Help ! PC infecté par MS removal tool :( [RESOLU]

[Florian_85]

Bonjour,

 

Mon PC a été infecté hier soir par MS removal tool. Du coup, j'ai suivi la procédure décrite par lance_yien dans ce topic ci-dessous:

http://forum.zebulon.fr/pc-infecte-par-ms-removal-tool-t184217.html

 

La technique marche bien car maintenant je ne trouve plus de trace sur mon PC de ce virus. Mais, est-ce que quelqu'un peut vérifier les logs de Malware et de Security demandés dans la procédure par lance_yien:

 

 

- celui de Malware:

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Version de la base de données: 6235

 

Windows 6.0.6002 Service Pack 2 (Safe Mode)

Internet Explorer 7.0.6002.18005

 

01/04/2011 15:09:55

mbam-log-2011-04-01 (15-09-55).txt

 

Type d'examen: Examen rapide

Elément(s) analysé(s): 151297

Temps écoulé: 3 minute(s), 14 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 87

Valeur(s) du Registre infectée(s): 4

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 11

Fichier(s) infecté(s): 23

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{09325003-167C-483d-A4BA-8B3122ABB432} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{100EB1FD-D03E-47fd-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{6DD76B7B-6423-4df0-9A07-84A6CAD973A0} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7F6CFB6A-9227-4bb8-B941-F2B067E76F51} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{AB0EE208-DF60-4fa7-A617-C4269760033E} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{E2F2C137-A782-4fb5-81AF-086156F5EB0A} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{F3A32DF2-7413-4fb1-B575-1AC920A17B76} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nLk06511nBiPi06511 (Trojan.Agent.Gen) -> Value: nLk06511nBiPi06511 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.1.22.0 (Adware.HotBar) -> Value: ShopperReports 3.1.22.0 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E879047EB1765A5530AA93 (Malware.Trace) -> Value: SRS_IT_E879047EB1765A5530AA93 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

c:\Users\Florian\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> Delete on reboot.

c:\program files\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

c:\programdata\nlk06511nbipi06511\nlk06511nbipi06511.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\Pltfrm.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\shopperreports.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\Users\Florian\local settings\application data\gusuesk_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

c:\Users\Florian\local settings\application data\sfiuf_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

c:\Users\Florian\local settings\application data\sfiuf_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\launchhelp.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\InfoPane.xul (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\browserextensionff.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\browserextensionff.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.

 

 

 

 

 

 

 

-Celui de SECURITY:

 

Results of screen317's Security Check version 0.99.7

Windows Vista Service Pack 2 (UAC is enabled)

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

avast! Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 15

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 9 (Out of date Flash Player installed!)

Adobe Flash Player 10.2.152.32

Adobe Reader 7.0.8 - Français

Adobe Reader 8 - Français

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

 

 

 

 

Merci d'avance de votre aide.

Florian

Modifié le 2 avril 2011 par Florian_85

[lance_yien]

Bonjour Florian_85,

 

C'estun Rogue qui est à la mode en ce moment et c'est une bonne idée de venir demander une confirmation de nettoyage

 

---

Très Important!

 

>>> A faire immédiatement:

- En haut de ce message cliquer sur le bouton "Suivre ce sujet", en choisissant "Notification immédiate" => "Soumettre" tu seras avisé en temps réel pour les réponses apportées à ton sujet et de ce fait, ta machine sera nettoyée dans les meilleurs délais.

- Sauvegarder (en copiant) tous les documents personnels sur un support autre que la partition système: Clé USB, CD/DVD, Disque Dur externe etc.

 

>>> Que faire durant ce nettoyage, merci de NE PAS utiliser, installer et/ou désinstaller aucun programme à part ceux qui sont proposés à chaque étape ce qui a pour but d'éviter tout problème d'incompatibilité entre les outils.

 

>>> Que faire à la réception de nouvelles instructions,

• Lire la totalité du message.
  
• Télécharger et enregistrer les utilitaires DIRECTEMENT sur le Bureau ou les déplacer (tout de suite après par un clic-droit dessus => "Couper" puis clic-droit sur le Bureau => "Coller".
  Certains programmes peuvent créer des problèmes s'ils ne sont pas lancés depuis le Bureau.
  
• Prendre l'habitude de désactiver tous les programmes de protection au début de chaque nouvelle étape et de les réactiver à la fin.
  
• Procéder toujours dans l'ordre donné et demander des clarifications si nécessaire AVANT de commencer.
  
• NE PAS hésiter à commenter et signaler tout changement (en bien ou en mal) dans le comportement de la machine ou par rapport au problème initial.
  

>>> Comment répondre:

- Cliquer sur le bouton (et non sur car je n'ai pas besoin de relire mes messages précédents).

- Coller le contenu des rapports SANS y ajouter AUCUN formatage de texte (en citation, code, couleur etc...).

---

 

Maintenat on travaille en Mode normal

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau OTL (par OldTimer) depuis ici ou ici.

Brancher et allumer tous les médias amovibles (Disques externes, clés USB etc...).

Fermer toutes les applications et fenêtres ouvertes et cliquer-droit sur OTL.exe => Exécuter en tant qu'Admin.

Copiez/ Collez ces lignes (commençant par netsvcs) dans l'espace sous "Personnalisation":

netsvcs

drivers32

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

CREATERESTOREPOINT

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

SAVEMBR:0

Sans rien changer, cliquer sur le bouton bleu Analyse et laisser faire.

A la fin du scan, 2 rapports seront créés: OTL.txt (qui s'ouvre dans le bloc-note) et Extras.txt (qui sera minimisé dans la Barre des tâches).

 

Copier/ Coller le contenu de chaque rapport, un seul par message parce qu'ils sont souvent très longs et dépassent la limite autorisée par le forum.

[Florian_85]

Tout d'abord, merci lance_yien de t'occuper de mon cas.

 

Voilà le fichier OTL:

 

 

OTL logfile created on: 01/04/2011 16:53:35 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Florian\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149,04 Gb Total Space | 35,97 Gb Free Space | 24,13% Space Free | Partition Type: NTFS

Drive D: | 141,23 Gb Total Space | 46,23 Gb Free Space | 32,73% Space Free | Partition Type: NTFS

Drive F: | 149,01 Gb Total Space | 9,24 Gb Free Space | 6,20% Space Free | Partition Type: FAT32

 

Computer Name: PC-DE-FLORIAN | User Name: Florian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/04/01 16:51:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe

PRC - [2011/03/26 00:01:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/10/08 18:23:30 | 001,963,864 | ---- | M] (Secure Digital Services Limited) -- C:\Program Files\OfferBox\OfferBox.exe

PRC - [2010/03/09 13:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/03/09 13:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2009/04/11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE

PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/08/06 21:44:26 | 000,103,936 | ---- | M] (TechCity Solutions France) -- C:\Program Files\BboxUpdate\BTLiveUpdate.exe

PRC - [2008/06/28 11:12:59 | 002,641,920 | ---- | M] (pdfforge http://www.pdfforge.org/) -- C:\Program Files\PDFCreator\PDFCreator.exe

PRC - [2008/04/29 15:36:20 | 000,020,480 | ---- | M] (TechCity Solutions France) -- C:\Program Files\BboxUpdate\eSRunService.exe

PRC - [2007/11/30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe

PRC - [2007/11/26 20:30:30 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe

PRC - [2007/10/24 04:02:15 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

PRC - [2007/09/26 20:24:12 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe

PRC - [2007/09/01 02:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe

PRC - [2007/08/27 07:10:19 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

PRC - [2007/08/03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

PRC - [2007/04/19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe

PRC - [2007/04/17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe

PRC - [2007/02/20 11:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

PRC - [2007/02/06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe

PRC - [2007/01/18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe

PRC - [2006/12/21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe

PRC - [2006/12/19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011/04/01 16:51:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe

MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2010/03/09 13:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/03/09 13:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/03/09 13:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2008/04/29 15:36:20 | 000,020,480 | ---- | M] (TechCity Solutions France) [Auto | Running] -- C:\Program Files\BboxUpdate\eSRunService.exe -- (eStantLaunchService)

SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2007/10/24 04:02:15 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®

SRV - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2007/08/03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)

SRV - [2007/02/06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2010/03/09 13:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/03/09 13:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/03/09 13:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/03/09 13:08:52 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2010/03/09 13:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2009/06/24 15:12:28 | 000,020,736 | ---- | M] (ZDC., Inc. (ZDC)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\ZDCndis5.sys -- (ZDCNDIS5)

DRV - [2007/12/05 12:17:59 | 008,241,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007/10/31 13:55:59 | 000,046,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)

DRV - [2007/10/15 09:39:25 | 000,206,336 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etFilter.sys -- (FiltUSBET)

DRV - [2007/09/27 00:03:42 | 000,015,416 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby)

DRV - [2007/09/06 17:45:21 | 000,006,656 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etScan.sys -- (ScanUSBET)

DRV - [2007/09/06 10:43:49 | 000,474,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etDevice.sys -- (DCamUSBET)

DRV - [2007/08/03 06:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)

DRV - [2007/07/24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)

DRV - [2007/06/20 22:51:27 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/06/17 06:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)

DRV - [2007/03/22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/02/24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/01/24 12:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)

DRV - [2007/01/24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/12/14 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)

DRV - [2006/11/28 21:46:22 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)

DRV - [2006/11/28 21:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)

DRV - [2006/11/24 19:34:59 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)

DRV - [2006/11/02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2006/11/02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2006/11/02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®

DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ASUSTeK Computer

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/firefox?client=firefox-a&rls=org.mozilla:fr:official"

FF - prefs.js..extensions.enabledItems: offerboxffx@offerbox.com:2.1.3128.64

FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3

FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=00b8b4ef000000000000001de06311b1&tlver=1.4.19.19&instlRef=sst&affID=17161&q="

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Program Files\OfferBox\offerboxffx@offerbox.com [2010/10/18 22:11:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/31 22:03:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/31 22:03:20 | 000,000,000 | ---D | M]

 

[2008/08/12 18:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions

[2011/04/01 11:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\dgm0z4yu.default\extensions

[2009/09/06 10:16:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\dgm0z4yu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/03/18 16:28:19 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\dgm0z4yu.default\extensions\ffxtlbr@babylon.com

[2009/11/15 00:19:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2009/11/15 14:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org

[2010/10/18 22:11:53 | 000,000,000 | ---D | M] (OfferBox) -- C:\PROGRAM FILES\OFFERBOX\OFFERBOXFFX@OFFERBOX.COM

[2010/03/16 21:35:28 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml

[2011/03/18 16:28:20 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2010/03/16 21:35:28 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/03/16 21:35:28 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml

[2010/01/09 18:20:36 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml

[2010/03/16 21:35:28 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

[2010/03/25 22:03:39 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2011/04/01 12:46:38 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O4 - HKLM..\Run: [avast5] File not found

O4 - HKLM..\Run: [babylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)

O4 - HKLM..\Run: [bboxUpdate] C:\Program Files\BboxUpdate\eStantAutoRunV.exe (TechCity Solutions France)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [uSBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)

O4 - HKCU..\Run: [sfiuf] File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: Deployer http://www.pcthreat.com/autoinstall/shsafeinstall.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Florian\Pictures\2008-08 PANAM\2011-03-28 Pêche a sion\01011047.JPG

O24 - Desktop BackupWallPaper: C:\Users\Florian\Pictures\2008-08 PANAM\2011-03-28 Pêche a sion\01011047.JPG

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{2b1beccc-9952-11dd-8480-001fc6679a4f}\Shell\AutoRun\command - "" = WD_Windows_Tools\Setup.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)

Drivers32: vidc.mjpg - pvmjpg30.dll File not found

Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/04/01 16:50:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe

[2011/04/01 16:30:03 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll

[2011/04/01 16:30:03 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll

[2011/04/01 16:29:58 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll

[2011/04/01 16:29:58 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll

[2011/04/01 16:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5

[2011/04/01 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Malwarebytes

[2011/04/01 15:04:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/04/01 15:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/04/01 15:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/04/01 15:04:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/04/01 15:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/04/01 14:18:20 | 000,000,000 | ---D | C] -- C:\Users\Florian\Desktop\pb virus

[2011/04/01 13:26:42 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Windows Live

[2011/04/01 13:25:52 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll

[2011/04/01 12:46:16 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\System32\VCCLSID.exe

[2011/04/01 12:46:16 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\System32\SrchSTS.exe

[2011/04/01 12:46:16 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\System32\swreg.exe

[2011/04/01 12:46:16 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\VACFix.exe

[2011/04/01 12:46:16 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.exe

[2011/04/01 12:46:16 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.C.exe

[2011/04/01 12:46:16 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\404Fix.exe

[2011/04/01 12:46:16 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\o4Patch.exe

[2011/04/01 12:46:16 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\System32\swxcacls.exe

[2011/04/01 12:46:16 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\Agent.OMZ.Fix.exe

[2011/04/01 12:46:16 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\System32\Process.exe

[2011/04/01 01:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2011/04/01 01:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2011/04/01 00:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\nLk06511nBiPi06511

[2011/03/31 21:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\Real

[2011/03/31 21:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Real

[2011/03/31 21:57:27 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Real

[2011/03/31 21:55:23 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Uniblue

[2011/03/31 21:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft

[2011/03/31 21:54:30 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\OpenCandy

[2011/03/31 21:54:29 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\OpenCandy

[2011/03/31 21:54:26 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll

[2011/03/31 21:54:24 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax

[2011/03/31 21:54:24 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll

[2011/03/31 21:54:24 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax

[2011/03/31 21:54:24 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax

[2011/03/31 21:54:24 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax

[2011/03/31 21:54:24 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax

[2011/03/31 21:54:24 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll

[2011/03/31 21:54:23 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax

[2011/03/31 21:54:23 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax

[2011/03/31 21:54:23 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax

[2011/03/31 21:54:23 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax

[2011/03/31 21:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft

[2011/03/29 15:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Ultimate Collection

[2011/03/29 15:27:44 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Pinnacle

[2011/03/29 15:25:07 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe

[2011/03/29 15:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio Plugins

[2011/03/29 15:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pinnacle

[2011/03/29 15:19:49 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Downloaded Installations

[2011/03/29 15:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Ultimate

[2011/03/29 15:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 14

[2011/03/29 15:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pegasus Imaging

[2011/03/29 15:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Yahoo!

[2011/03/29 15:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Studio 14

[2011/03/29 15:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Plus

[2011/03/29 15:11:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle

[2011/03/29 15:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Pinnacle

[2011/03/29 14:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle

[2011/03/29 14:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Studio14Trial

[2011/03/27 19:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2011/03/27 17:16:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

[2011/03/27 17:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Sony

[2011/03/27 16:57:06 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\WinRAR

[2011/03/27 16:57:06 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[2011/03/27 16:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2011/03/27 16:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2011/03/25 22:44:08 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2011/03/25 22:44:08 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2011/03/19 18:39:27 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\widestream

[2011/03/19 18:39:23 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\widestream6 Air

[2011/03/19 18:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\Widestream6

[2011/03/18 19:50:44 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Publish Providers

[2011/03/18 19:48:41 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Sony

[2011/03/18 19:48:40 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Sony

[2011/03/18 19:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony

[2011/03/18 16:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar

[2011/03/18 13:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDub-1.9.11

[2011/03/16 22:45:56 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\avidemux

[2011/03/16 22:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux

[2011/03/16 22:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux 2.5

[2011/03/15 23:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\Haali

[2011/03/15 22:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter

[2011/03/12 16:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011/03/12 16:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/03/12 16:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/03/12 16:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011/03/12 00:37:47 | 000,000,000 | ---D | C] -- C:\Users\Florian\Desktop\camera

[2011/03/08 21:16:58 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2011/03/08 21:16:58 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll

[2011/03/08 21:16:58 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2011/03/08 21:16:58 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll

[2007/01/24 12:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/04/01 16:56:24 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2011/04/01 16:55:44 | 000,704,332 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2011/04/01 16:55:44 | 000,618,570 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/04/01 16:55:44 | 000,129,610 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2011/04/01 16:55:44 | 000,106,570 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/04/01 16:51:23 | 000,028,029 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\nvModes.001

[2011/04/01 16:51:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe

[2011/04/01 16:46:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/04/01 15:24:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/04/01 15:24:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/04/01 15:23:42 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/04/01 15:23:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/04/01 15:23:14 | 3218,374,656 | -HS- | M] () -- C:\hiberfil.sys

[2011/04/01 14:50:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011/04/01 14:41:17 | 000,443,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/04/01 12:46:41 | 000,002,034 | ---- | M] () -- C:\Windows\System32\tmp.reg

[2011/04/01 12:46:41 | 000,000,691 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\GetValue.vbs

[2011/04/01 12:46:41 | 000,000,035 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\SetValue.bat

[2011/04/01 12:46:38 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/03/31 21:54:31 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk

[2011/03/31 21:39:07 | 000,215,552 | ---- | M] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/31 15:03:52 | 000,000,685 | ---- | M] () -- C:\Users\Florian\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureau - Raccourci.lnk

[2011/03/29 15:16:59 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Pinnacle Studio 14.lnk

[2011/03/27 19:25:52 | 000,002,643 | ---- | M] () -- C:\Users\Florian\Desktop\Microsoft Excel.lnk

[2011/03/27 19:10:03 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011/03/27 18:25:06 | 000,000,775 | ---- | M] () -- C:\Users\Florian\Desktop\mp4toavi - Raccourci.lnk

[2011/03/27 17:42:38 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2011/03/27 17:16:01 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk

[2011/03/19 12:18:17 | 000,001,755 | ---- | M] () -- C:\Users\Florian\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/03/18 14:02:01 | 000,000,886 | ---- | M] () -- C:\Users\Florian\Desktop\VirtualDub - Raccourci.lnk

[2011/03/18 13:15:39 | 000,073,728 | ---- | M] ( ) -- C:\Windows\System\vdremote.dll

[2011/03/18 13:15:39 | 000,065,536 | ---- | M] ( ) -- C:\Windows\System\vdsvrlnk.dll

[2011/03/16 22:45:42 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Avidemux 2.5.lnk

[2011/03/15 22:55:13 | 000,000,951 | ---- | M] () -- C:\Users\Florian\Desktop\Windows Media Player.lnk

[2011/03/15 22:52:49 | 000,001,768 | ---- | M] () -- C:\Users\Florian\Desktop\Windows Movie Maker.lnk

[2011/03/12 16:44:38 | 000,001,671 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/03/12 16:35:19 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/04/01 16:56:24 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2011/04/01 16:29:58 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll

[2011/04/01 15:23:14 | 3218,374,656 | -HS- | C] () -- C:\hiberfil.sys

[2011/04/01 13:29:52 | 000,002,032 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk

[2011/04/01 12:46:41 | 000,002,034 | ---- | C] () -- C:\Windows\System32\tmp.reg

[2011/04/01 12:46:41 | 000,000,691 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\GetValue.vbs

[2011/04/01 12:46:41 | 000,000,035 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\SetValue.bat

[2011/04/01 12:46:16 | 000,075,776 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe

[2011/04/01 12:46:16 | 000,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe

[2011/04/01 12:46:16 | 000,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe

[2011/03/31 21:54:31 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk

[2011/03/31 21:54:24 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax

[2011/03/31 21:54:24 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax

[2011/03/31 21:54:24 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax

[2011/03/31 21:54:23 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax

[2011/03/31 21:54:23 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax

[2011/03/31 21:54:23 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax

[2011/03/31 21:54:23 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax

[2011/03/31 21:54:23 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax

[2011/03/31 15:03:52 | 000,000,685 | ---- | C] () -- C:\Users\Florian\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureau - Raccourci.lnk

[2011/03/29 15:16:59 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle Studio 14.lnk

[2011/03/27 19:10:03 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011/03/27 18:25:06 | 000,000,775 | ---- | C] () -- C:\Users\Florian\Desktop\mp4toavi - Raccourci.lnk

[2011/03/27 17:16:01 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk

[2011/03/19 12:18:17 | 000,001,755 | ---- | C] () -- C:\Users\Florian\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/03/18 13:17:17 | 000,000,886 | ---- | C] () -- C:\Users\Florian\Desktop\VirtualDub - Raccourci.lnk

[2011/03/16 22:45:42 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Avidemux 2.5.lnk

[2011/03/15 22:55:13 | 000,000,951 | ---- | C] () -- C:\Users\Florian\Desktop\Windows Media Player.lnk

[2011/03/15 22:52:49 | 000,001,768 | ---- | C] () -- C:\Users\Florian\Desktop\Windows Movie Maker.lnk

[2011/03/12 16:44:38 | 000,001,671 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/10/16 14:11:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010/10/10 12:41:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010/10/10 12:41:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010/08/20 18:45:19 | 000,004,350 | ---- | C] () -- C:\Users\Florian\AppData\Local\sfiuf.dat

[2009/09/22 23:33:22 | 000,000,892 | ---- | C] () -- C:\Users\Florian\AppData\Local\cshwfb.exe

[2008/07/30 17:50:35 | 000,000,090 | ---- | C] () -- C:\Users\Florian\AppData\Local\ajtfi.bat

[2008/07/30 12:14:24 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008/07/11 22:23:33 | 000,000,680 | ---- | C] () -- C:\Users\Florian\AppData\Local\d3d9caps.dat

[2008/06/30 11:58:07 | 000,000,493 | ---- | C] () -- C:\Windows\ODBC.INI

[2008/06/29 00:25:19 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini

[2008/06/28 22:23:14 | 000,016,384 | ---- | C] () -- C:\Windows\System32\DsrSleep.dll

[2008/06/28 22:21:12 | 000,077,824 | ---- | C] () -- C:\Windows\System32\oopmdisp.exe

[2008/06/28 22:21:12 | 000,069,632 | ---- | C] () -- C:\Windows\System32\oopmagentts.exe

[2008/06/28 22:21:12 | 000,031,232 | ---- | C] () -- C:\Windows\System32\progress.exe

[2008/06/28 22:21:06 | 000,026,112 | ---- | C] () -- C:\Windows\System32\oopmpm.dll

[2008/06/28 21:16:32 | 000,215,552 | ---- | C] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/28 21:05:29 | 000,000,865 | ---- | C] () -- C:\Windows\LAROUSSE.INI

[2008/06/28 13:34:53 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat

[2008/06/28 13:34:53 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat

[2008/06/28 13:34:53 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat

[2008/06/28 13:34:53 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat

[2008/06/28 13:34:53 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat

[2008/06/28 13:34:53 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat

[2008/06/28 13:34:53 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat

[2008/06/28 13:34:53 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat

[2008/06/28 13:34:53 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat

[2008/06/28 13:34:53 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat

[2008/06/28 13:34:53 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat

[2008/06/28 13:34:53 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat

[2008/06/28 13:34:53 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat

[2008/06/28 13:34:53 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat

[2008/06/28 13:34:53 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat

[2008/06/28 13:34:53 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat

[2008/06/28 13:34:53 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat

[2008/06/28 13:34:53 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat

[2008/06/28 13:34:53 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2008/06/28 13:32:18 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini

[2008/06/28 13:30:06 | 000,028,029 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\nvModes.001

[2008/06/28 10:37:29 | 000,028,029 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\nvModes.dat

[2008/06/27 16:53:41 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008/06/27 16:04:22 | 000,000,546 | ---- | C] () -- C:\Windows\System32\ABM51Sn.DAT

[2008/06/27 15:09:29 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe

[2008/05/23 00:22:18 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008/05/23 00:18:54 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll

[2008/04/09 09:00:40 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe

[2008/04/09 09:00:28 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll

[2008/04/09 08:30:32 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2007/08/06 11:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe

[2007/06/01 19:58:40 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll

[2007/04/18 11:09:44 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat

[2007/04/18 11:09:43 | 000,704,332 | ---- | C] () -- C:\Windows\System32\perfh00C.dat

[2007/04/18 11:09:43 | 000,129,610 | ---- | C] () -- C:\Windows\System32\perfc00C.dat

[2007/04/18 11:09:43 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat

[2007/04/18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini

[2007/04/18 10:33:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2007/03/06 08:39:19 | 000,049,152 | ---- | C] () -- C:\Windows\revdevdll.dll

[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 14:47:37 | 000,443,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 12:33:01 | 000,618,570 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 12:33:01 | 000,106,570 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/03/10 12:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2005/04/03 01:29:59 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll

[1998/05/06 06:09:59 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2006/09/18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2007/04/18 11:26:27 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2007/04/04 06:01:54 | 000,000,019 | ---- | M] () -- C:\CA13.txt

[2008/06/27 15:10:58 | 000,412,410 | ---- | M] () -- C:\ciam_uninstall.log

[2008/06/27 15:10:52 | 000,016,287 | ---- | M] () -- C:\ciam_uninstall_0627-1510.log

[2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2008/04/09 09:13:38 | 000,020,454 | ---- | M] () -- C:\devlist.txt

[2008/04/09 09:10:15 | 000,000,009 | ---- | M] () -- C:\Finish.log

[2011/04/01 15:23:14 | 3218,374,656 | -HS- | M] () -- C:\hiberfil.sys

[2008/06/28 21:05:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2007/12/24 06:38:07 | 001,048,576 | ---- | M] () -- C:\M51SnAS.BIN

[2008/01/02 05:17:53 | 000,000,014 | ---- | M] () -- C:\M51Sn_Vista.20

[2008/06/28 21:05:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2007/08/07 23:43:02 | 000,000,015 | ---- | M] () -- C:\NERO.LOG

[2007/05/17 05:35:24 | 000,000,015 | ---- | M] () -- C:\NIS2007_A.TXT

[2007/03/16 01:18:45 | 000,000,025 | ---- | M] () -- C:\OFFICE2007_A.TXT

[2011/04/01 15:23:11 | 3534,008,320 | -HS- | M] () -- C:\pagefile.sys

[2008/04/08 19:59:11 | 000,000,105 | ---- | M] () -- C:\Pass.txt

[2008/01/22 02:22:18 | 000,001,526 | ---- | M] () -- C:\Patch.LOG

[2011/04/01 16:56:24 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2007/05/24 00:43:40 | 000,000,017 | ---- | M] () -- C:\READER_A.TXT

[2007/10/15 11:25:26 | 000,000,012 | ---- | M] () -- C:\RECOVERY.DAT

[2008/04/09 08:29:20 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log

[2011/04/01 15:02:26 | 000,000,467 | ---- | M] () -- C:\rkill.log

[2010/05/25 22:02:09 | 000,000,159 | ---- | M] () -- C:\Setup.log

[2006/05/16 02:22:24 | 000,000,005 | ---- | M] () -- C:\store.log

[2008/04/09 06:58:07 | 000,000,166 | ---- | M] () -- C:\SumHidd.txt

[2008/04/09 06:57:12 | 000,000,098 | ---- | M] () -- C:\SumOS.txt

[2007/12/06 22:22:16 | 000,000,023 | ---- | M] () -- C:\V54.TXT

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006/11/02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 

< %systemroot%\system32\drivers\*.sys /90 >

[2011/01/20 18:37:37 | 000,638,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys

[2011/02/18 17:36:58 | 000,041,984 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-01 11:30:32

 

< End of report >

[Florian_85]

et voilà le fichier Extras:

 

OTL Extras logfile created on: 01/04/2011 16:53:35 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Florian\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149,04 Gb Total Space | 35,97 Gb Free Space | 24,13% Space Free | Partition Type: NTFS

Drive D: | 141,23 Gb Total Space | 46,23 Gb Free Space | 32,73% Space Free | Partition Type: NTFS

Drive F: | 149,01 Gb Total Space | 9,24 Gb Free Space | 6,20% Space Free | Partition Type: FAT32

 

Computer Name: PC-DE-FLORIAN | User Name: Florian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

"AntiVirusDisableNotify" = 0x00000000

"FirewallDisableNotify" = 0x00000000

"UpdatesDisableNotify" = 0x00000000

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{49C2E27D-66AE-4EBE-865B-85F3C17BD639}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{DD7EF86B-6FF1-48A0-A295-22FB86284C22}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E7A74280-930D-4324-BC81-F0B4C32D1728}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{F776266E-5123-438F-9B40-4A6EAA291A72}" = lport=2869 | protocol=6 | dir=in | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0146C2D4-FB19-4349-A197-9D134CDEB7E2}" = protocol=17 | dir=in | app=c:\program files\crazyloader\crazyloader.exe |

"{118709A3-4D19-49A1-A43C-48683FD5BCB0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{28CA4ABE-E73C-4E3A-BE23-57E5C2BF41AB}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{350E0E23-CC57-4A7E-A84C-EA3E79F50032}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"{4553CF00-1BCF-4AD6-9142-1E048AD425F9}" = protocol=17 | dir=in | app=c:\program files\bboxupdate\btliveupdate.exe |

"{483457DE-56D0-4D62-8392-3E33CD251FA6}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaws.exe |

"{4951048F-5345-4EFD-AC77-BE7F42829941}" = protocol=17 | dir=in | app=e:\data\eskernel.exe |

"{4CAAEE6F-4F60-4A49-B0DB-684315F067E1}" = protocol=6 | dir=in | app=c:\program files\adsltv\adsltv.exe |

"{56D9B95C-9833-4B29-B2B4-FCC7DD432A6A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{5D062C0C-E9E0-414C-8031-9342B5EB319D}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{78A993DA-EB7D-48ED-9A71-D0731564BD7E}" = protocol=6 | dir=in | app=c:\program files\crazyloader\crazyloader.exe |

"{7A481351-0950-4CFA-AD1F-79B7EC009E9F}" = protocol=6 | dir=in | app=c:\program files\bboxupdate\btliveupdate.exe |

"{7D12028E-E1A7-4012-87D6-CB9356EF9767}" = protocol=6 | dir=in | app=c:\users\florian\downloads\mp4convertersetup.exe |

"{7DC39F0F-4AE9-43E2-9747-A17CA322C11A}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |

"{80BE7D82-BF70-422D-AC5B-F556EC1A12AE}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"{8159D9E6-9F0C-47E9-91E4-E7D5A26DC792}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{9478A76A-DEDD-4EF8-ABCA-616AE8A0F94F}" = protocol=17 | dir=in | app=c:\program files\adsltv\adsltv.exe |

"{A348AA7A-F6B1-4B90-9078-C24E6CCECDB4}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |

"{A4077189-4B5D-43D7-8F28-2376CC617753}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaws.exe |

"{B38AEF52-C6DB-44AC-BB0C-ADE6AAA99244}" = protocol=6 | dir=in | app=e:\data\eskernel.exe |

"{C7B77861-C24B-4382-BC93-3BA09A40DAFC}" = protocol=17 | dir=in | app=c:\program files\bbox\eskernel.exe |

"{D6C766C4-B33D-474E-A0EB-887D35B1FBE2}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |

"{DB0665FA-62BD-4827-ACB7-D48F8627EF0D}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{DBCA3711-7946-4EC5-BF64-400361C7725B}" = protocol=17 | dir=in | app=c:\users\florian\downloads\mp4convertersetup.exe |

"{DDF95B65-E03B-43A2-8D78-24182A984E08}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |

"{E4893920-E758-4324-8B3A-32E61F56C912}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |

"{F6BFD3F5-51BE-4445-AE6A-C5803C6EDCA7}" = protocol=6 | dir=in | app=c:\program files\bbox\eskernel.exe |

"{FBDB32D8-6D6C-4CB6-88C3-91E8C1ADE71F}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |

"TCP Query User{086274AC-497B-43D9-95D4-84AA85167640}C:\program files\java\jre6\launch4j-tmp\crazyloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\crazyloader.exe |

"TCP Query User{2632CE36-E1D1-48EF-913F-A650945D1F26}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |

"TCP Query User{4C0F7B11-D0B1-4A3B-A3E6-4C2A7BF4D8D2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{4C406BB9-D4F1-4257-838C-5AF6DF175979}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |

"TCP Query User{5855AD97-2A5F-4B2D-AE49-905FC31464F8}C:\users\florian\appdata\local\temp\jdic_0_9_5\ieembed.exe" = protocol=6 | dir=in | app=c:\users\florian\appdata\local\temp\jdic_0_9_5\ieembed.exe |

"TCP Query User{6A80A68E-C1B7-4E8A-B2F3-B69FF686223E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"TCP Query User{72B4CE51-849C-486C-8AF4-BA73ABB0D755}C:\program files\webmediaplayer\webmediaplayer.exe" = protocol=6 | dir=in | app=c:\program files\webmediaplayer\webmediaplayer.exe |

"TCP Query User{E7011D91-F509-4FE8-8BD2-67049006C990}C:\program files\joost\xulrunner\tvprunner.exe" = protocol=6 | dir=in | app=c:\program files\joost\xulrunner\tvprunner.exe |

"UDP Query User{08320F73-27A7-4322-8BAF-8C346030AABD}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |

"UDP Query User{0C244C2D-BBFF-4A7B-B0FC-3EA961919B70}C:\program files\joost\xulrunner\tvprunner.exe" = protocol=17 | dir=in | app=c:\program files\joost\xulrunner\tvprunner.exe |

"UDP Query User{0FCEDF00-B236-4ACC-B3A8-8A8522A03EB2}C:\users\florian\appdata\local\temp\jdic_0_9_5\ieembed.exe" = protocol=17 | dir=in | app=c:\users\florian\appdata\local\temp\jdic_0_9_5\ieembed.exe |

"UDP Query User{51638157-5724-4469-BE81-15858025851F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{553EEB6F-20EF-4843-ACE8-0FB6EDD8C346}C:\program files\java\jre6\launch4j-tmp\crazyloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\crazyloader.exe |

"UDP Query User{5E304800-81F6-4A64-9D8C-62B404A31999}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{7910ACEF-C7D5-4D4E-9BBD-925A0DD35127}C:\program files\webmediaplayer\webmediaplayer.exe" = protocol=17 | dir=in | app=c:\program files\webmediaplayer\webmediaplayer.exe |

"UDP Query User{C1A40715-59D0-401A-A10A-12997337FB84}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{0011040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Excel 2000 SR-1

"{0013040C-78E1-11D2-B60F-006097C998E7}" = Microsoft PowerPoint 2000 SR-1

"{0017040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1

"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack

"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2396F815-84E0-4353-83D7-8B190556DA42}" = ASUS CopyProtect

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 15

"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe

"{65173BC2-60E7-4DE8-A61D-A81FCB96EE93}" = Pinnacle Studio Ultimate Plugins

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pilote vidéo Pinnacle

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp

"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme

"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver

"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14

"{AC76BA86-7AD7-1036-7B44-A70800000002}" = Adobe Reader 7.0.8 - Français

"{AC76BA86-7AD7-1036-7B44-A80000000002}" = Adobe Reader 8 - Français

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.47 (March 12, 2011) version v2011.build.47

"{BC61F51E-8AF7-46B9-AF20-B33B5EE81036}" = Nero 7 Essentials

"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe 1.8.13.1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0

"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update

"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore

"7-Zip" = 7-Zip 4.65

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"ajtfi" = Favorit

"Anti-Pub_is1" = Anti-Pub 2003.03

"avast5" = avast! Free Antivirus

"Avidemux 2.5" = Avidemux 2.5

"BabylonToolbar" = Babylon toolbar

"BboxUpdate" =

"Bouygues Telecom - désinstallation Bbox" =

"CrazyLoader" = CrazyLoader

"Croc Pop Up+" = Croc Pop Up+

"CX4300_5500_DX4400 Manuel" = CX4300_5500_DX4400 Manuel

"Google Chrome" = Google Chrome

"Image Convert_is1" = Image Convert 1.0

"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA

"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)

"NVIDIA Drivers" = NVIDIA Drivers

"OfferBox" = OfferBox

"PDFCreator Toolbar" = PDFCreator Toolbar

"ProInst" = Intel® PROSet/Wireless Software

"Red Giant ToonIt Studio" = Red Giant ToonIt Studio

"Revo Uninstaller" = Revo Uninstaller 1.75

"ShockwaveFlash" = Adobe Flash Player 9 ActiveX

"SMSERIAL" = Motorola SM56 Speakerphone Modem

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"USB2.0 1.3M UVC WebCam" = USB2.0 1.3M UVC WebCam

"VLC media player" = VLC media player 1.1.8

"WinLiveSuite" = Windows Live

"WinRAR archiver" = WinRAR 4.00 (32 bits)

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"TimeAdjuster" = Time Adjuster STANDARD 3.1

 

========== Last 10 Event Log Errors ==========

 

[ Antivirus Events ]

Error - 20/02/2009 18:04:39 | Computer Name = PC-de-Florian | Source = avast! | ID = 33554522

Description =

 

Error - 28/02/2009 10:44:09 | Computer Name = PC-de-Florian | Source = avast! | ID = 33554522

Description =

 

Error - 09/03/2009 17:48:14 | Computer Name = PC-de-Florian | Source = avast! | ID = 33554522

Description =

 

Error - 12/05/2009 15:29:58 | Computer Name = PC-de-Florian | Source = avast! | ID = 33554522

Description =

 

Error - 27/06/2009 17:59:18 | Computer Name = PC-de-Florian | Source = avast! | ID = 33554522

Description =

 

Error - 20/09/2009 15:15:46 | Computer Name = PC-de-Florian | Source = avast! | ID = 33554522

Description =

 

Error - 25/10/2009 08:50:28 | Computer Name = PC-de-Florian | Source = avast! | ID = 33554522

Description =

 

Error - 27/10/2009 18:08:31 | Computer Name = PC-de-Florian | Source = avast! | ID = 33554522

Description =

 

Error - 26/12/2009 15:31:23 | Computer Name = PC-de-Florian | Source = avast! | ID = 33554522

Description =

 

Error - 05/02/2010 18:21:21 | Computer Name = PC-de-Florian | Source = avast! | ID = 33554522

Description =

 

[ Application Events ]

Error - 27/03/2010 15:55:09 | Computer Name = PC-de-Florian | Source = WerSvc | ID = 5007

Description =

 

Error - 28/03/2010 09:48:56 | Computer Name = PC-de-Florian | Source = WerSvc | ID = 5007

Description =

 

Error - 29/03/2010 14:32:03 | Computer Name = PC-de-Florian | Source = WerSvc | ID = 5007

Description =

 

Error - 30/03/2010 14:14:31 | Computer Name = PC-de-Florian | Source = WerSvc | ID = 5007

Description =

 

Error - 30/03/2010 15:05:39 | Computer Name = PC-de-Florian | Source = Application Error | ID = 1000

Description = Application défaillante systrayapp.exe, version 1.0.39.739, horodatage

0x46f94eba, module défaillant systrayapp.exe, version 1.0.39.739, horodatage 0x46f94eba,

code d’exception 0xc0000005, décalage d’erreur 0x00001c1c, ID du processus 0xd40,

heure de début de l’application 0x01cad0364dc44715.

 

Error - 30/03/2010 15:13:08 | Computer Name = PC-de-Florian | Source = WerSvc | ID = 5007

Description =

 

Error - 30/03/2010 15:34:39 | Computer Name = PC-de-Florian | Source = Application Error | ID = 1000

Description = Application défaillante systrayapp.exe, version 1.0.39.739, horodatage

0x46f94eba, module défaillant systrayapp.exe, version 1.0.39.739, horodatage 0x46f94eba,

code d’exception 0xc0000005, décalage d’erreur 0x00001c1c, ID du processus 0x99c,

heure de début de l’application 0x01cad03d36d2f844.

 

Error - 31/03/2010 15:17:29 | Computer Name = PC-de-Florian | Source = WerSvc | ID = 5007

Description =

 

Error - 01/04/2010 14:14:37 | Computer Name = PC-de-Florian | Source = WerSvc | ID = 5007

Description =

 

Error - 02/04/2010 13:55:14 | Computer Name = PC-de-Florian | Source = WerSvc | ID = 5007

Description =

 

[ System Events ]

Error - 01/04/2011 08:57:25 | Computer Name = PC-de-Florian | Source = DCOM | ID = 10005

Description =

 

Error - 01/04/2011 08:57:57 | Computer Name = PC-de-Florian | Source = Service Control Manager | ID = 7001

Description =

 

Error - 01/04/2011 08:57:57 | Computer Name = PC-de-Florian | Source = Service Control Manager | ID = 7026

Description =

 

Error - 01/04/2011 08:58:04 | Computer Name = PC-de-Florian | Source = DCOM | ID = 10005

Description =

 

Error - 01/04/2011 09:13:39 | Computer Name = PC-de-Florian | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000

Description =

 

Error - 01/04/2011 09:13:56 | Computer Name = PC-de-Florian | Source = DCOM | ID = 10005

Description =

 

Error - 01/04/2011 09:14:03 | Computer Name = PC-de-Florian | Source = DCOM | ID = 10005

Description =

 

Error - 01/04/2011 09:14:08 | Computer Name = PC-de-Florian | Source = DCOM | ID = 10005

Description =

 

Error - 01/04/2011 09:14:43 | Computer Name = PC-de-Florian | Source = Service Control Manager | ID = 7001

Description =

 

Error - 01/04/2011 09:14:43 | Computer Name = PC-de-Florian | Source = Service Control Manager | ID = 7026

Description =

 

 

< End of report >

 

 

 

 

Merci de ton aide.

Florian

[lance_yien]

Programmes à désinstaller (si présent dans "Ajout/ Suppression de programmes") parce que pub, spyware et autres adware:

webmediaplayer

OfferBox

OpenCandy

 

Ensuite, lancer OTL et copier la liste suivante (commençant par :OTL) et la coller dans l'espace sous "Personnalisation" (les : au début et le ] à la fin sont très important, merci de vérifier).

 

:OTL

PRC - [2010/10/08 18:23:30 | 001,963,864 | ---- | M] (Secure Digital Services Limited) -- C:\Program Files\OfferBox\OfferBox.exe

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - prefs.js..extensions.enabledItems: offerboxffx@offerbox.com:2.1.3128.64

FF - HKLM\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Program Files\OfferBox\offerboxffx@offerbox.com [2010/10/18 22:11:53 | 000,000,000 | ---D | M]

[2010/10/18 22:11:53 | 000,000,000 | ---D | M] (OfferBox) -- C:\PROGRAM FILES\OFFERBOX\OFFERBOXFFX@OFFERBOX.COM

O4 - HKCU..\Run: [sfiuf] File not found

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)

O33 - MountPoints2\{2b1beccc-9952-11dd-8480-001fc6679a4f}\Shell\AutoRun\command - "" = WD_Windows_Tools\Setup.exe

[2011/03/31 21:54:30 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\OpenCandy

[2011/03/31 21:54:29 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\OpenCandy

 

:Services

 

:Reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"OfferBox" = OfferBox

 

:Files

C:\WINDOWS\tasks\*.job

C:\*.sqm

 

:Commands

[EMPTYTEMP]

[EMPTYFLASH]

[RESETHOSTS]

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme demandera de redémarrer la machine pour finir le processus, cliquer sur Oui.

A la fin un rapport s'ouvre dans le bloc-note. Copier son contenu et le coller dans une nouvelle réponse. Fermer le rapport et OTL.

 

 

>>> ESET Online Scanner: Désactiver antivirus/ parefeu et antispyware et utiliser Internet Explorer pour aller ICI.

• Cliquer sur le bouton vert ESET Online Scanner, cocher la case "YES, I accept the Terms of Use" et cliquer sur Start.
  
• Accepter l'installation de l'ActiveX.
  
• Cocher "Scan archives", DEcocher "Remove found threats" et cliquer Start.
  
• Eset téléchargera la base de données et commencera le scan. Le laisser finir son scan.
  
• Ensuite, cliquer sur "List of found threats"
  
• Cliquer sur "Export to text file..." et sauvegarder les résultats sur le Bureau en le nommant "scan-results" pour les copier/coller ici.
  
• Cliquer sur et cocher la case Uninstall application on close pour supprimer ESET Online Scanner de la machine.

Cliquer sur et poster le rapport.

 

 

Rapports demandés:

• OTL.txt
• scan-results.txt

As-tu encore d'autres symptômes à vérifier?

[Florian_85]

Alors, voilà le rapport OTL:

 

All processes killed

========== OTL ==========

No active process named OfferBox.exe was found!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Prefs.js: offerboxffx@offerbox.com:2.1.3128.64 removed from extensions.enabledItems

Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com not found.

C:\Program Files\OfferBox\offerboxffx@offerbox.com\components folder moved successfully.

C:\Program Files\OfferBox\offerboxffx@offerbox.com folder moved successfully.

Folder C:\PROGRAM FILES\OFFERBOX\OFFERBOXFFX@OFFERBOX.COM\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\sfiuf deleted successfully.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b1beccc-9952-11dd-8480-001fc6679a4f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b1beccc-9952-11dd-8480-001fc6679a4f}\ not found.

File WD_Windows_Tools\Setup.exe not found.

C:\Users\Florian\AppData\Local\OpenCandy folder moved successfully.

C:\Users\Florian\AppData\Roaming\OpenCandy\OpenCandy_4BF4096303894CC3A720FE71143EB089 folder moved successfully.

C:\Users\Florian\AppData\Roaming\OpenCandy folder moved successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\"OfferBox" | OfferBox /E : value set successfully!

========== FILES ==========

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.

File\Folder C:\*.sqm not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

 

User: Florian

->Temp folder emptied: 35637102 bytes

->Temporary Internet Files folder emptied: 9163446 bytes

->Java cache emptied: 26899223 bytes

->FireFox cache emptied: 61796050 bytes

->Google Chrome cache emptied: 819568 bytes

->Apple Safari cache emptied: 8327168 bytes

->Flash cache emptied: 73757 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 956091 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 758226 bytes

RecycleBin emptied: 3444860 bytes

 

Total Files Cleaned = 141,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Florian

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.22.3 log created on 04012011_192152

 

Files\Folders moved on Reboot...

File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

 

 

 

Et les resultats du scan:

 

C:\Users\Florian\Desktop\camera\Logiciels\Sony vegas pro9.0\Keygen.exe une variante de Win32/Keygen.AR application

C:\Users\Florian\Desktop\camera\Logiciels\Sony vegas pro9.0\SonyVPRO9MEDICINE.rar une variante de Win32/Keygen.AR application

C:\_OTL\MovedFiles\04012011_192152\C_Users\Florian\AppData\Roaming\OpenCandy\OpenCandy_4BF4096303894CC3A720FE71143EB089\registrybooster(.exe une variante de Win32/RegistryBooster application

 

 

 

sinon pas de problème apparent sur mon PC.

merci encore de ton aide

[lance_yien]

Bonjour,

 

Lancer OTL et copier la liste suivante (commençant par :OTL) et la coller dans l'espace sous "Personnalisation" (les : au début et le ] à la fin sont très important, merci de vérifier).

 

:OTL

 

 

:Services

 

:Reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"OfferBox" = -

 

:Files

C:\Users\Florian\Desktop\camera\Logiciels\Sony vegas pro9.0\Keygen.exe

C:\Users\Florian\Desktop\camera\Logiciels\Sony vegas pro9.0\SonyVPRO9MEDICINE.rar

 

:Commands

[EMPTYTEMP]

[EMPTYFLASH]

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme demandera de redémarrer la machine pour finir le processus, cliquer sur Oui.

A la fin un rapport s'ouvre dans le bloc-note. Copier son contenu et le coller dans une nouvelle réponse. Fermer le rapport et OTL.

 

 

>>> Crack et programmes Illégaux: Le scan de ESET montre ce type de fichiers/ Programmes dans "camera\Logiciels\Sony vegas pro9.0" sur ton bureau.

Parce qu'il existe toujours un programme/logiciel gratuit et légal pour pratiquement tout ce qu'on veut, je te suggère de supprimer ce dossier et désinstaller toute application illégale.

Lire attentivement Le danger des P2P.

 

 

>>> Mises à jour: Toute ancienne version d'un programme quel qu'il soit peut comporter des vulnérabilités susceptibles d'être exploitées pour infecter un PC et notre meilleur moyen pour limiter les dégâts c'est la mise à jour régulièrement[/b]:

• Internet Explorer. Cliquer ICI, choisir la langue et le système d'exploitation pour télécharger et installer Internet Explorer 8. Suivre simplement les indications.
• Java: Utiliser, IMPÉRATIVEMENT, Internet Explorer pour téléchargez (sur le Bureau) la dernière version qui correspond à votre Système d'exploitation (32 ou 64 bits): Téléchargements Java pour tous les systèmes d'exploitation.
   
  
  

  
   
  Avant l'installation il est important de commencer par supprimer TOUTES les anciennes versions dans votre machine parce qu'elles peuvent contenir des vulnérabilités de sécurité:
  Cliquer sur "Démarrer" => "Panneau de Configuration" => "Ajout/ Suppr des Programmes".
  Chercher, dans la liste les lignes concernant Java (J2SE Runtime Environment.... ) et repérables avec cette icône .
  Sélectionner une ligne à la fois et cliquer sur Modifier/ Supprimer.
  Quand il n'y en a plus fermez tout et installez la nouvelle version en cliquant sur le fichier que vous avez téléchargé.
   
  

• Flash Player:
  - Désinstaller[/b][/color] les vieilles versions de Flash Player avec cet utilitaire (en le téléchargeant sur le Bureau.
  - Ensuite, installer la dernière version en cliquant ici. Décocher l'option "McAfee® Security Scan Plus gratuit (en option)" et cliquer sur Télécharger dès maintenant pour lancer le processus d'installation. Patienter jusqu'à la fin et supprimer le fichier uninstall_flash_player.exe
  Répéter la 2ème étape pour chacun de vos navigateurs utilisés (IE, FF...)
   
  
• Adobe Acrobat Reader: La désinstaller et télécharger la dernière version ici (Décocher la case Inclure dans votre téléchargement).

 

Rapports demandés:

• OTL.txt

Comment ce sont déroulées les mises à jour?

[Florian_85]

Hello lance_yien,

 

Alors toutes les mises à jour comme demandé ont été faîtes et ca a bien marché.

 

Voilà le dernier rapport OTL comme demandé.

 

L'ordinateur est quasiment comme neuf maintenant

 

 

 

All processes killed

========== OTL ==========

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\OfferBox deleted successfully.

========== FILES ==========

File\Folder C:\Users\Florian\Desktop\camera\Logiciels\Sony vegas pro9.0\Keygen.exe not found.

File\Folder C:\Users\Florian\Desktop\camera\Logiciels\Sony vegas pro9.0\SonyVPRO9MEDICINE.rar not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

 

User: Florian

->Temp folder emptied: 466321 bytes

->Temporary Internet Files folder emptied: 7264260 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 79734974 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 1406 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 22479 bytes

 

Total Files Cleaned = 83,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Florian

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.2.22.3 log created on 04022011_135406

 

Files\Folders moved on Reboot...

File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

[lance_yien]

...

L'ordinateur est quasiment comme neuf maintenant

Bien content pour toi

--

 

>>> Supprimer les utilitaires:

- Lancer OTL et cliquer sur Purge outils. Laisser faire et redémarrer le PC.

- Pour supprimer les autres utilitaires et leur rapports, cliquer-droit dessus => "Supprimer".

 

 

>>> Ré-initialiser les Points de Restauration parce qu'elles peuvent contenir des traces d'infection:

Cliquer-droit sur "Ordinateur" => "Propriétés" => "Système" => "Protection Système". Décocher la case devant le nom de la partition système (généralement C:) et laisser faire.

Quand c'est fini cocher cette même case => "OK" et redémarrer le PC.

Un nouveau point de restauration sera créé.

 

 

>>> Vérifier/ Activer l'UAC: Parce qu'il y a de plus en plus de malware qui exploitent la désactivation de l'UAC (contrôle de compte utilisateur) de Windows (Vista et W7) pour installer des rootkits, garder ce module activé même s'il paraît, des fois, énervant:

Cliquer sur "Démarrer" => "Panneau de configuration". Cliquer sur " Comptes d'utilisateurs..." => "Activer ou désactiver le contrôle des comptes d'utilisateurs". Cocher la case "Utiliser le Contrôle des Comptes d'utilisateurs pour vous aider..." => OK.

Redémarrer le PC quand c'est demandé.

 

 

 

>>> StartUpLite Il y a toujours des programmes qui se lancent INUTILEMENT en même temps que Windows.

Télécharger, sur le Bureau, MBAM' StartUpLite depuis ici.

Fermer toutes les applications en cours et autres fenêtres ouvertes et cliquer-droit sur StartUpLite.exe => "Exécuter en tant qu'administrateur" pour lancer le programme.

Il affichera toutes les entrées inutiles en démarrage automatique

Sélectionner TOUTES les entrées affichées et cliquer sur Continue.

S'il affiche "No unnecessary startups found!", c'est qu'il n'y a rien à faire.

 

 

>>> Protéger/ Sécuriser:

• Vérifier le Pare-feu: Un pare-feu est le 1er rempart contre les intrusions.
  - Celui de Vista/ Windows 7, contrôler et activer si nécessaire depuis le "Centre de sécurité".
  - Celui inclus dans Windows XP ne contrôle pas le flux sortant d'Internet d'où l'importance d'en installer un autre.
  Vérifier et choisir, si nécessaire, un parmi ceux-ci (gratuits): Online Armor Firewall, Sunbelt Personal Firewall, Outpost Firewall FREE.
   
  
• Contrôler et configurer les mises à jour Windows:
  - Cliquer ICI et installer toutes les Mises à jour critiques après avoir accepté l'installation de l'activex (si proposé).
  - OU, cliquer sur "Démarrer" => "Tous les programmes" => "Windows update".
  - ET, optez (si ce n'est pas encore fait) pour une MAJ Automatique à une heure où vous êtes sûr que votre PC n'est pas éteint.
   
  
• Installer PSI de Secunia pour des MAJ logiciels
  
• Installer Update Checker pour des MAJ pilotes
  
• Utiliser PC Pitstop pour Optimiser votre PC (en anglais)
  
• Sauvegarder le Registre avec Erunt
  Pour des raisons évidentes, garder les copies de sauvegarde sur un support autre que le disque système.
  
• Immunisez votre machine avec Spyware Blaster, compatible avec Toutes les versions de Windows 32bit et 64bit. Tuto.
  
• Vaccinez votre machine et vos médias amovibles (clés USB...) avec MKV contre les "vers" (Autorun worms). Juste brancher tous les médias amovibles, lancer le programme et cliquer sur le bouton Vaccination (l'action est reversible en cliquant sur "Supprimer la vaccination".
  
• Opter pour Firefox ou Opera pour la navigation de tous les jours et réserver Internet Explorer pour les Mises à jour et les cas bien spécifiques.
  
• Nettoyer et dé-fragmenter, régulièrement, les Partitions/ Disques.

 

>>> Ce qu'il faut ÉVITER ABSOLUMENT: Parce qu'il existe toujours un programme/logiciel gratuit et légal pour pratiquement tout ce qu'on veut, supprimer de votre machine et rester à l'écart de tout ce qui est,

• Warez , Crack , keygen etc. Arrêter de croire que ces programmes sont là juste pour faire plaisir ou rendre service. Il n'y a qu'à parcourir les Forums pour voir le nombre de PC victimes de ces programmes.
  
• P2P , *.Torrent etc: Lire attentivement Le danger des P2P.

 

>>> Ajouter Résolu: Merci d'éditer ton 1er post pour ajouter [Résolu] à la fin du titre après avoir cliqué sur le bouton "Modifier".

 

Bonne chance!

[Florian_85]

Merci bien Lance_yien pour ton aide.

 

Tes explications étaient claires et précises, parfait pour un novice comme moi

 

bonne continuation a toi aussi.

 

 

Florian