

Posté(e)
  • Auteur
Posté(e)

Bonjour

les pc tuto il y en avait 2 dont un update et le Cspep.0 on ete desinstaller

et j'ai lancer otl avec ton script li y eu le redamarrage les trois icone qui avait

sur le bureau on disparu

 

et la bonne nouvelle pas de pub

merci

All processes killed

========== OTL ==========

No active process named pctuto.exe was found!

No active process named cspep.exe was found!

Folder C:\Program Files (x86)\cspep\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCTuto deleted successfully.

C:\Program Files (x86)\PCTuto\pctuto.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\cspep.exe not found.

File C:\Program Files (x86)\cspep\cspep.exe not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 deleted successfully.

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5ServiceManager deleted successfully.

C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast5 deleted successfully.

File move failed. C:\Program Files\Alwil Software\Avast5\avastUI.exe scheduled to be moved on reboot.

C:\Users\GEANT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk moved successfully.

C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe moved successfully.

C:\Users\GEANT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WkCalRem.LNK moved successfully.

C:\Program Files (x86)\Microsoft Works\WkCalRem.exe moved successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

File\Folder C:\Users\GEANT\AppData\Roaming\PCtuto not found.

C:\ProgramData\Lavasoft\License folder moved successfully.

C:\ProgramData\Lavasoft folder moved successfully.

C:\Program Files (x86)\PCTuto folder moved successfully.

File\Folder C:\Program Files (x86)\cspep not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Classic .NET AppPool

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: GEANT

->Temp folder emptied: 3061751 bytes

->Temporary Internet Files folder emptied: 23184232 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Opera cache emptied: 609853 bytes

->Flash cache emptied: 642 bytes

 

User: Invité

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: photogaphe didier

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 6688 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 1118 bytes

 

Total Files Cleaned = 26,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Classic .NET AppPool

->Flash cache emptied: 0 bytes

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: GEANT

->Flash cache emptied: 0 bytes

 

User: Invité

->Flash cache emptied: 0 bytes

 

User: photogaphe didier

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.2.20.2 log created on 01222011_100858

 

Files\Folders moved on Reboot...

File move failed. C:\Program Files\Alwil Software\Avast5\avastUI.exe scheduled to be moved on reboot.

C:\Users\GEANT\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Windows\temp\_avast5_\Webshlock.txt not found!

 

Registry entries deleted on Reboot...

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...