Possible infection

MG 76 · le 7 juillet 2011

Bonjour,

Je pense être infecté, mon ordi bug et j'ai constaté la présence d'un disque " F " sous l'explorateur avec un point d'interrogation. Je n'ai jamais créé de partition ou installé de disque supplémentaire. Pas possible de le supprimer non plus. J'ai un rapport hijackthis.

Merci de votre aide.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:34:51, on 07/07/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19019)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Downloads\Software\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=040c&s=2&o=vb32&d=1108&m=emg520

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: myBabylon English4 Toolbar - {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files\myBabylon_English4\tbmyBa.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\Neuf\Kit\SFRNavErrorHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: myBabylon English4 Toolbar - {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files\myBabylon_English4\tbmyBa.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll

O3 - Toolbar: myBabylon English4 Toolbar - {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files\myBabylon_English4\tbmyBa.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZyEmachine.EXE

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex (User 'Default user')

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe

O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service Google Update (gupdate1c9c68cf3017210) (gupdate1c9c68cf3017210) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe

O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

O23 - Service: SPService - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

--

End of file - 26444 bytes

Marie

lance_yien · le 7 juillet 2011

Bonjour MG 76,

Très Important!

>>> A faire immédiatement:

- En haut de ce message cliquer sur le bouton "Suivre ce sujet", en choisissant "Notification immédiate" => "Soumettre" tu seras avisé en temps réel pour les réponses apportées à ton sujet et de ce fait, ta machine sera nettoyée dans les meilleurs délais.

Si à la place du bouton "Suivre ce sujet" tu as "Arrêter de suivre ce sujet", c'est que les réglages ont déjà été faits.

- Sauvegarder (en copiant) tous les documents personnels sur un support autre que la partition système: Clé USB, CD/DVD, Disque Dur externe etc.

>>> Que faire durant ce nettoyage: Merci de NE PAS utiliser, installer et/ou désinstaller aucun programme à part ceux qui sont proposés à chaque étape ce qui a pour but d'éviter tout problème d'incompatibilité entre les outils.

>>> Que faire à la réception de nouvelles instructions:

Lire la totalité du message.
Certains programmes peuvent créer des problèmes s'ils ne sont pas lancés depuis le Bureau. Aussi, il est demandé de les télécharger et enregistrer DIRECTEMENT sur le Bureau (ou les déplacer avant utilisation par un clic-droit dessus => "Couper" puis clic-droit sur le Bureau => "Coller").
Prendre l'habitude de désactiver tous les programmes de protection au début de chaque nouvelle étape et de les réactiver à la fin.
Procéder toujours dans l'ordre donné et demander des clarifications si nécessaire AVANT de commencer.
NE PAS hésiter à commenter et signaler tout changement (en bien ou en mal) dans le comportement de la machine ou par rapport au problème initial.

>>> Comment répondre:

- Cliquer sur le bouton (et non sur car je n'ai pas besoin de relire mes messages précédents).

- Coller le contenu des rapports SANS y ajouter AUCUN formatage de texte (en citation, code, couleur etc...).

>>> Ne pas abandonner son sujet avant d'avoir été informé(e) que tout est OK.

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau:

Malware Bytes Anti-Malware depuis ici.
Security Check (par screen317) depuis ici ou ici.

>>> Utiliser Malwarebytes' Anti-Malware: Fermer toutes les applications et fenêtres ouvertes et double-cliquer sur mbam-setup.exe (pour Vista/ Windows7, cliquer-droit sur mbam-setup.exe => "Exécuter en tant qu'administrateur"). Suivre les indications en laissant tout par défaut. Cliquer sur Terminer sans rien changer.

- Lancer le programme depuis son icône sur le bureau ou depuis "Démarrer" => "Tous les programmes" => "Malwarebytes' Anti-Malware".

- Faire les Mises à jour depuis l'onglet du même nom. Si problème avec les mises à jour automatiques, cliquer ICI pour les télécharger et les installer manuellement.

- Dans l'onglet "Recherche" laisser la case "Exécuter un examen rapide" cochée et cliquer sur "Rechercher".

Patienter jusqu'à la fin (affichage du message ci-dessous)

Cliquer sur OK, pour fermer ce message.

- Cliquer sur "Afficher les résultats" puis s'assurer que tout est coché et cliquer sur "Supprimer la sélection".

Le programme procède alors au nettoyage. S'il vous demande de redémarrer le PC, ACCEPTER (c'est pour supprimer certains fichiers spécifiques).

A la fin un rapport s'affiche (accessible à tout moment depuis l'onglet Rapport/Logs de la fenêtre principale de MBAM. Poster son contenu dans la prochaine réponse.

>>> Utiliser SecurityCheck: Fermer tout et double-cliquer sur "SecurityCheck.exe" (Vista/W7, cliquer-droit dessus => "Exécuter en tant qu'administrateur") pour lancer le programme.

Appuyer sur une touche comme demandé et suivre les indications.

Note: Si un des programmes de sécurité demande la permission d'accéder à Internet depuis dig.exe, acceptez.

Le Rapport checkup.txt s'ouvre à la fin. Poster son contenu.

Ce rapport ne sera pas enregistré automatiquement. Si vous voulez en garder une copie, cliquez sur "Fichier" => "Enregistrer sous", choisissez un endroit (Bureau par exemple) et cliquez sur "Enregistrer" en bas à droite.

Poster son contenu.

>>> Utiliser MiniToolBox: Télécharger sur le Bureau MiniToolBox (par farbar) depuis ici et double-cliquer sur MiniToolBox.exe (Vista/W7, right-click => "Run as administrator") pour lancer l'utilitaire.

Cocher la(les( ligne(s) suivante(s) et cliquer sur le bouton Go:

List Users, Partitions and Memory size.

A la fin un document texte, nommé Result.txt, s'ouvre et est sauvegardé automatiquement au même emplacement que MiniToolBox.exe. Copier/ coller son contenu dans une prochaine réponse.

Rapports demandés:

Malwarebytes Anti-Malware log
checkup.txt
Result.txt

MG 76 · le 7 juillet 2011

Veuillez trouver ci-dessous les trois rapports :

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Version de la base de données: 7040

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19019

07/07/2011 14:30:22

mbam-log-2011-07-07 (14-30-22).txt

Type d'examen: Examen rapide

Elément(s) analysé(s): 172972

Temps écoulé: 4 minute(s), 35 seconde(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 4

Valeur(s) du Registre infectée(s): 3

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4B00-8578-D933D2896EE2} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

------------------------------------------------------------------------------------------------------------------------------------------------

Results of screen317's Security Check version 0.99.7

Windows Vista Service Pack 2 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

avast! Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 26

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 10.2.152.32

Adobe Reader 9

Out of date Adobe Reader installed!

Mozilla Firefox (3.6.18)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

Alwil Software Avast5 AvastSvc.exe

Alwil Software Avast5 AvastUI.exe

``````````End of Log````````````

--------------------------------------------------------------------------------------------------------------------------------------------------

MiniToolBox by Farbar

Ran by laurine (administrator) on 07-07-2011 at 14:48:53

Windows Vista Home Basic Service Pack 2 (X86)

***************************************************************************

========================= Memory info: ====================================

Percentage of memory in use: 38%

Total physical RAM: 3000.13 MB

Available physical RAM: 1832.04 MB

Total Pagefile: 6214.5 MB

Available Pagefile: 5060.76 MB

Total Virtual: 2047.88 MB

Available Virtual: 1956.76 MB

======================= Partitions: =======================================

1 Drive c: (OS) (Fixed) (Total:69.52 GB) (Free:17 GB) NTFS

2 Drive d: (DATA) (Fixed) (Total:69.52 GB) (Free:69.35 GB) NTFS

================= Users: ==================================================

comptes d'utilisateurs de \\PC-DE-LAURINE

-------------------------------------------------------------------------------

Administrateur Invit‚ laurine

La commande s'est termin‚e correctement.

================= End of Users ============================================

Merci

Marie

lance_yien · le 7 juillet 2011

>>> Les Antispyware: Ton(tes) rapport(s) montre(nt) que les programmes suivants son installés et son actifs sur ta machine:

Windows Defender

Ad-Aware

Spybot - Search & Destroy

Malwarebytes' Anti-Malware

Tu dois avoir UN SEUL antispyware actif.

>>> les partitions détectées sont (en rouge):

======================= Partitions: =======================================

1 Drive c: (OS) (Fixed) (Total:69.52 GB) (Free:17 GB) NTFS

2 Drive d: (DATA) (Fixed) (Total:69.52 GB) (Free:69.35 GB) NTFS

Est-ce que tu confirmes, déjà, leur présence dans l'Explorateur de Windows (quand tu ouvres le Poste de travail)?

Malwarebytes' Anti-Malware a supprimé des choses

Si cela n'a pas joué sur la présence de ton disque fantôme, essaie de nous donner plus de détails (capture d'écran etc...)

>>> ESET Online Scanner: Brancher et allumer tous les médias amovibles disponibles (DD externe, clés USB etc) et désactiver antivirus/ parefeu et antispyware.

Utiliser Internet Explorer pour aller ICI.

Cliquer sur le bouton vert ESET Online Scanner, cocher la case "YES, I accept the Terms of Use" et cliquer sur Start.
Accepter l'installation de l'ActiveX.
Cocher "Scan archives", DEcocher "Remove found threats" et cliquer Start.
Eset téléchargera la base de données et commencera le scan. Le laisser finir son scan.
Ensuite, cliquer sur "List of found threats"
Cliquer sur "Export to text file..." et sauvegarder les résultats sur le Bureau en le nommant "scan-results" pour les copier/coller ici.
Cliquer sur et cocher la case Uninstall application on close pour supprimer ESET Online Scanner de la machine.

Cliquer sur et poster le rapport.

>>> Utiliser MiniToolBox: Relancer MiniToolBox et cocher les lignes suivantes et cliquer sur le bouton Go:

Flush DNS
Reset IE Proxy Settings
List content of Hosts

A la fin un document texte, nommé Result.txt, s'ouvre et est sauvegardé automatiquement au même emplacement que MiniToolBox.exe. Copier/ coller son contenu dans une prochaine réponse.

>>> CKScanner: Télécharger sur le Bureau CKScanner (par askey127) depuis ici.

S'assurer que CKScanner.exe est sur le Bureau et double-cliquer dessus. Cliquer sur Search For Files.

Patienter jusqu'à ce que le curseur de la souris reprenne sa forme habituelle et cliquer sur Save List To File.

Cliquer sur OK dans le message "Saved to flename ckfiles.txt" .

Maintenant, ouvrir le fichier CKFiles.txt qui s'est créé sur le Bureau et copier/ coller son contenu dans la prochaine réponse.

Cliquer sur Exit pour fermer CKScanner.

Rapports demandés:

Result.txt
scan-results.txt
CKFiles.txt

Modifié le 21 juillet 2011 par lance_yien

MG 76 · le 7 juillet 2011

Bonsoir,

voici les 3 rapports :

C:\$Recycle.Bin\S-1-5-21-1463186501-2812833338-1491703866-1000\$RWV3BK2.exe une variante de Win32/RegistryReviver application

C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar70.zip Win32/Bagle.gen.zip ver

C:\Users\All Users\Application Data\Spybot - Search & Destroy\Recovery\BabylonToolbar70.zip Win32/Bagle.gen.zip ver

C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar70.zip Win32/Bagle.gen.zip ver

C:\Users\laurine\Documents\Downloads\Software\BandooV6.exe menaces multiples

C:\Windows\System32\8F2AFE561B93F567A3DC72761DE7A407\conf\templates\3302.zip une variante de Win32/Kryptik.MLX cheval de troie

C:\Windows\System32\8F2AFE561B93F567A3DC72761DE7A407\conf\templates\3303.zip une variante de Win32/Kryptik.MLX cheval de troie

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6c712c40-79d84953 une variante de Java/TrojanDownloader.OpenStream.NBM cheval de troie

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7560f91-40a02b90 une variante probable de Java/TrojanDownloader.OpenStream.NCC cheval de troie

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\64fcce70-4716bb16 une variante de Java/TrojanDownloader.OpenStream.NBM cheval de troie

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7800b2b9-18309ba6 une variante probable de Java/TrojanDownloader.OpenStream.NCC cheval de troie

------------------------------------------------------------------------------------------------------------------------------------------------

MiniToolBox by Farbar

Ran by laurine (administrator) on 07-07-2011 at 20:41:39

Windows Vista Home Basic Service Pack 2 (X86)

***************************************************************************

================= Flush DNS: ==============================================

Configuration IP de Windows

Cache de r‚solution DNS vid‚.

================= End of Flush DNS ========================================

"Reset IE Proxy Settings": Proxy Settings were reset.

Hosts file not detected in the default diroctory

----------------------------------------------------------------------------------------------------------------------------------------------

CKScanner - Additional Security Risks - These are not necessarily bad

c:\program files\emachines gamezone\bejeweled 2 deluxe\sounds\firecrackle.ogg

scanner sequence 3.NA.11.UPAPSW

----- EOF -----

-----------------------------------------------------------------------------------------------------------------------------------------------

J'ai regardé dans poste de travail et il y a toujours un disque "F", dans autre mais que je n'arrive pas à supprimer et qui n'existe pas. J'ai fait une copie d'écran mais je ne sais pas comment l'envoyer.

Merci

Marie

lance_yien · le 8 juillet 2011

Bonjour,

Pour la copie d'écran, il faut l'héberger et nous donner 'URL correspondante:

Aller sur le site :Ci-Joint

Cliquer sur Parcourir, chercher le fichier/ dossier à héberger et cliquer dessus. Cliquer sur Créer le lien CJoint.

Dans la page suivante --> , une adresse (http//...) sera créée. La copier /coller dans la prochaine réponse.

Pour le lecteur récalcitrant, as-tu essayé d'installer/désinstaller un support amovible genre disque dur externe, USB, carte mémoire ou téléphone mobile.

Qu'as-tu décidé/fait pour les antispywre? Il est important que je sache ce que tu as supprimé et ce que tu as gardé pour t'aider à nettoyer des restes éventuels de désinstallation etc...

--

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau OTL (par OldTimer) depuis ici ou ici.

Brancher et allumer tous les médias amovibles disponibles (DD externe, clés USB etc) et désactiver antivirus/ parefeu et antispyware.

Fermer toutes les applications et fenêtres ouvertes et cliquer-droit sur OTL.exe => Exécuter en tant qu'Administrateur.

Copiez/ Collez ces lignes (commençant par netsvcs) dans l'espace sous "Personnalisation":

netsvcs
drivers32

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

CREATERESTOREPOINT

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

SAVEMBR:0

Sans rien changer, cliquer sur le bouton bleu Analyse et laisser faire.

A la fin du scan, 2 rapports seront créés: OTL.txt (qui s'ouvre dans le bloc-note) et Extras.txt (qui sera minimisé dans la Barre des tâches).

Copier/ Coller le contenu de chaque rapport, un seul par message parce qu'ils sont souvent très longs et dépassent la limite autorisée par le forum.

Rapports demandés:

OTL.txt
Extras.txt
URL de la copie écran

MG 76 · le 8 juillet 2011

Bonjour,

Voici le lien pour la photo d'écran : Lien CJoint.com AGil7iMTNuU

J'ai donc désinstallé Ad-aware et SPYBOT.

Je n'ai pas de périphérique sur l'ordi mis à part une clé USB que je ne laisse pas en permanence mais lorsque que je l'installe, elle ressort sur le poste de travail et ne reste pas quand je l'enlève.

Voici également les rapports OTL :

OTL logfile created on: 08/07/2011 11:42:47 - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\laurine\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19019)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,93 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 61,31% Memory free

6,07 Gb Paging File | 4,80 Gb Available in Paging File | 79,01% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69,52 Gb Total Space | 17,74 Gb Free Space | 25,51% Space Free | Partition Type: NTFS

Drive D: | 69,52 Gb Total Space | 69,35 Gb Free Space | 99,75% Space Free | Partition Type: NTFS

Computer Name: PC-DE-LAURINE | User Name: laurine | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/08 11:38:05 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\laurine\Desktop\OTL.exe

PRC - [2011/04/01 10:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2011/02/23 17:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2011/02/23 17:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/04/03 21:23:58 | 003,558,648 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

PRC - [2009/03/02 12:41:52 | 003,399,727 | ---- | M] (FreeDownloadManager.ORG) -- C:\PROGRA~1\FREEDO~1\FDM.exe

PRC - [2009/01/09 19:58:10 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2009/01/09 19:57:04 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2008/11/05 17:21:04 | 000,378,216 | ---- | M] (Acer Incorporated) -- C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe

PRC - [2008/08/06 11:18:52 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

PRC - [2008/07/20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2008/06/24 10:33:44 | 000,817,672 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZyEmachine.EXE

PRC - [2008/06/11 12:18:30 | 000,024,576 | ---- | M] () -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe

PRC - [2008/05/06 11:28:54 | 000,311,296 | ---- | M] (Acer Inc.) -- C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe

PRC - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (SafeList) ==========

MOD - [2011/07/08 11:38:05 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\laurine\Desktop\OTL.exe

MOD - [2011/02/23 17:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll

MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/01 10:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2011/02/23 17:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®

SRV - [2008/06/11 12:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)

SRV - [2008/01/21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2011/02/23 16:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/02/23 16:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/02/23 16:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/02/23 16:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/02/23 16:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2011/02/23 16:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2008/07/10 04:43:00 | 000,917,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008/06/11 12:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)

DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = Le Complément de recherche d'Internet Explorer 6 n'est plus pris en charge.

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKLM\..\URLSearchHook: {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files\myBabylon_English4\tbmyBa.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\..\URLSearchHook: {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files\myBabylon_English4\tbmyBa.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.msn.fr/"

FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..keyword.URL: "http://redirecterror.sfr.fr/?q="'>http://redirecterror.sfr.fr/?q="

FF - user.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )

FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/26 11:40:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/26 11:40:15 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/04/12 19:14:27 | 000,000,000 | ---D | M]

[2009/04/18 23:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\laurine\AppData\Roaming\mozilla\Extensions

[2011/07/07 13:12:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\laurine\AppData\Roaming\mozilla\Firefox\Profiles\cnvowl6f.default\extensions

[2011/04/11 12:11:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\laurine\AppData\Roaming\mozilla\Firefox\Profiles\cnvowl6f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/04/07 19:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\laurine\AppData\Roaming\mozilla\Firefox\Profiles\cnvowl6f.default\extensions\ffxtlbr@babylon.com

[2011/07/07 12:51:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2011/04/16 19:08:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/07/07 12:51:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2009/05/11 19:28:53 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION

[2009/04/12 19:14:27 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER

[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll

[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/06/26 11:40:09 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml

[2011/04/07 19:25:55 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2011/06/26 11:40:09 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2011/06/26 11:40:09 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml

[2010/01/29 20:45:46 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml

[2010/04/05 15:29:59 | 000,000,615 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pucuy.xml

[2011/06/26 11:40:09 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

[2011/06/26 11:40:09 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

Hosts file not found

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\Neuf\Kit\SFRNavErrorHelper.dll (SFR)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()

O2 - BHO: (myBabylon English4 Toolbar) - {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files\myBabylon_English4\tbmyBa.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (myBabylon English4 Toolbar) - {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files\myBabylon_English4\tbmyBa.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English4 Toolbar) - {FC600575-3013-4E8E-941C-4B00DAFCE730} - C:\Program Files\myBabylon_English4\tbmyBa.dll (Conduit Ltd.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZyEmachine.EXE (Dritek System Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

O4 - Startup: C:\Users\laurine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)

O8 - Extra context menu item: Télécharger avec Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()

O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\laurine\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Papier peint de la Galerie de photos Windows Live.jpg

O24 - Desktop BackupWallPaper: C:\Users\laurine\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Papier peint de la Galerie de photos Windows Live.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{728c0bb7-1e36-11df-8a1f-00238b013c89}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\NoLimit.exe

O33 - MountPoints2\{a0d9fa18-4e31-11df-98d8-00238b013c89}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\NoLimit.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Error creating restore point.

PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011/07/08 11:37:59 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\laurine\Desktop\OTL.exe

[2011/07/07 18:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/07/07 18:16:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011/07/07 14:12:20 | 000,000,000 | ---D | C] -- C:\a supprimer

[2011/07/07 13:59:57 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\laurine\Desktop\mbam-setup-1.51.0.1200.exe

[2011/07/07 12:51:46 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011/07/07 12:51:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011/07/07 12:51:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011/07/06 15:06:01 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2011/07/06 15:06:01 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2011/07/06 15:05:57 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe

[2011/07/06 15:05:51 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

[2011/07/06 15:05:50 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll

[2011/07/06 12:04:52 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011/07/06 12:03:25 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011/07/06 12:03:12 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011/07/06 12:03:11 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011/07/06 12:02:55 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2011/07/06 12:02:54 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2011/06/12 09:52:08 | 000,000,000 | ---D | C] -- C:\DivX Movies

[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/07/08 11:44:34 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2011/07/08 11:38:05 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\laurine\Desktop\OTL.exe

[2011/07/08 11:29:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2011/07/08 11:29:23 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/08 11:29:23 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job

[2011/07/08 11:29:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/08 11:29:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/08 11:28:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/08 11:28:27 | 3146,625,024 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/07 22:13:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/07 22:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At95.job

[2011/07/07 22:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At71.job

[2011/07/07 22:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At47.job

[2011/07/07 22:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At23.job

[2011/07/07 22:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At119.job

[2011/07/07 20:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At94.job

[2011/07/07 20:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At70.job

[2011/07/07 20:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At46.job

[2011/07/07 20:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At22.job

[2011/07/07 20:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At118.job

[2011/07/07 20:42:47 | 000,459,264 | ---- | M] () -- C:\Users\laurine\Desktop\CKScanner.exe

[2011/07/07 20:00:02 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At69.job

[2011/07/07 20:00:02 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At45.job

[2011/07/07 20:00:02 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At21.job

[2011/07/07 20:00:02 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At117.job

[2011/07/07 19:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At93.job

[2011/07/07 19:00:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At92.job

[2011/07/07 19:00:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At68.job

[2011/07/07 19:00:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At44.job

[2011/07/07 19:00:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At20.job

[2011/07/07 19:00:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At116.job

[2011/07/07 18:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At91.job

[2011/07/07 18:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At67.job

[2011/07/07 18:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At19.job

[2011/07/07 18:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At115.job

[2011/07/07 17:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At43.job

[2011/07/07 17:42:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At90.job

[2011/07/07 17:42:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At66.job

[2011/07/07 17:42:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At42.job

[2011/07/07 17:42:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At18.job

[2011/07/07 17:42:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At114.job

[2011/07/07 15:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At89.job

[2011/07/07 15:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At65.job

[2011/07/07 15:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At41.job

[2011/07/07 15:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At17.job

[2011/07/07 15:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At113.job

[2011/07/07 15:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At64.job

[2011/07/07 15:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At16.job

[2011/07/07 15:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At112.job

[2011/07/07 14:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At88.job

[2011/07/07 14:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At40.job

[2011/07/07 14:47:37 | 000,369,085 | ---- | M] () -- C:\Users\laurine\Desktop\MiniToolBox.exe

[2011/07/07 14:42:37 | 000,879,028 | ---- | M] () -- C:\Users\laurine\Desktop\SecurityCheck.exe

[2011/07/07 14:00:59 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/07 14:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At63.job

[2011/07/07 14:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At39.job

[2011/07/07 14:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At15.job

[2011/07/07 14:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At111.job

[2011/07/07 13:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At87.job

[2011/07/07 13:55:18 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\laurine\Desktop\mbam-setup-1.51.0.1200.exe

[2011/07/07 13:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At86.job

[2011/07/07 13:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At62.job

[2011/07/07 13:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At14.job

[2011/07/07 13:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At110.job

[2011/07/07 12:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At38.job

[2011/07/07 12:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At61.job

[2011/07/07 12:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At37.job

[2011/07/07 12:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At13.job

[2011/07/07 12:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At109.job

[2011/07/07 11:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At85.job

[2011/07/07 10:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At84.job

[2011/07/07 10:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At60.job

[2011/07/07 10:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At36.job

[2011/07/07 10:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At12.job

[2011/07/07 10:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At108.job

[2011/07/07 10:49:07 | 000,694,122 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2011/07/07 10:49:07 | 000,600,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/07/07 10:49:07 | 000,131,708 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2011/07/07 10:49:07 | 000,108,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/07/07 10:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At83.job

[2011/07/07 10:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At59.job

[2011/07/07 10:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At35.job

[2011/07/07 10:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At11.job

[2011/07/07 10:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At107.job

[2011/07/07 09:00:24 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At82.job

[2011/07/07 09:00:24 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At58.job

[2011/07/07 09:00:24 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At34.job

[2011/07/07 09:00:24 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At106.job

[2011/07/07 09:00:24 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At10.job

[2011/07/07 08:55:22 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2011/07/07 08:53:31 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat

[2011/07/07 08:53:31 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat

[2011/07/07 08:27:37 | 000,322,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/07/07 08:19:47 | 262,011,081 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/07/07 08:15:16 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI

[2011/07/07 08:00:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At9.job

[2011/07/07 08:00:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At81.job

[2011/07/07 08:00:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At57.job

[2011/07/07 08:00:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At33.job

[2011/07/07 08:00:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At105.job

[2011/07/06 00:36:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At97.job

[2011/07/06 00:36:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At1.job

[2011/07/06 00:34:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At73.job

[2011/07/06 00:30:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At25.job

[2011/07/06 00:16:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At49.job

[2011/07/03 12:46:51 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2011/07/01 14:04:50 | 000,000,504 | ---- | M] () -- C:\Users\laurine\AppData\Roaming\wklnhst.dat

[2011/06/30 07:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At80.job

[2011/06/30 07:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At8.job

[2011/06/30 07:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At56.job

[2011/06/30 07:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At32.job

[2011/06/30 07:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At104.job

[2011/06/29 23:11:12 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At96.job

[2011/06/29 23:11:12 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At72.job

[2011/06/29 23:11:12 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At48.job

[2011/06/29 23:11:12 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At24.job

[2011/06/29 23:11:12 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At120.job

[2011/06/29 20:14:26 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2011/06/27 14:25:48 | 000,065,536 | ---- | M] () -- C:\Users\laurine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/27 14:24:22 | 000,236,814 | ---- | M] () -- C:\Users\laurine\Documents\021.JPG

[2011/06/21 16:32:24 | 000,010,643 | ---- | M] () -- C:\Users\laurine\Documents\pas aujourdui.odt

[2011/06/13 02:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At99.job

[2011/06/13 02:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At75.job

[2011/06/13 02:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At51.job

[2011/06/13 02:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At27.job

[2011/06/13 01:59:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At3.job

[2011/06/13 01:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At98.job

[2011/06/13 01:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At74.job

[2011/06/13 01:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At50.job

[2011/06/13 01:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At26.job

[2011/06/13 01:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At2.job

========== Files Created - No Company Name ==========

[2011/07/08 11:44:34 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2011/07/07 20:42:46 | 000,459,264 | ---- | C] () -- C:\Users\laurine\Desktop\CKScanner.exe

[2011/07/07 14:47:35 | 000,369,085 | ---- | C] () -- C:\Users\laurine\Desktop\MiniToolBox.exe

[2011/07/07 14:42:35 | 000,879,028 | ---- | C] () -- C:\Users\laurine\Desktop\SecurityCheck.exe

[2011/07/06 17:54:19 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2011/06/26 16:38:48 | 000,236,814 | ---- | C] () -- C:\Users\laurine\Documents\021.JPG

[2011/06/26 13:45:35 | 262,011,081 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011/06/21 16:32:23 | 000,010,643 | ---- | C] () -- C:\Users\laurine\Documents\pas aujourdui.odt

[2011/04/25 20:19:33 | 000,000,112 | ---- | C] () -- C:\ProgramData\v12G5K3mO.dat

[2011/04/22 19:27:35 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat

[2011/04/22 19:27:35 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat

[2011/04/20 16:37:08 | 000,011,158 | -HS- | C] () -- C:\Users\laurine\AppData\Local\648e05gq178dq1i732f265a7gxi2614726

[2011/04/20 16:37:08 | 000,011,158 | -HS- | C] () -- C:\ProgramData\648e05gq178dq1i732f265a7gxi2614726

[2011/04/07 21:06:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\reginfo.dll

[2010/09/04 20:01:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010/09/04 20:01:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010/08/28 18:41:41 | 000,001,700 | ---- | C] () -- C:\Windows\wininit.ini

[2010/08/28 17:07:26 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll

[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

[2010/02/20 11:17:56 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2009/10/20 16:13:51 | 000,000,504 | ---- | C] () -- C:\Users\laurine\AppData\Roaming\wklnhst.dat

[2009/04/23 13:22:25 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2009/04/23 13:22:24 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat

[2009/04/23 13:22:24 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat

[2009/04/23 13:22:24 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat

[2009/04/23 13:22:24 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat

[2009/04/23 13:22:24 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat

[2009/04/23 13:22:24 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat

[2009/04/23 13:22:24 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat

[2009/04/23 13:22:24 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat

[2009/04/23 13:22:24 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat

[2009/04/23 13:22:24 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat

[2009/04/23 13:22:24 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat

[2009/04/23 13:22:24 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat

[2009/04/23 13:22:24 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat

[2009/04/23 13:22:24 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat

[2009/04/23 13:22:24 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat

[2009/04/23 13:22:24 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat

[2009/04/23 13:22:24 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat

[2009/04/23 13:22:24 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat

[2009/04/18 23:03:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009/04/01 10:04:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009/03/30 20:09:04 | 000,065,536 | ---- | C] () -- C:\Users\laurine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/11/05 17:22:15 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll

[2008/05/29 19:13:08 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008/05/29 19:12:59 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll

[2008/05/29 19:12:58 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin

[2008/05/29 10:19:48 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll

[2008/05/29 10:19:48 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll

[2008/05/29 09:57:33 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini

[2008/05/29 09:57:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2008/05/29 09:57:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2008/05/29 09:57:33 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2008/01/21 09:23:37 | 000,694,122 | ---- | C] () -- C:\Windows\System32\perfh00C.dat

[2008/01/21 09:23:37 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat

[2008/01/21 09:23:37 | 000,131,708 | ---- | C] () -- C:\Windows\System32\perfc00C.dat

[2008/01/21 09:23:37 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat

[2006/11/02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 14:44:53 | 000,322,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 12:33:01 | 000,600,690 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 12:33:01 | 000,108,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005/02/25 06:15:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL

[2004/07/06 12:06:24 | 000,016,384 | ---- | C] () -- C:\Users\laurine\AppData\Roaming\CDRusersDB.v12

[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2011/07/07 14:32:22 | 000,061,541 | ---- | M] () -- C:\aaw7boot.log

[2006/09/18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2008/05/29 19:15:03 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2011/05/21 11:01:41 | 000,000,021 | ---- | M] () -- C:\cfg.ini

[2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2011/07/08 11:28:27 | 3146,625,024 | -HS- | M] () -- C:\hiberfil.sys

[2011/02/05 10:54:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2011/02/05 10:54:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2011/07/08 11:28:26 | 3460,431,872 | -HS- | M] () -- C:\pagefile.sys

[2011/04/20 18:49:48 | 000,000,000 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin

[2011/07/08 11:44:34 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2008/05/29 09:58:10 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log

[2011/04/07 19:27:02 | 000,024,356 | ---- | M] () -- C:\TDSSKiller.2.4.1.2_07.04.2011_19.26.40_log.txt

[2011/04/07 19:32:28 | 000,113,036 | ---- | M] () -- C:\TDSSKiller.2.4.1.2_07.04.2011_19.30.38_log.txt

[2011/04/07 19:45:02 | 000,057,530 | ---- | M] () -- C:\TDSSKiller.2.4.1.2_07.04.2011_19.42.17_log.txt

[2011/04/08 10:54:43 | 000,057,508 | ---- | M] () -- C:\TDSSKiller.2.4.1.2_08.04.2011_10.54.09_log.txt

[2011/04/10 19:05:37 | 000,057,508 | ---- | M] () -- C:\TDSSKiller.2.4.1.2_10.04.2011_19.05.07_log.txt

[2011/04/28 19:03:39 | 000,058,000 | ---- | M] () -- C:\TDSSKiller.2.4.1.2_28.04.2011_19.03.17_log.txt

[2008/11/05 17:24:50 | 000,386,750 | ---- | M] () -- C:\vcredist_x86.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2008/01/21 05:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008/01/21 05:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008/01/21 05:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >

[2011/04/21 15:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\afd.sys

[2011/04/14 16:59:03 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dfsc.sys

[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamswissarmy.sys

[2011/04/29 15:24:40 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb.sys

[2011/04/29 15:24:50 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb10.sys

[2011/04/29 15:24:42 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb20.sys

[2011/07/03 12:46:51 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\system32\drivers\SBREDrv.sys

[2011/04/29 15:25:10 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srv2.sys

[2011/04/29 15:25:09 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srvnet.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-08 09:34:46

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9F683177

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8

@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:9E22BBE8

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3E7393FC

< End of report >

-------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 08/07/2011 11:42:47 - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\laurine\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19019)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,93 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 61,31% Memory free

6,07 Gb Paging File | 4,80 Gb Available in Paging File | 79,01% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69,52 Gb Total Space | 17,74 Gb Free Space | 25,51% Space Free | Partition Type: NTFS

Drive D: | 69,52 Gb Total Space | 69,35 Gb Free Space | 99,75% Space Free | Partition Type: NTFS

Computer Name: PC-DE-LAURINE | User Name: laurine | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2343067C-1228-4FD1-B4C1-86E91A09A718}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4061}" = lport=29268 | protocol=6 | dir=in | name=spport |

"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4062}" = lport=29268 | protocol=6 | dir=out | name=spport |

"{669B287E-D1C9-47EE-AC88-F2BC7C4E4424}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{068BE7C5-56CC-42F1-A167-26F71583A813}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{25AFA46E-CEE5-402E-B3A3-447B7D76991E}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

"{2839BACB-FFBA-4A65-8893-0F189084C1CC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |

"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4059}" = protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |

"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4060}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |

"{30A456BF-5064-4464-8ED9-F7D075C6D7AA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{30AD4AEB-A08A-469F-8C2C-627EA4E21369}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |

"{33F08ED3-9EF8-4B35-88F1-328CA8FB6778}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |

"{34D726D9-5C66-41CB-B6E2-C3F2ECACDD09}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{41CF6E5E-957E-4D27-9C9A-968492ED1688}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |

"{46347FF4-2055-4AC0-AB49-25F16332B409}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |

"{4C3AB83D-6359-4A26-8617-0AC38521F0CC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |

"{89220381-F4B3-489B-8368-8A95689D79D8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{8B2BDE4E-3643-46CF-B777-CC4F202053BC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{90385DF7-E4F8-48AC-9FBB-A63A0CAD1645}" = dir=in | app=c:\windows\system32\authclient.exe |

"{96BB385C-9E83-48AF-9092-0882D0D729A3}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |

"{9B589A65-E909-47C5-93B9-2D1A59A9D491}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{9F0BBEBF-BACE-4A58-BA2A-DCF2B3167160}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |

"{B3B40D47-CB85-4C18-B819-02CBD5CE1406}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

"{B5004830-5BBE-416C-BD3F-63294F29BD4B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{C7A135A0-EFBE-45CA-A409-14999DB36F41}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |

"{D6B165BB-6C69-442A-8831-87612DCB834A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |

"{D8A15CFE-E862-4185-A1A8-602838FD6748}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{DFE26251-9FCA-4BF0-A4C1-187A42B7B3F5}" = protocol=17 | dir=in | app=c:\windows\temp\nmre\setup.exe |

"{F1855445-5719-4E1B-9C1C-296A16A3D7A7}" = protocol=6 | dir=in | app=c:\windows\temp\nmre\setup.exe |

"TCP Query User{021CFC52-0D8B-4622-AF52-25C9F3756B67}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{E493C01C-03E3-43CF-AFC8-537D6B3C578C}C:\program files\fluendo\moovida\moovida.exe" = protocol=6 | dir=in | app=c:\program files\fluendo\moovida\moovida.exe |

"UDP Query User{6C62B1A2-6408-4C1A-9A85-B6842966919A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{F8311E13-B35D-4864-831E-DF1EC13EE5CF}C:\program files\fluendo\moovida\moovida.exe" = protocol=17 | dir=in | app=c:\program files\fluendo\moovida\moovida.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{0214A441-A4AB-43A8-8DEF-2F73C5364673}" = Microsoft Works

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Barre d'outils Bing

"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack

"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{230B83A5-7D88-4B95-B71E-F44C0C78B002}" = Windows Live Movie Maker

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 26

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger

"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6084C211-01A1-464E-97A0-09772E122B50}" = Moovida

"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform

"{6860B340-530D-46B3-91F8-1AE1F70F7C33}" = OpenOffice.org 3.0

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management

"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}" = Diner Dash

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}" = Luxor

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}" = Build-a-lot

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113772953}" = Amazing Adventures The Lost Tomb

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11386547}" = Farm Frenzy

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007

"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D6524E6-15CF-4852-BF70-04FE973A3DE1}" = Windows Live Toolbar

"{9FF9FDF7-F84A-4F99-B4BB-066B6F95F33D}" = Windows Live Contrôle parental

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9

"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1

"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack

"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom Gigabit Integrated Controller

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)

"avast" = avast! Free Antivirus

"CCleaner" = CCleaner

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"EPSON Printer and Utilities" = EPSON Printer Software

"EPSON Scanner" = EPSON Scan

"ESET Online Scanner" = ESET Online Scanner v3

"Glary Utilities_is1" = Glary Utilities 2.20.0.831

"Google Chrome" = Google Chrome

"Google Desktop" = Google Desktop

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8

"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200

"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA

"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)

"myBabylon_English4 Toolbar" = myBabylon_English4 Toolbar

"SFR_Kit" = SFR - Kit de connexion

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TeamViewer 6" = TeamViewer 6

"Veoh Video Compass" = Veoh Video Compass

"Veoh Web Player Beta" = Veoh Web Player

"VLC media player" = VLC media player 1.0.1

"WinLiveSuite_Wave3" = Installation Windows Live

"Yahoo! Companion" = Yahoo! Toolbar

"ZHPDiag_is1" = ZHPDiag 1.27

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]

Error - 19/10/2009 14:30:55 | Computer Name = PC-de-laurine | Source = avast! | ID = 33554522

Description =

Error - 03/09/2010 10:32:20 | Computer Name = PC-de-laurine | Source = avast! | ID = 33554522

Description =

Error - 24/11/2010 14:30:59 | Computer Name = PC-de-laurine | Source = avast! | ID = 33554522

Description =

[ Application Events ]

Error - 07/07/2011 12:20:24 | Computer Name = PC-de-laurine | Source = WinMgmt | ID = 10

Description =

Error - 07/07/2011 14:45:34 | Computer Name = PC-de-laurine | Source = Application Hang | ID = 1002

Description = Le programme CKScanner.exe version 1.9.1.1 a cessé d’interagir avec

Windows et a été fermé. Pour déterminer si des informations supplémentaires sont

disponibles, consultez l’historique du problème dans l’application Rapports et

solutions aux problèmes du Panneau de configuration. ID de processus : 1368 Heure

de début : 01cc3cd5e6fa5d90 Heure de fin : 4

Error - 07/07/2011 17:35:46 | Computer Name = PC-de-laurine | Source = WinMgmt | ID = 10

Description =

Error - 08/07/2011 05:29:45 | Computer Name = PC-de-laurine | Source = WinMgmt | ID = 10

Description =

Error - 08/07/2011 05:33:21 | Computer Name = PC-de-laurine | Source = SPP | ID = 16387

Description =

Error - 08/07/2011 05:33:21 | Computer Name = PC-de-laurine | Source = System Restore | ID = 8193

Description =

Error - 08/07/2011 05:33:32 | Computer Name = PC-de-laurine | Source = SPP | ID = 16387

Description =

Error - 08/07/2011 05:33:32 | Computer Name = PC-de-laurine | Source = System Restore | ID = 8193

Description =

Error - 08/07/2011 05:44:34 | Computer Name = PC-de-laurine | Source = SPP | ID = 16387

Description =

Error - 08/07/2011 05:44:34 | Computer Name = PC-de-laurine | Source = System Restore | ID = 8193

Description =

[ System Events ]

Error - 07/07/2011 02:55:37 | Computer Name = PC-de-laurine | Source = Service Control Manager | ID = 7026

Description =

Error - 07/07/2011 03:15:17 | Computer Name = PC-de-laurine | Source = DCOM | ID = 10016

Description =

Error - 07/07/2011 05:30:28 | Computer Name = PC-de-laurine | Source = DCOM | ID = 10016

Description =

Error - 07/07/2011 05:30:28 | Computer Name = PC-de-laurine | Source = DCOM | ID = 10016

Description =

Error - 07/07/2011 08:33:38 | Computer Name = PC-de-laurine | Source = Service Control Manager | ID = 7026

Description =

Error - 07/07/2011 12:20:24 | Computer Name = PC-de-laurine | Source = Service Control Manager | ID = 7026

Description =

Error - 07/07/2011 15:58:51 | Computer Name = PC-de-laurine | Source = bowser | ID = 8003

Description =

Error - 07/07/2011 17:35:46 | Computer Name = PC-de-laurine | Source = Service Control Manager | ID = 7026

Description =

Error - 08/07/2011 05:28:24 | Computer Name = PC-de-laurine | Source = ACPI | ID = 327693

Description = : le contrôleur embarqué n’a pas répondu dans le délai imparti. Cette

erreur peut indiquer que le matériel ou le microprogramme du contrôleur embarqué

présente une erreur ou que le BIOS accède au contrôleur embarqué de manière incorrecte.

Contactez le fabricant de votre ordinateur afin de savoir si un BIOS mis à niveau

est disponible. Dans certains cas, cette erreur peut provoquer un fonctionnement

incorrect de l’application.

Error - 08/07/2011 05:29:45 | Computer Name = PC-de-laurine | Source = Service Control Manager | ID = 7026

Description =

< End of report >

------------------------------------------------------------------------------------------------------------------------------------------------------------------

Merci

Marie

lance_yien · le 8 juillet 2011

- Ton fichier sur Ci-joint et inexploitable (du moins pour moi car je ne sais pas avec quoi l'ouvrir). Tu as fait ta capture avec quel programme?

- Tu as toujours "Windows Defender" et "Malwarebytes' Anti-Malware" qui se lancent tous les deux en même temps que Windows.

Utilise CCleaner (Outils => Démarrage) pour en désactiver un.

>>> OTL: Désactiver les programmes de protection (antivirus etc...) et lancer OTL.

Copier la liste suivante (commençant par :OTL) et la coller dans l'espace sous "Personnalisation" (les : au début et le ] à la fin sont très important, merci de vérifier).

:OTL

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O33 - MountPoints2\{728c0bb7-1e36-11df-8a1f-00238b013c89}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\NoLimit.exe

O33 - MountPoints2\{a0d9fa18-4e31-11df-98d8-00238b013c89}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\NoLimit.exe

[2011/07/07 18:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9F683177

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8

@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:9E22BBE8

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3E7393FC

:Services

:Reg

:Files

ipconfig /flushdns /c

C:\WINDOWS\tasks\*.job

C:\*.sqm

C:\WINDOWS\System32\*.tmp

C:\WINDOWS\*.tmp

C:\$Recycle.Bin\S-1-5-21-1463186501-2812833338-1491703866-1000\$RWV3BK2.exe

C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar70.zip

C:\Users\All Users\Application Data\Spybot - Search & Destroy\Recovery\BabylonToolbar70.zip

C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar70.zip

C:\Users\laurine\Documents\Downloads\Software\BandooV6.exe

C:\Windows\System32\8F2AFE561B93F567A3DC72761DE7A407\conf\templates\3302.zip

C:\Windows\System32\8F2AFE561B93F567A3DC72761DE7A407\conf\templates\3303.zip

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6c712c40-79d84953

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7560f91-40a02b90

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\64fcce70-4716bb16

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7800b2b9-18309ba6

:Commands

[EMPTYTEMP]

[EMPTYFLASH]

[RESETHOSTS]

ATTENTION: Les lignes O15 (en bleu) concernent des sites dans la zone de confiance. Dans cette zone les sites ont des privilèges plus étendus par rapport aux autres. On peut introduire, soi-même, ces sites MAIS des âmes mal intentionnées peuvent s'y inviter aussi. APRES AVOIR COLLE TOUT LE SCRIPT, tu peux supprimer de liste ceux que tu veux garder dans la zone de confiance.

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme demandera de redémarrer la machine pour finir le processus, cliquer sur Oui.

A la fin un rapport s'ouvre dans le bloc-note. Copier son contenu et le coller dans une nouvelle réponse. Fermer le rapport et OTL.

>>> Mises à jour: Toute ancienne version d'un programme quel qu'il soit peut comporter des vulnérabilités susceptibles d'être exploitées pour infecter un PC et notre meilleur moyen pour limiter les dégâts c'est la mise à jour régulièrement[/b]:

Java: Utiliser, IMPÉRATIVEMENT, Internet Explorer pour téléchargez (sur le Bureau) la dernière version qui correspond à votre Système d'exploitation (pour toi c'est 32bits): Téléchargements Java pour tous les systèmes d'exploitation.

Avant l'installation il est important de commencer par supprimer TOUTES les anciennes versions dans votre machine parce qu'elles peuvent contenir des vulnérabilités de sécurité:
Cliquer sur "Démarrer" => "Panneau de Configuration" => "Ajout/ Suppr des Programmes".
Chercher, dans la liste les lignes concernant Java (J2SE Runtime Environment.... ) et repérables avec cette icône .
Sélectionner une ligne à la fois et cliquer sur Modifier/ Supprimer.
Quand il n'y en a plus fermez tout et installez la nouvelle version en cliquant sur le fichier que vous avez téléchargé.
Ta version de Adobe Acrobat Reader n'est pas à jour. La désinstaller et télécharger la dernière version ici (Décocher la case Inclure dans votre téléchargement).

Rapports demandés:

OTL.txt

As-tu toujours ton fantôme? Autres symptômes à vérifier?

MG 76 · le 8 juillet 2011

Bonsoir,

J'ai eu des difficultés à faire le scan OTL - l'ordi a bloqué à différentes reprises et j'ai été obligé de l'arrêter pour le relancer. Cette fois, il a fait le contrôle sans problème.

Voici le rapport :

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.

File C:\Program Files\mozilla firefox\components\coFFPlgn.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{728c0bb7-1e36-11df-8a1f-00238b013c89}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{728c0bb7-1e36-11df-8a1f-00238b013c89}\ not found.

File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\NoLimit.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0d9fa18-4e31-11df-98d8-00238b013c89}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0d9fa18-4e31-11df-98d8-00238b013c89}\ not found.

File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\NoLimit.exe not found.

C:\Program Files\ESET\ESET Online Scanner\Quarantine folder moved successfully.

C:\Program Files\ESET\ESET Online Scanner\Modules\data\updfiles\temp folder moved successfully.

C:\Program Files\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com folder moved successfully.

C:\Program Files\ESET\ESET Online Scanner\Modules\data\updfiles folder moved successfully.

C:\Program Files\ESET\ESET Online Scanner\Modules\data folder moved successfully.

C:\Program Files\ESET\ESET Online Scanner\Modules folder moved successfully.

C:\Program Files\ESET\ESET Online Scanner folder moved successfully.

C:\Program Files\ESET folder moved successfully.

ADS C:\ProgramData\TEMP:9F683177 deleted successfully.

ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.

ADS C:\ProgramData\TEMP:9E22BBE8 deleted successfully.

ADS C:\ProgramData\TEMP:3E7393FC deleted successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

< ipconfig /flushdns /c >

Configuration IP de Windows

Cache de r‚solution DNS vid‚.

C:\Users\laurine\Desktop\cmd.bat deleted successfully.

C:\Users\laurine\Desktop\cmd.txt deleted successfully.

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully.

C:\WINDOWS\tasks\At1.job moved successfully.

C:\WINDOWS\tasks\At10.job moved successfully.

C:\WINDOWS\tasks\At100.job moved successfully.

C:\WINDOWS\tasks\At101.job moved successfully.

C:\WINDOWS\tasks\At102.job moved successfully.

C:\WINDOWS\tasks\At103.job moved successfully.

C:\WINDOWS\tasks\At104.job moved successfully.

C:\WINDOWS\tasks\At105.job moved successfully.

C:\WINDOWS\tasks\At106.job moved successfully.

C:\WINDOWS\tasks\At107.job moved successfully.

C:\WINDOWS\tasks\At108.job moved successfully.

C:\WINDOWS\tasks\At109.job moved successfully.

C:\WINDOWS\tasks\At11.job moved successfully.

C:\WINDOWS\tasks\At110.job moved successfully.

C:\WINDOWS\tasks\At111.job moved successfully.

C:\WINDOWS\tasks\At112.job moved successfully.

C:\WINDOWS\tasks\At113.job moved successfully.

C:\WINDOWS\tasks\At114.job moved successfully.

C:\WINDOWS\tasks\At115.job moved successfully.

C:\WINDOWS\tasks\At116.job moved successfully.

C:\WINDOWS\tasks\At117.job moved successfully.

C:\WINDOWS\tasks\At118.job moved successfully.

C:\WINDOWS\tasks\At119.job moved successfully.

C:\WINDOWS\tasks\At12.job moved successfully.

C:\WINDOWS\tasks\At120.job moved successfully.

C:\WINDOWS\tasks\At13.job moved successfully.

C:\WINDOWS\tasks\At14.job moved successfully.

C:\WINDOWS\tasks\At15.job moved successfully.

C:\WINDOWS\tasks\At16.job moved successfully.

C:\WINDOWS\tasks\At17.job moved successfully.

C:\WINDOWS\tasks\At18.job moved successfully.

C:\WINDOWS\tasks\At19.job moved successfully.

C:\WINDOWS\tasks\At2.job moved successfully.

C:\WINDOWS\tasks\At20.job moved successfully.

C:\WINDOWS\tasks\At21.job moved successfully.

C:\WINDOWS\tasks\At22.job moved successfully.

C:\WINDOWS\tasks\At23.job moved successfully.

C:\WINDOWS\tasks\At24.job moved successfully.

C:\WINDOWS\tasks\At25.job moved successfully.

C:\WINDOWS\tasks\At26.job moved successfully.

C:\WINDOWS\tasks\At27.job moved successfully.

C:\WINDOWS\tasks\At28.job moved successfully.

C:\WINDOWS\tasks\At29.job moved successfully.

C:\WINDOWS\tasks\At3.job moved successfully.

C:\WINDOWS\tasks\At30.job moved successfully.

C:\WINDOWS\tasks\At31.job moved successfully.

C:\WINDOWS\tasks\At32.job moved successfully.

C:\WINDOWS\tasks\At33.job moved successfully.

C:\WINDOWS\tasks\At34.job moved successfully.

C:\WINDOWS\tasks\At35.job moved successfully.

C:\WINDOWS\tasks\At36.job moved successfully.

C:\WINDOWS\tasks\At37.job moved successfully.

C:\WINDOWS\tasks\At38.job moved successfully.

C:\WINDOWS\tasks\At39.job moved successfully.

C:\WINDOWS\tasks\At4.job moved successfully.

C:\WINDOWS\tasks\At40.job moved successfully.

C:\WINDOWS\tasks\At41.job moved successfully.

C:\WINDOWS\tasks\At42.job moved successfully.

C:\WINDOWS\tasks\At43.job moved successfully.

C:\WINDOWS\tasks\At44.job moved successfully.

C:\WINDOWS\tasks\At45.job moved successfully.

C:\WINDOWS\tasks\At46.job moved successfully.

C:\WINDOWS\tasks\At47.job moved successfully.

C:\WINDOWS\tasks\At48.job moved successfully.

C:\WINDOWS\tasks\At49.job moved successfully.

C:\WINDOWS\tasks\At5.job moved successfully.

C:\WINDOWS\tasks\At50.job moved successfully.

C:\WINDOWS\tasks\At51.job moved successfully.

C:\WINDOWS\tasks\At52.job moved successfully.

C:\WINDOWS\tasks\At53.job moved successfully.

C:\WINDOWS\tasks\At54.job moved successfully.

C:\WINDOWS\tasks\At55.job moved successfully.

C:\WINDOWS\tasks\At56.job moved successfully.

C:\WINDOWS\tasks\At57.job moved successfully.

C:\WINDOWS\tasks\At58.job moved successfully.

C:\WINDOWS\tasks\At59.job moved successfully.

C:\WINDOWS\tasks\At6.job moved successfully.

C:\WINDOWS\tasks\At60.job moved successfully.

C:\WINDOWS\tasks\At61.job moved successfully.

C:\WINDOWS\tasks\At62.job moved successfully.

C:\WINDOWS\tasks\At63.job moved successfully.

C:\WINDOWS\tasks\At64.job moved successfully.

C:\WINDOWS\tasks\At65.job moved successfully.

C:\WINDOWS\tasks\At66.job moved successfully.

C:\WINDOWS\tasks\At67.job moved successfully.

C:\WINDOWS\tasks\At68.job moved successfully.

C:\WINDOWS\tasks\At69.job moved successfully.

C:\WINDOWS\tasks\At7.job moved successfully.

C:\WINDOWS\tasks\At70.job moved successfully.

C:\WINDOWS\tasks\At71.job moved successfully.

C:\WINDOWS\tasks\At72.job moved successfully.

C:\WINDOWS\tasks\At73.job moved successfully.

C:\WINDOWS\tasks\At74.job moved successfully.

C:\WINDOWS\tasks\At75.job moved successfully.

C:\WINDOWS\tasks\At76.job moved successfully.

C:\WINDOWS\tasks\At77.job moved successfully.

C:\WINDOWS\tasks\At78.job moved successfully.

C:\WINDOWS\tasks\At79.job moved successfully.

C:\WINDOWS\tasks\At8.job moved successfully.

C:\WINDOWS\tasks\At80.job moved successfully.

C:\WINDOWS\tasks\At81.job moved successfully.

C:\WINDOWS\tasks\At82.job moved successfully.

C:\WINDOWS\tasks\At83.job moved successfully.

C:\WINDOWS\tasks\At84.job moved successfully.

C:\WINDOWS\tasks\At85.job moved successfully.

C:\WINDOWS\tasks\At86.job moved successfully.

C:\WINDOWS\tasks\At87.job moved successfully.

C:\WINDOWS\tasks\At88.job moved successfully.

C:\WINDOWS\tasks\At89.job moved successfully.

C:\WINDOWS\tasks\At9.job moved successfully.

C:\WINDOWS\tasks\At90.job moved successfully.

C:\WINDOWS\tasks\At91.job moved successfully.

C:\WINDOWS\tasks\At92.job moved successfully.

C:\WINDOWS\tasks\At93.job moved successfully.

C:\WINDOWS\tasks\At94.job moved successfully.

C:\WINDOWS\tasks\At95.job moved successfully.

C:\WINDOWS\tasks\At96.job moved successfully.

C:\WINDOWS\tasks\At97.job moved successfully.

C:\WINDOWS\tasks\At98.job moved successfully.

C:\WINDOWS\tasks\At99.job moved successfully.

C:\WINDOWS\tasks\GlaryInitialize.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.

File\Folder C:\*.sqm not found.

File\Folder C:\WINDOWS\System32\*.tmp not found.

File\Folder C:\WINDOWS\*.tmp not found.

C:\$Recycle.Bin\S-1-5-21-1463186501-2812833338-1491703866-1000\$RWV3BK2.exe moved successfully.

C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar70.zip moved successfully.

File\Folder C:\Users\All Users\Application Data\Spybot - Search & Destroy\Recovery\BabylonToolbar70.zip not found.

File\Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar70.zip not found.

C:\Users\laurine\Documents\Downloads\Software\BandooV6.exe moved successfully.

C:\Windows\System32\8F2AFE561B93F567A3DC72761DE7A407\conf\templates\3302.zip moved successfully.

C:\Windows\System32\8F2AFE561B93F567A3DC72761DE7A407\conf\templates\3303.zip moved successfully.

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6c712c40-79d84953 moved successfully.

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7560f91-40a02b90 moved successfully.

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\64fcce70-4716bb16 moved successfully.

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7800b2b9-18309ba6 moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Invité

->Temp folder emptied: 3303512 bytes

->Temporary Internet Files folder emptied: 1347946 bytes

->Java cache emptied: 12131954 bytes

->FireFox cache emptied: 44176467 bytes

->Flash cache emptied: 1218 bytes

User: laurine

->Temp folder emptied: 381801468 bytes

->Temporary Internet Files folder emptied: 13758668 bytes

->Java cache emptied: 51263 bytes

->FireFox cache emptied: 30154547 bytes

->Google Chrome cache emptied: 1642864 bytes

->Flash cache emptied: 1971573 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1804718727 bytes

RecycleBin emptied: 215513 bytes

Total Files Cleaned = 2 189,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Invité

->Flash cache emptied: 0 bytes

User: laurine

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07082011_205313

Files\Folders moved on Reboot...

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

--------------------------------------------------------------------------------------------------------------------------------

J'ai également modifié la copie d'écran, voici le lien : Lien CJoint.com AGivXyYPUam

Le disque F est toujours là.

J'ai désinstallé ADOBE et JAVA et les versions actuelles sont à jour.

Merci

Marie

lance_yien · le 9 juillet 2011

Bonjour,

Merci pour l'image, c'est beaucoup mieux

As-tu essayé de voir si ce n'est pas une partition de recouvrement pour ton Windows?

Dans le gestionnaire des périphériques as-tu une ligne avec un "!" dans un cercle jaune.

Dans les propriétés de l'ordinateur => "Gérer" => "Services et Périphériques" => "Périphériques", as-tu cette partition "F"

Désolé pour le manque de détails car je n'ai pas Vista.

--

Pour une dernière recherche d'infection, imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau ComboFix© (par sUBs) depuis ici ou ici

Fermer toutes les applications et fenêtres ouvertes, désactiver antivirus/ pare-feu/ antispyware et lancer ComboFix.exe. Suivre les instructions.

Accepter l'Agrément de la licence et l'installation de la Console de Récupération (proposée sous XP si pas installée).

NE PAS TOUCHER la machine avant la fin (même si les choses semblent ne pas avancer).

Quand c'est fini, un rapport (ComboFix.txt) s'affiche. Il est sauvegardé, automatiquement, à la racine de la partition système (généralement C:\)

Poster son contenu.

>>> OTL: Relancer OTLet sans rien changer ni rajouter cliquer sur le bouton bleu Analyse et laisser faire.

Poster le contenu du rapport.

Rapports demandés:

ComboFix.txt
OTL.txt

Modifié le 9 juillet 2011 par lance_yien

Connexion

Pas encore inscrit ?

Possible infection

Messages recommandés

MG 76

lance_yien

MG 76

lance_yien

MG 76

lance_yien

MG 76

lance_yien

MG 76

lance_yien

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer