Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Messages recommandés

Posté(e)

rapport dns

 

RogueKiller V8.2.3 [07/11/2012] par Tigzy

mail: tigzyRK<at>gmail<dot>com

Remontees: [RogueKiller] Remontées (1/63)

Website: RogueKiller

Blog: tigzy-RK

 

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Demarrage : Mode normal

Utilisateur : biscottee [Droits d'admin]

Mode : DNS RAZ -- Date : 10/11/2012 21:45:02

 

¤¤¤ Processus malicieux : 0 ¤¤¤

 

¤¤¤ Entrees de registre : 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{6459735B-7B14-4FC9-80FE-7BE609119E19} : NameServer (8.26.56.26,156.154.70.22) -> REMPLACÉ ()

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{A9E7ED88-3E55-4E1D-8282-AF860B0697FB} : NameServer (8.26.56.26,156.154.70.22) -> REMPLACÉ ()

[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{6459735B-7B14-4FC9-80FE-7BE609119E19} : NameServer (8.26.56.26,156.154.70.22) -> REMPLACÉ ()

[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{A9E7ED88-3E55-4E1D-8282-AF860B0697FB} : NameServer (8.26.56.26,156.154.70.22) -> REMPLACÉ ()

 

¤¤¤ Driver : [CHARGE] ¤¤¤

 

Termine : << RKreport[2]_DN_10112012_214502.txt >>

RKreport[1]_S_10112012_214457.txt ; RKreport[2]_DN_10112012_214502.txt

 

___________________________________________________

 

RogueKiller V8.2.3 [07/11/2012] par Tigzy

mail: tigzyRK<at>gmail<dot>com

Remontees: [RogueKiller] Remontées (1/63)

Website: RogueKiller

Blog: tigzy-RK

 

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Demarrage : Mode normal

Utilisateur : biscottee [Droits d'admin]

Mode : Recherche -- Date : 10/11/2012 21:44:57

 

¤¤¤ Processus malicieux : 0 ¤¤¤

 

¤¤¤ Entrees de registre : 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{6459735B-7B14-4FC9-80FE-7BE609119E19} : NameServer (8.26.56.26,156.154.70.22) -> TROUVÉ

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{A9E7ED88-3E55-4E1D-8282-AF860B0697FB} : NameServer (8.26.56.26,156.154.70.22) -> TROUVÉ

[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{6459735B-7B14-4FC9-80FE-7BE609119E19} : NameServer (8.26.56.26,156.154.70.22) -> TROUVÉ

[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{A9E7ED88-3E55-4E1D-8282-AF860B0697FB} : NameServer (8.26.56.26,156.154.70.22) -> TROUVÉ

 

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

 

¤¤¤ Driver : [CHARGE] ¤¤¤

 

¤¤¤ Fichier HOSTS: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ MBR Verif: ¤¤¤

 

+++++ PhysicalDrive0: FUJITSU MHZ2250BH G2 ATA Device +++++

--- User ---

[MBR] 8064c9bfdc6e8e99174c47f08eeded98

[bSP] a967624eae82e1dd854f5efe5cb6850f : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: FUJITSU MHZ2250BH G2 ATA Device +++++

--- User ---

[MBR] b55f124537908544b98e4926f7420f3c

[bSP] 709a88ba9f9fba8b85f93dc7d7abf4ca : HP tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 228916 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 468822016 | Size: 9555 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive2: JMCR SD/MMC SCSI Disk Device +++++

--- User ---

[MBR] 83b42057fb3fd1d945874c9bf1406a5b

[bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown

Partition table:

0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

 

Termine : << RKreport[1]_S_10112012_214457.txt >>

RKreport[1]_S_10112012_214457.txt

Posté(e)

TOMTOM :-?

 

j'essaye de faire OTL

je copie colle le script que tu m'as mis,

mais ça me mets ce programme ne réponds pas il doit rester bloquer...

que dois-je faire ???

merci

Posté(e) (modifié)

Bonsoir maribo

 

Peut être que tu as fait une mauvaise manip. ;)

 

Lance OTL avec un clique droit sur l'icône et exécute en tant qu'administrateur

Ensuite surligne le script avec la souris et "Clique droit puis "Copier"

Après "colle " la citation dans la fenêtre personnalisation d'OTL

 

:OTL

O3 - HKLM\..\Toolbar: (no name) - {6932D140-ABC4-4073-A44C-D4A541665E35} - No CLSID value found.

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: Post Image to Blog - Reg Error: Value error. File not found

O8 - Extra context menu item: Tag This Image - Reg Error: Value error. File not found

O8 - Extra context menu item: Transload Image to ImageShack - Reg Error: Value error. File not found

O8 - Extra context menu item: Upload All Images to ImageShack - Reg Error: Value error. File not found

O8 - Extra context menu item: Upload Image to ImageShack - Reg Error: Value error. File not found

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.zebulon.fr/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://www.opticiens-atol.com/pages/collections/adriana/total-immersion/plugin/DFusionHomeWebPlugIn.InstallerFull.exe (Reg Error: Key error.)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found

MsConfig - StartUpReg: Malwarebytes Anti-Malware (cleanup) - hkey= - key= - File not found

MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found

[2012/09/15 23:11:10 | 062,855,008 | ---- | C] (COMODO) -- C:\Users\biscottee\cfw_installer.exe

[2010/10/07 14:48:13 | 002,944,904 | ---- | C] (Ask) -- C:\Program Files\Common Files\AskToolbarInstaller.exe

[2010/06/23 16:22:47 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\SUPERAntiSpyware.com

[2009/03/06 11:47:07 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\Symantec

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:206E2596

 

:Commands

[EMPTYTEMP]

[EMPTYFLASH]

[createrestorepoint]

 

Clique ensuite sur Correction laisse l'outil travailler.

A la fin du scanne

héberger le fichier contenant ce rapport log sur http://cjoint.com/

Poste le lien dans ta prochaine réponse.

Le fichier est sauvegardé dans le dossier C:\OTL\MovedFiles

 

A+

Modifié par tomtom95
Posté(e)

non je viens de refaire comme tu as mis et il met une fois que j'appuie sur CORRECTION

il tourne un tout petit peu et ça met OTL ne répond pas et c bloqué,

quand je rallume l'ordi j'ai ce rapport

 

Files\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess\ scheduled to be deleted on reboot.

Posté(e)

Bonjour maribo

 

Tu as bien une partition Windows XP, et Windows Vista sur cette ordinateur HP ?

 

Ok.

Dans le répertoire >> C:\OTL\MovedFiles tu as un rapport ?

Post-le stp ;)

 

Sinon reprend le dernier script modifier du post #103 et applique la correction avec OTL stp.

 

A+

Posté(e) (modifié)

Tu as bien une partition Windows XP, et Windows Vista sur cette ordinateur HP

euh, je ne sais pas......je croyais que j'étais sous vista ????

comment je peux savoir pour te dire .?????? :o

 

j'en ai meme plusieurs puisque j'ai essayé plusieurs fois :-?

94376941.jpg

 

le dernier est celui çi, mais tjrs pas finit.....

 

Files\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess\ scheduled to be deleted on reboot.

 

sinon je te montre ce que je vais faire

suite à ta corection

85195293.jpg

Modifié par maribo
Posté(e)

On est bien d'accord que tu as repris le dernier script de suppression ? ;)

 

Refait une analyse de ton ordinateur avec OTL

  • Double-clique sur OTL.exe pour le lancer.
    Sur L'interface principale.
  • Dans la section Rapport en haut à droite de la fenêtre
  • coche Rapport standard
  • coche aussi tout les utilisateurs
  • En bas a droite
  • coche recherche Lop
  • coche recherche Purity
  • Laisse tous les autres paramètres par défaut
  • Clique sur le bouton Analyse
    patiente pendant le balayage du système.
  • héberger le fichier contenant OTL.txt >> http://cjoint.com/

 

A+

Posté(e)

là avec le scipt du post 103

rapport OTL

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6932D140-ABC4-4073-A44C-D4A541665E35} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6932D140-ABC4-4073-A44C-D4A541665E35}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Post Image to Blog\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Tag This Image\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Transload Image to ImageShack\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Upload All Images to ImageShack\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Upload Image to ImageShack\ not found.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.

Starting removal of ActiveX control {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.

Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Starting removal of ActiveX control {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Adobe Reader Speed Launcher\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Malwarebytes Anti-Malware (cleanup)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NvCplDaemon\ not found.

C:\Users\biscottee\cfw_installer.exe moved successfully.

C:\Program Files\Common Files\AskToolbarInstaller.exe moved successfully.

C:\Users\biscottee\AppData\Roaming\SUPERAntiSpyware.com folder moved successfully.

C:\Users\biscottee\AppData\Roaming\Symantec\NPMDataStore folder moved successfully.

C:\Users\biscottee\AppData\Roaming\Symantec folder moved successfully.

ADS C:\ProgramData\TEMP:206E2596 deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: biscottee

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 245145988 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 4306 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 225963 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 102440046 bytes

 

Total Files Cleaned = 332,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: biscottee

->Flash cache emptied: 0 bytes

 

User: Default

 

User: Default User

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.69.0 log created on 11112012_170336

 

Files\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Posté(e)

dernier rapport suivant ta demande

OTL logfile created on: 11/11/2012 17:11:49 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\biscottee\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

3,00 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,17% Memory free

6,19 Gb Paging File | 5,36 Gb Available in Paging File | 86,63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 223,55 Gb Total Space | 31,34 Gb Free Space | 14,02% Space Free | Partition Type: NTFS

Drive D: | 232,88 Gb Total Space | 196,78 Gb Free Space | 84,50% Space Free | Partition Type: NTFS

Drive E: | 9,33 Gb Total Space | 1,62 Gb Free Space | 17,41% Space Free | Partition Type: NTFS

Drive G: | 3,69 Gb Total Space | 0,84 Gb Free Space | 22,73% Space Free | Partition Type: FAT32

 

Computer Name: PC-DE-BISCOTTEE | User Name: biscottee | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/11/07 07:18:46 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe

PRC - [2012/11/05 23:05:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\biscottee\Desktop\OTL.exe

PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/08/28 06:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2009/08/24 12:22:34 | 000,069,632 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

PRC - [2009/07/21 21:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe

PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2009/03/02 17:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe

PRC - [2008/08/06 20:44:26 | 000,103,936 | ---- | M] (TechCity Solutions France) -- C:\Program Files\BboxUpdate\BTLiveUpdate.exe

PRC - [2008/04/29 14:36:20 | 000,020,480 | ---- | M] (TechCity Solutions France) -- C:\Program Files\BboxUpdate\eSRunService.exe

PRC - [2008/04/26 00:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe

PRC - [2008/01/21 03:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WindowsMobile\wmdSync.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2008/06/25 21:34:52 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2012/11/07 07:18:46 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/09/06 02:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/08/28 06:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2009/08/24 12:22:34 | 000,069,632 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)

SRV - [2009/07/21 21:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV)

SRV - [2009/03/02 17:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe -- (AESTFilters)

SRV - [2008/04/29 14:36:20 | 000,020,480 | ---- | M] (TechCity Solutions France) [Auto | Running] -- C:\Program Files\BboxUpdate\eSRunService.exe -- (eStantLaunchService)

SRV - [2008/04/26 00:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2008/02/03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\WINDOWS\System32\ezsvc7.dll -- (ezSharedSvc)

SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2008/01/21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\WindowsMobile\rapimgr.dll -- (RapiMgr)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ser2pl.sys -- (Ser2pl)

DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\PxHelp20.sys -- (PxHelp20)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ov550i.sys -- (APL531)

DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011/05/13 17:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\hpdskflt.sys -- (hpdskflt)

DRV - [2011/05/13 17:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2009/10/03 05:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/08/24 12:22:32 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PCAMp50.sys -- (PCAMp50)

DRV - [2009/08/24 12:22:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PCASp50.sys -- (PCASp50)

DRV - [2009/07/21 21:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2009/06/24 14:12:28 | 000,020,736 | ---- | M] (ZDC., Inc. (ZDC)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\ZDCndis5.sys -- (ZDCNDIS5)

DRV - [2008/11/17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32)

DRV - [2008/07/08 11:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2008/05/14 03:09:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2008/05/02 14:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008/01/24 14:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir)

DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\afc.sys -- (Afc)

DRV - [2006/11/02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = duxet.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{230C22EE-865B-4F83-92C2-08CF69DA6578}: "URL" = Résultats AOL Search pour {searchTerms}

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

 

IE - HKU\S-1-5-21-933493530-2020421775-582856056-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\biscottee\Desktop

IE - HKU\S-1-5-21-933493530-2020421775-582856056-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle

IE - HKU\S-1-5-21-933493530-2020421775-582856056-1000\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll ()

IE - HKU\S-1-5-21-933493530-2020421775-582856056-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-933493530-2020421775-582856056-1000\..\SearchScopes\{171B78CF-B423-4356-92AB-06382633E5CC}: "URL" = PC Astuces : L'entraide informatique francophone

IE - HKU\S-1-5-21-933493530-2020421775-582856056-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Recherche Google

IE - HKU\S-1-5-21-933493530-2020421775-582856056-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..browser.search.defaultenginename: ""

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/11 13:31:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/04 20:26:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/11 13:31:36 | 000,000,000 | ---D | M]

 

[2011/07/12 21:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\biscottee\AppData\Roaming\mozilla\Extensions

[2011/07/12 21:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\biscottee\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2012/08/23 20:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\biscottee\AppData\Roaming\mozilla\Firefox\Profiles\2vqr15wh.default\extensions

[2012/10/06 21:30:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/09/06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/09/06 02:54:26 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml

[2012/09/06 02:54:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/09/06 02:54:27 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2012/09/06 02:54:26 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml

[2012/09/06 02:54:26 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

[2012/09/06 02:54:27 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

 

========== Chrome ==========

 

CHR - homepage: Google

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: Google

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - Extension: YouTube = C:\Users\biscottee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Recherche Google = C:\Users\biscottee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\biscottee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012/11/08 22:46:11 | 000,000,019 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [bboxUpdate] C:\Program Files\BboxUpdate\eStantAutoRunV.exe (TechCity Solutions France)

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\WINDOWS\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O4 - Startup: C:\Users\biscottee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-933493530-2020421775-582856056-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-933493530-2020421775-582856056-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-21-933493530-2020421775-582856056-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-933493530-2020421775-582856056-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9E7ED88-3E55-4E1D-8282-AF860B0697FB}: DhcpNameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\biscottee\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg

O24 - Desktop BackupWallPaper: C:\Users\biscottee\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/07/30 00:44:29 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/10/12 07:08:57 | 000,000,832 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/11/10 21:51:59 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/11/08 07:34:46 | 000,000,000 | ---D | C] -- C:\Users\biscottee\Desktop\RK_Quarantine

[2012/11/07 08:09:11 | 000,000,000 | ---D | C] -- C:\Users\biscottee\AppData\Local\{CECF3050-F8D9-43F9-97B5-0AB596E3E9A5}

[2012/11/05 23:05:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\biscottee\Desktop\OTL.exe

[2012/11/04 16:43:19 | 000,000,000 | ---D | C] -- C:\_OTM

[2012/11/04 16:40:42 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\biscottee\Desktop\OTM.exe

[2012/11/02 21:54:26 | 000,000,000 | ---D | C] -- C:\Users\biscottee\AppData\Local\{AF14222B-5A2E-4F81-AE1E-3F39EA454664}

[2012/11/01 22:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/11/01 22:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/10/31 12:09:40 | 000,000,000 | ---D | C] -- C:\Users\biscottee\Desktop\tomtom

[2012/10/25 16:54:13 | 000,000,000 | ---D | C] -- C:\Users\biscottee\Documents\Creativa Nantes - Bon de réduction2_fichiers

[2009/04/01 13:58:49 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe

[2009/04/01 13:58:49 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe

[2009/04/01 13:58:48 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe

[2009/04/01 13:58:48 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe

 

========== Files - Modified Within 30 Days ==========

 

[2012/11/11 17:08:22 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/11 17:08:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/11 17:06:11 | 000,113,489 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012/11/11 17:06:11 | 000,113,489 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012/11/11 17:06:10 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/11/11 17:06:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/11 17:06:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/11 17:05:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/11 17:05:52 | 3218,042,880 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/11 17:04:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012/11/11 17:00:48 | 000,183,057 | ---- | M] () -- C:\Users\biscottee\Desktop\t1.jpg

[2012/11/11 13:06:30 | 000,014,336 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys

[2012/11/09 22:41:06 | 000,001,935 | ---- | M] () -- C:\Users\biscottee\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk

[2012/11/08 14:12:24 | 000,119,296 | ---- | M] () -- C:\Users\biscottee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/11/08 07:18:48 | 000,662,016 | ---- | M] () -- C:\Users\biscottee\Desktop\RogueKiller.exe

[2012/11/07 07:18:46 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/11/07 07:18:46 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/11/06 22:34:36 | 000,682,048 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2012/11/06 22:34:36 | 000,599,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/11/06 22:34:36 | 000,127,754 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2012/11/06 22:34:36 | 000,105,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/11/05 23:05:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\biscottee\Desktop\OTL.exe

[2012/11/04 22:00:51 | 001,438,208 | ---- | M] () -- C:\Users\biscottee\b1p4_Reflexions.pps

[2012/11/04 21:16:44 | 001,762,816 | ---- | M] () -- C:\Users\biscottee\Aurai-je-le-temps_(M.D).pps

[2012/11/04 16:40:42 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\biscottee\Desktop\OTM.exe

[2012/11/01 22:29:36 | 000,395,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/11/01 22:29:12 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbiscottee.job

[2012/11/01 22:16:07 | 000,000,879 | ---- | M] () -- C:\Users\biscottee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012/11/01 22:15:59 | 000,000,699 | ---- | M] () -- C:\Users\biscottee\Desktop\NTREGOPT.lnk

[2012/11/01 22:15:59 | 000,000,680 | ---- | M] () -- C:\Users\biscottee\Desktop\ERUNT.lnk

[2012/10/31 12:06:51 | 000,843,645 | ---- | M] () -- C:\Users\biscottee\Desktop\SFT.exe

[2012/10/25 16:54:13 | 000,033,331 | ---- | M] () -- C:\Users\biscottee\Documents\Creativa Nantes - Bon de réduction2.htm

[2012/10/21 20:53:32 | 000,010,658 | ---- | M] () -- C:\Users\biscottee\petits vieux de dos.gif

[2012/10/20 11:32:16 | 000,001,356 | ---- | M] () -- C:\Users\biscottee\AppData\Local\d3d9caps.dat

[2012/10/16 18:05:39 | 006,518,272 | ---- | M] () -- C:\Users\biscottee\17 MAGNIFIQUES PHOTOS.pps

 

========== Files Created - No Company Name ==========

 

[2012/11/11 16:52:22 | 000,183,057 | ---- | C] () -- C:\Users\biscottee\Desktop\t1.jpg

[2012/11/11 13:06:30 | 000,014,336 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys

[2012/11/09 22:41:06 | 000,001,935 | ---- | C] () -- C:\Users\biscottee\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk

[2012/11/08 07:18:43 | 000,662,016 | ---- | C] () -- C:\Users\biscottee\Desktop\RogueKiller.exe

[2012/11/04 22:00:50 | 001,438,208 | ---- | C] () -- C:\Users\biscottee\b1p4_Reflexions.pps

[2012/11/04 21:16:44 | 001,762,816 | ---- | C] () -- C:\Users\biscottee\Aurai-je-le-temps_(M.D).pps

[2012/11/01 22:16:07 | 000,000,879 | ---- | C] () -- C:\Users\biscottee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012/11/01 22:15:59 | 000,000,699 | ---- | C] () -- C:\Users\biscottee\Desktop\NTREGOPT.lnk

[2012/11/01 22:15:59 | 000,000,680 | ---- | C] () -- C:\Users\biscottee\Desktop\ERUNT.lnk

[2012/10/31 12:06:49 | 000,843,645 | ---- | C] () -- C:\Users\biscottee\Desktop\SFT.exe

[2012/10/28 21:53:37 | 3218,042,880 | -HS- | C] () -- C:\hiberfil.sys

[2012/10/25 19:34:44 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForbiscottee.job

[2012/10/25 16:54:13 | 000,033,331 | ---- | C] () -- C:\Users\biscottee\Documents\Creativa Nantes - Bon de réduction2.htm

[2012/10/21 20:53:37 | 000,010,658 | ---- | C] () -- C:\Users\biscottee\petits vieux de dos.gif

[2012/10/20 22:37:21 | 000,001,002 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/10/20 17:13:53 | 000,097,292 | ---- | C] () -- C:\Users\biscottee\WonderDeal1100000395_1_1.pdf

[2012/10/16 18:05:38 | 006,518,272 | ---- | C] () -- C:\Users\biscottee\17 MAGNIFIQUES PHOTOS.pps

[2012/10/11 20:20:49 | 004,083,712 | ---- | C] () -- C:\Users\biscottee\Lapaloma.pps

[2012/10/07 14:07:00 | 000,571,821 | ---- | C] () -- C:\Users\biscottee\3626.jpg

[2012/10/07 14:06:21 | 000,154,781 | ---- | C] () -- C:\Users\biscottee\3677.jpg

[2012/10/07 14:05:36 | 000,548,069 | ---- | C] () -- C:\Users\biscottee\petit oiseau.jpg

[2012/10/07 14:02:57 | 000,011,325 | ---- | C] () -- C:\Users\biscottee\petits coeurs.gif

[2012/10/07 14:01:36 | 000,022,162 | ---- | C] () -- C:\Users\biscottee\gland.png

[2012/10/05 12:02:51 | 000,163,960 | ---- | C] () -- C:\Users\biscottee\Justificatif de domicile (facture fixe sept 2012).pdf

[2012/10/05 11:42:58 | 000,628,322 | ---- | C] () -- C:\Users\biscottee\mode d'emploi_s_linge lolotte.pdf

[2012/09/30 20:39:47 | 000,001,241 | ---- | C] () -- C:\Windows\hpomdl49.dat.temp

[2012/09/30 14:25:08 | 000,126,735 | ---- | C] () -- C:\Users\biscottee\Groupon_super-u.pdf

[2012/09/13 08:52:40 | 000,007,688 | ---- | C] () -- C:\Users\biscottee\justificatif amende moi.pdf

[2012/09/12 16:38:43 | 000,359,866 | ---- | C] () -- C:\Users\biscottee\Conseils_pratiques.pdf

[2012/09/12 15:26:09 | 001,242,562 | ---- | C] () -- C:\Users\biscottee\CAT.exe

[2012/09/11 13:15:25 | 000,105,428 | ---- | C] () -- C:\Users\biscottee\!cid_848.jpg

[2012/08/26 18:24:21 | 000,027,146 | ---- | C] () -- C:\Users\biscottee\automodeal_futuréo.pdf

[2012/04/08 21:21:33 | 000,582,577 | ---- | C] () -- C:\Users\biscottee\adwcleaner.exe

[2012/03/02 14:34:06 | 000,027,522 | ---- | C] () -- C:\Users\biscottee\Capturer55555555555555555555555555.JPG

[2012/03/02 14:13:55 | 000,012,317 | ---- | C] () -- C:\Users\biscottee\Capturer2222222222222222222222.JPG

[2012/03/02 14:03:44 | 000,012,868 | ---- | C] () -- C:\Users\biscottee\Capturerooooooooooooooooooooooooo..JPG

[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

[2011/09/15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin

[2011/05/25 20:31:18 | 000,231,706 | ---- | C] () -- C:\Windows\hpoins49.dat

[2011/05/25 11:51:38 | 000,078,314 | ---- | C] () -- C:\Windows\hpqins05.dat.temp

[2010/11/20 12:07:45 | 000,002,023 | ---- | C] () -- C:\Users\biscottee\justif amende vannes mr.html

[2010/05/17 21:33:32 | 000,006,144 | -H-- | C] () -- C:\Users\biscottee\photothumb.db

[2010/01/24 19:42:22 | 000,036,171 | ---- | C] () -- C:\Users\biscottee\nationpp.zip

[2009/08/24 08:52:37 | 000,001,356 | ---- | C] () -- C:\Users\biscottee\AppData\Local\d3d9caps.dat

[2009/03/09 22:32:26 | 008,513,742 | ---- | C] () -- C:\Users\biscottee\AppData\Roaming\UserTile.png

[2009/03/06 23:39:33 | 000,119,296 | ---- | C] () -- C:\Users\biscottee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/06 11:30:19 | 000,000,249 | ---- | C] () -- C:\ProgramData\hpqp.ini

[2009/03/06 11:25:52 | 000,113,489 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/03/06 11:25:24 | 000,113,489 | ---- | C] () -- C:\ProgramData\nvModes.dat

 

========== ZeroAccess Check ==========

 

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2012/08/11 20:48:52 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\ActiPlayer

[2012/01/01 18:32:57 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\Bump Technologies, Inc

[2012/08/20 22:05:47 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\Capturino

[2009/06/10 18:22:55 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\GARMIN

[2009/12/12 23:18:07 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\Grafouillette

[2010/04/12 09:48:08 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\HARVEST S.A

[2012/11/11 16:51:33 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\INB Concept

[2010/04/04 16:32:30 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\muvee Technologies

[2009/04/15 21:00:47 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\Opera

[2009/05/24 21:57:38 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\PeerNetworking

[2010/01/28 10:22:45 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\PhotoFiltre

[2012/01/21 21:02:18 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\Samsung

[2011/06/04 13:55:58 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\TeamViewer

[2011/07/12 21:36:32 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\TomTom

[2009/11/16 22:21:32 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\TuneUp Software

[2011/04/24 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\Uniblue

[2012/08/05 17:49:37 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\Wise Registry Cleaner

 

========== Purity Check ==========

 

 

 

< End of report >

Posté(e) (modifié)

OK pour OTL il reste des néfastes ;)

 

Par contre:

 

alors sur D je dois avoir la sauvegarde du PC je crois

sur E se sont mas petites affaires etc........

 

Le lecteur E c'est la partition Recovery de ton HP,il ne faut rien mettre dessus. :tsss:

 

Sur le D occupé par 16.Go c'est surement tes sauvegardes ? :D

 

Tu vas utiliser Combofix. Ce logiciel n'est à utiliser que prescrit

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

  • Télécharge Combofix sUBs sur ton Bureau et pas ailleurs
    Lien 2
     
  • Ferme toutes les fenêtres et autres logiciels ouverts ;
  • Antivirus anti-spywares etc..
  • Ensuite double clique sur Combofix.exe accepte la licence d'utilisation et laisse toi guider.
  • Puis laissez le logiciel travailler
  • IMPORTANT ne clique sur rien pendant exécution de l'analyse
  • Clique seulement sur ce que demande ComboFix
  • Lorsque l'analyse sera terminée un rapport apparaîtra.
  • héberger le fichier contenant ce rapport sur http://cjoint.com/
    Poste le lien dans ta prochaine réponse.
  • le rapport est sauvegardé à la racine du disque C:\ComboFix.txt poste le rapport

 

A+

Modifié par tomtom95

Rejoindre la conversation

Vous publiez en tant qu’invité. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...