Comment suprimer un adware
Résolu/Fermé
A voir également:
- Comment suprimer un adware
- Adware cleaner - Télécharger - Antivirus & Antimalwares
- Suprimer edge - Guide
- Suprimer compte insta - Guide
- Suprimer page word - Guide
- Comment suprimer un compte gmail - Guide
8 réponses
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
Modifié par verni29 le 28/11/2010 à 12:39
Modifié par verni29 le 28/11/2010 à 12:39
Re,
Utilises-tu ce logiciel IMBooster 5 ?
ce logiciel comme d'autres qui proposent des émoticons pour ces réseaux sociaux est synonyme d'infections potentielles.
EDIT : Tu as deux antivirus sur le PC.
Un de trop. Il faut en enlever un.
lequel gardes-tu ?
A+
Allez jusqu'au bout de la procédure de désinfection.
Utilises-tu ce logiciel IMBooster 5 ?
ce logiciel comme d'autres qui proposent des émoticons pour ces réseaux sociaux est synonyme d'infections potentielles.
EDIT : Tu as deux antivirus sur le PC.
Un de trop. Il faut en enlever un.
lequel gardes-tu ?
A+
Allez jusqu'au bout de la procédure de désinfection.
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
28 nov. 2010 à 10:45
28 nov. 2010 à 10:45
Bonjour,
Commence par ceci.
Les outils utilisés sur les forums sécu sont tous gratuits. ;-)
Télécharge AD-Remover de C_XX sur ton bureau :
http://www.teamxscript.org/too/AD-R.exe
Tu te déconnectes du net et ferme toutes les applications en cours.
Sous Vista, il faut nécessairement désactiver l'UAC ou contrôle de compte utilisateur.
Tuto : https://www.pcastuces.com/pratique/windows/vista/astuces/desactiver_uac.htm
* Double-clique sur AD-R.exe .
* Au menu principal, choisis l'option "nettoyer" pour effectuer le nettoyage .
* Suis les invites.
* Le PC va te demander de redémarrer pour procéder au nettoyage. Accepte
Après redémarrage, un rapport va apparaitre. Poste le contenu dans ton prochain message.
Note : Il se trouve en C:\AD-Report-Clean.log
A+
Commence par ceci.
Les outils utilisés sur les forums sécu sont tous gratuits. ;-)
Télécharge AD-Remover de C_XX sur ton bureau :
http://www.teamxscript.org/too/AD-R.exe
Tu te déconnectes du net et ferme toutes les applications en cours.
Sous Vista, il faut nécessairement désactiver l'UAC ou contrôle de compte utilisateur.
Tuto : https://www.pcastuces.com/pratique/windows/vista/astuces/desactiver_uac.htm
* Double-clique sur AD-R.exe .
* Au menu principal, choisis l'option "nettoyer" pour effectuer le nettoyage .
* Suis les invites.
* Le PC va te demander de redémarrer pour procéder au nettoyage. Accepte
Après redémarrage, un rapport va apparaitre. Poste le contenu dans ton prochain message.
Note : Il se trouve en C:\AD-Report-Clean.log
A+
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
28 nov. 2010 à 11:18
28 nov. 2010 à 11:18
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
28 nov. 2010 à 11:24
28 nov. 2010 à 11:24
Autant pour moi,
Il se trouve sur ton disque dur .
A la racine de C:\ a priori.
C:\AD-Report-Clean.log
Il se trouve sur ton disque dur .
A la racine de C:\ a priori.
C:\AD-Report-Clean.log
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
28 nov. 2010 à 11:37
28 nov. 2010 à 11:37
lalalala,
Il y avait quelques adwares d'installés sur ton PC.
ils s'installent souvent via des logiciels tiers ( AskToolBar, RésultBar , ... ).
Il faut faire bien attention en installant des logiciels et bien vérifier qu'on est pas en train d'installer un autre produit avec.
---------------------------------------------------
On va poursuivre la vérification du PC si tu le veux bien.
Quelques outils à passer.
Télécharge OTL (de OldTimer) sur ton Bureau.
http://oldtimer.geekstogo.com/OTL.scr
Prends le soin de fermer toutes les autres fenêtres Windows afin de ne pas interrompre le scan.
* Double-clique sur OTL.scr pour le lancer.
Si Sous Vista/seven, , click droit sur sur le fichier et choisir Exécuter en tant qu'administrateur.
* Sélectionne l'option tous les utilisateurs.
* Dans la partie Personnalisation, copie/colle la liste suivante.
* Enfin, clique sur le bouton Analyse rapide.
* Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau)
Utilise un site comme http://cijoint.fr pour les déposer.
indique ensuite les deux liens crées
A+
Il y avait quelques adwares d'installés sur ton PC.
ils s'installent souvent via des logiciels tiers ( AskToolBar, RésultBar , ... ).
Il faut faire bien attention en installant des logiciels et bien vérifier qu'on est pas en train d'installer un autre produit avec.
---------------------------------------------------
On va poursuivre la vérification du PC si tu le veux bien.
Quelques outils à passer.
Télécharge OTL (de OldTimer) sur ton Bureau.
http://oldtimer.geekstogo.com/OTL.scr
Prends le soin de fermer toutes les autres fenêtres Windows afin de ne pas interrompre le scan.
* Double-clique sur OTL.scr pour le lancer.
Si Sous Vista/seven, , click droit sur sur le fichier et choisir Exécuter en tant qu'administrateur.
* Sélectionne l'option tous les utilisateurs.
* Dans la partie Personnalisation, copie/colle la liste suivante.
netsvcs Drivers32 msconfig activex /md5start iaStor.sys nvstor.sys atapi.sys iastorv.sys userinit.exe winlogon.exe explorer.exe wininit.exe /md5stop %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %appdata%\*.exe /s %APPDATA%\*. %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles CREATERESTOREPOINT
* Enfin, clique sur le bouton Analyse rapide.
* Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau)
Utilise un site comme http://cijoint.fr pour les déposer.
indique ensuite les deux liens crées
A+
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
28 nov. 2010 à 12:52
28 nov. 2010 à 12:52
Re,
J'avais modifié le message précédent à propos des antivirus.
Réponds moi à ce propos.
--------------------------------------------------
1/ désinstalle IMBooster 5 et la barre d'outil associé, IMBooster4web-en Toolbar via le panneau de configuration ( programmes et fonctionnalités )
On verra ensuite ce qu'il restera comme trace après désinstallation.
2/ Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l'installes. Choisis les options par défaut.
# A la fin de l'installation, il te sera demandé de mettre à jour MalwareBytes et de l'éxecuter .
# Accepte. Après la, mise à jour, le logiciel va s'ouvrir.
# Dans l'onglet Recherche, sélectionne Exécuter un examen complet.
# Clique sur recherche. Tu ne sélectionnes que les disques durs de l'ordinateur.
# Clique sur lancer l'examen.
# A la fin de la recherche, comme il est demandé, clique sur afficher les résultats.
# Si des infections sont trouvées, clique sur Supprimer la sélection.
Tu postes le rapport dans ton prochain message.
Si tu ne retrouves pas le rapport, ouvre MalwareBytes et regarde dans l'onglet Rapport/logs. Il y est. Clique dessus et choisir ouvrir.
A+
J'avais modifié le message précédent à propos des antivirus.
Réponds moi à ce propos.
--------------------------------------------------
1/ désinstalle IMBooster 5 et la barre d'outil associé, IMBooster4web-en Toolbar via le panneau de configuration ( programmes et fonctionnalités )
On verra ensuite ce qu'il restera comme trace après désinstallation.
2/ Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l'installes. Choisis les options par défaut.
# A la fin de l'installation, il te sera demandé de mettre à jour MalwareBytes et de l'éxecuter .
# Accepte. Après la, mise à jour, le logiciel va s'ouvrir.
# Dans l'onglet Recherche, sélectionne Exécuter un examen complet.
# Clique sur recherche. Tu ne sélectionnes que les disques durs de l'ordinateur.
# Clique sur lancer l'examen.
# A la fin de la recherche, comme il est demandé, clique sur afficher les résultats.
# Si des infections sont trouvées, clique sur Supprimer la sélection.
Tu postes le rapport dans ton prochain message.
Si tu ne retrouves pas le rapport, ouvre MalwareBytes et regarde dans l'onglet Rapport/logs. Il y est. Clique dessus et choisir ouvrir.
A+
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
28 nov. 2010 à 13:37
28 nov. 2010 à 13:37
Le lien a changé :
https://download.cnet.com/malwarebytes-anti-malware/windows.html?part=dl-10804572&subj=dl&tag=button
A+
https://download.cnet.com/malwarebytes-anti-malware/windows.html?part=dl-10804572&subj=dl&tag=button
A+
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 5204
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
28/11/2010 15:14:49
mbam-log-2010-11-28 (15-14-49).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 464506
Temps écoulé: 1 heure(s), 29 minute(s), 50 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 21
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{65a16874-2ed0-460e-a547-5fe2ec3a13a7} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71e02280-5212-45c3-b174-4d5a35da254f} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\ClickPotatoLiteSAAX.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\ClickPotatoLiteSABHO.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\ClickPotatoLiteSAHook.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\ClickPotatoLiteUninstaller.exe.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\LaunchHelp.dll.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\Mozilla FireFox\plugins\npclntax_ClickPotatoLiteSA.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ResultBar\resultbar.dll.vir (Adware.Agent.Gen) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ResultBar\resultbar.exe.vir (Adware.ResultBar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ShopperReports3\bin\3.0.517.0\BRNstIE.dll.vir (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ShopperReports3\bin\3.0.517.0\CmndFF.dll.vir (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ShopperReports3\bin\3.0.517.0\CntntCntr.dll.vir (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ShopperReports3\bin\3.0.517.0\mozillaps.dll.vir (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ShopperReports3\bin\3.0.517.0\Pltfrm.dll.vir (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ShopperReports3\bin\3.0.517.0\ShopperReports.dll.vir (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ShopperReports3\bin\3.0.517.0\ShopperReportsUninstaller.exe.vir (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll.vir (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\ProgramData\ResultBar\resultbar113.exe.vir (Adware.ResultBar) -> Quarantined and deleted successfully.
C:\Users\Ishaq\Downloads\VLC.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Ishaq\Downloads\vlc_setup1.1.5-win32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\RESD5B6.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
www.malwarebytes.org
Version de la base de données: 5204
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
28/11/2010 15:14:49
mbam-log-2010-11-28 (15-14-49).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 464506
Temps écoulé: 1 heure(s), 29 minute(s), 50 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 21
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{65a16874-2ed0-460e-a547-5fe2ec3a13a7} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71e02280-5212-45c3-b174-4d5a35da254f} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\ClickPotatoLiteSAAX.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\ClickPotatoLiteSABHO.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\ClickPotatoLiteSAHook.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\ClickPotatoLiteUninstaller.exe.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\LaunchHelp.dll.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\Mozilla FireFox\plugins\npclntax_ClickPotatoLiteSA.dll.vir (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ResultBar\resultbar.dll.vir (Adware.Agent.Gen) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ResultBar\resultbar.exe.vir (Adware.ResultBar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ShopperReports3\bin\3.0.517.0\BRNstIE.dll.vir (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ShopperReports3\bin\3.0.517.0\CmndFF.dll.vir (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ShopperReports3\bin\3.0.517.0\CntntCntr.dll.vir (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ShopperReports3\bin\3.0.517.0\mozillaps.dll.vir (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ShopperReports3\bin\3.0.517.0\Pltfrm.dll.vir (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ShopperReports3\bin\3.0.517.0\ShopperReports.dll.vir (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ShopperReports3\bin\3.0.517.0\ShopperReportsUninstaller.exe.vir (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll.vir (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ad-Remover\Quarantine\C\ProgramData\ResultBar\resultbar113.exe.vir (Adware.ResultBar) -> Quarantined and deleted successfully.
C:\Users\Ishaq\Downloads\VLC.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Ishaq\Downloads\vlc_setup1.1.5-win32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\RESD5B6.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
Modifié par verni29 le 28/11/2010 à 16:02
Modifié par verni29 le 28/11/2010 à 16:02
lalalala,
C'est pas mal.
----------------------------------------------------
Relance OTL.
* Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant :
* Puis clique sur le bouton Correction en haut de la fenêtre.
* Laisse le programme travailler, le PC va redémarrer.
Tu verras un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi).
sauvegarde-le sur ton Bureau et poste-le après redémarrage.
Note : Si tu ne le trouves pas, c'est un fichier log dans C:\_OTL\MovedFiles
Regarde suivant la date : mmjjaaaa_xxxxxxxx.log
-------------------------------------------------------------
Une dernière analyse pour vérifier que le Pc est propre.
Fais un scan en ligne .
Tuto : https://forum.pcastuces.com/eset_online_scanner___nouvelle_version___tutoriel-f31s56.htm
Poste le rapport.
A+
Allez jusqu'au bout de la procédure de désinfection.
C'est pas mal.
----------------------------------------------------
Relance OTL.
* Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant :
instructions: :OTL PRC - [2010/08/16 09:35:25 | 002,885,120 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.Notifier.exe IE - HKCU\..\URLSearchHook: {346de098-61f9-4b42-89da-6dfba7091bb6} - C:\Program Files (x86)\IMBooster4web-en\tbIMB0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll (Iminent) [2010/04/25 08:11:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkcontent@iminent [2010/11/28 13:28:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com O2 - BHO: (IMBooster4web-en Toolbar) - {346de098-61f9-4b42-89da-6dfba7091bb6} - C:\Program Files (x86)\IMBooster4web-en\tbIMB0.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (LinkToContent Class) - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - C:\Program Files (x86)\Iminent\IMBooster\Iminent.LinkToContent.dll File not found O3 - HKLM\..\Toolbar: (IMBooster4web-en Toolbar) - {346de098-61f9-4b42-89da-6dfba7091bb6} - C:\Program Files (x86)\IMBooster4web-en\tbIMB0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (IMBooster4web-en Toolbar) - {346DE098-61F9-4B42-89DA-6DFBA7091BB6} - C:\Program Files (x86)\IMBooster4web-en\tbIMB0.dll (Conduit Ltd.) O4 - HKLM..\Run: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\IMBooster.exe File not found O4 - HKLM..\Run: [Iminent.Notifier] C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.Notifier.exe (Iminent) :Files C:\Program Files (x86)\Iminent :reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{1CCC4F6E-7668-4E8D-862A-A1190EC9948A}C:\users\ishaq\downloads\fogdownloader-rom_2_1_0_1871.exe"=- "TCP Query User{7CC36C43-CB3E-407F-8CEC-3E8512A35C99}C:\program files (x86)\iminent\imbooster\imbooster.exe"=- "UDP Query User{152329F2-D422-455A-B31A-8C9CC366D741}C:\program files (x86)\iminent\imbooster\imbooster.exe"=- "UDP Query User{FD68BE89-B571-43EF-AF4F-67503279032C}C:\program files (x86)\iminent\imbooster\imbooster.exe"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "IMBooster"=- "IMBooster4web-en Toolbar"=- :Commands [emptytemp] [emptyflash]
* Puis clique sur le bouton Correction en haut de la fenêtre.
* Laisse le programme travailler, le PC va redémarrer.
Tu verras un log s'ouvrir après le fix (c'est le log qui montre si la suppression a réussi).
sauvegarde-le sur ton Bureau et poste-le après redémarrage.
Note : Si tu ne le trouves pas, c'est un fichier log dans C:\_OTL\MovedFiles
Regarde suivant la date : mmjjaaaa_xxxxxxxx.log
-------------------------------------------------------------
Une dernière analyse pour vérifier que le Pc est propre.
Fais un scan en ligne .
Tuto : https://forum.pcastuces.com/eset_online_scanner___nouvelle_version___tutoriel-f31s56.htm
Poste le rapport.
A+
Allez jusqu'au bout de la procédure de désinfection.
All processes killed
Error: Unable to interpret <instructions:> in the current context!
========== OTL ==========
No active process named Iminent.Notifier.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{346de098-61f9-4b42-89da-6dfba7091bb6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346de098-61f9-4b42-89da-6dfba7091bb6}\ not found.
File C:\Program Files (x86)\IMBooster4web-en\tbIMB0.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ not found.
File C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll not found.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\linkcontent@iminent\ not found.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{346de098-61f9-4b42-89da-6dfba7091bb6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346de098-61f9-4b42-89da-6dfba7091bb6}\ not found.
File C:\Program Files (x86)\IMBooster4web-en\tbIMB0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{346de098-61f9-4b42-89da-6dfba7091bb6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346de098-61f9-4b42-89da-6dfba7091bb6}\ not found.
File en\tbIMB0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{346DE098-61F9-4B42-89DA-6DFBA7091BB6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346DE098-61F9-4B42-89DA-6DFBA7091BB6}\ not found.
File en\tbIMB0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IMBooster not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Iminent.Notifier not found.
File C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.Notifier.exe not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\Iminent not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: ben
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Ishaq
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1294336 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2859750 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 405 bytes
User: Moouna
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Mouna
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1169087207 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1 119,00 mb
[EMPTYFLASH]
User: All Users
User: AppData
User: ben
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Ishaq
->Flash cache emptied: 0 bytes
User: Moouna
->Flash cache emptied: 0 bytes
User: Mouna
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 11282010_155739
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\_avast4_\Webshlock.txt not found!
File\Folder C:\Windows\temp\JET1592.tmp not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P086ANOD\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O16WIWGP\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BB8XUBR0\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\34NNJQU4\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Error: Unable to interpret <instructions:> in the current context!
========== OTL ==========
No active process named Iminent.Notifier.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{346de098-61f9-4b42-89da-6dfba7091bb6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346de098-61f9-4b42-89da-6dfba7091bb6}\ not found.
File C:\Program Files (x86)\IMBooster4web-en\tbIMB0.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ not found.
File C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll not found.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\linkcontent@iminent\ not found.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{346de098-61f9-4b42-89da-6dfba7091bb6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346de098-61f9-4b42-89da-6dfba7091bb6}\ not found.
File C:\Program Files (x86)\IMBooster4web-en\tbIMB0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{346de098-61f9-4b42-89da-6dfba7091bb6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346de098-61f9-4b42-89da-6dfba7091bb6}\ not found.
File en\tbIMB0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{346DE098-61F9-4B42-89DA-6DFBA7091BB6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346DE098-61F9-4B42-89DA-6DFBA7091BB6}\ not found.
File en\tbIMB0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IMBooster not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Iminent.Notifier not found.
File C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.Notifier.exe not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\Iminent not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: ben
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Ishaq
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1294336 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2859750 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 405 bytes
User: Moouna
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Mouna
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1169087207 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1 119,00 mb
[EMPTYFLASH]
User: All Users
User: AppData
User: ben
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Ishaq
->Flash cache emptied: 0 bytes
User: Moouna
->Flash cache emptied: 0 bytes
User: Mouna
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 11282010_155739
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\_avast4_\Webshlock.txt not found!
File\Folder C:\Windows\temp\JET1592.tmp not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P086ANOD\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O16WIWGP\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BB8XUBR0\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\34NNJQU4\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
Registry entries deleted on Reboot...
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
28 nov. 2010 à 17:36
28 nov. 2010 à 17:36
Re,
Passe au scan en ligne.
A+
Passe au scan en ligne.
A+
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
29 nov. 2010 à 17:54
29 nov. 2010 à 17:54
Comment se comporte le PC ?
A+
A+
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
28 nov. 2010 à 15:29
28 nov. 2010 à 15:29
Re,
peu ou pas de détections par malwarebytes. La plupart se trouvait dans la quarantaine d'AD-Remover.
relance OTL et clique sur Analyse.
poste le rapport obtenu.
A+
peu ou pas de détections par malwarebytes. La plupart se trouvait dans la quarantaine d'AD-Remover.
relance OTL et clique sur Analyse.
poste le rapport obtenu.
A+
OTL logfile created on: 28/11/2010 15:29:21 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = c:\Users\Ishaq\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,11 Gb Total Space | 498,34 Gb Free Space | 85,61% Space Free | Partition Type: NTFS
Drive D: | 14,06 Gb Total Space | 1,92 Gb Free Space | 13,68% Space Free | Partition Type: NTFS
Computer Name: PC-DE-ISHAQ | User Name: Ishaq | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2010/11/28 11:39:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- c:\Users\Ishaq\Downloads\OTL.scr
PRC - [2010/10/31 21:25:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/31 21:25:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/08/16 09:35:25 | 002,885,120 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.Notifier.exe
PRC - [2009/09/16 17:47:38 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
PRC - [2009/08/24 12:22:34 | 000,069,632 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2009/08/22 08:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/08/17 17:07:23 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/08/17 17:07:17 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/08/17 17:07:01 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 17:04:21 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/08/17 16:58:55 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/10/17 16:57:18 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/10/17 16:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/05/05 13:37:22 | 000,487,424 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-624UB_TEW-644UB\WlanCU.exe
PRC - [2007/04/18 16:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - [2010/11/28 11:39:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- c:\Users\Ishaq\Downloads\OTL.scr
MOD - [2010/08/31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Windows\SysNative\ezsvc7.dll -- (ezSharedSvc)
SRV:[b]64bit:[/b] - [2009/08/17 17:07:17 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2009/08/17 17:07:01 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV:[b]64bit:[/b] - [2009/08/17 17:04:21 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV:[b]64bit:[/b] - [2009/08/17 16:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV:[b]64bit:[/b] - [2008/01/21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/08/24 13:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/08/24 12:22:34 | 000,069,632 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2009/08/22 08:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2008/07/27 19:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/25 20:23:58 | 000,894,976 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2008/02/03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SYMREDRV.SYS -- (SYMREDRV)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1005000.087\SYMNDISV.SYS -- (SYMNDISV)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1005000.087\SYMFW.SYS -- (SYMFW)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SYMDNS.SYS -- (SYMDNS)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:[b]64bit:[/b] - [2010/09/17 16:20:26 | 000,116,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EagleX64.sys -- (EagleX64)
DRV:[b]64bit:[/b] - [2010/02/03 14:36:44 | 000,583,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\ccHPx64.sys -- (ccHP)
DRV:[b]64bit:[/b] - [2009/09/11 12:32:33 | 000,172,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:[b]64bit:[/b] - [2009/08/22 08:21:19 | 000,476,720 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SRTSP64.SYS -- (SRTSP)
DRV:[b]64bit:[/b] - [2009/08/22 08:21:19 | 000,402,992 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SYMEFA64.SYS -- (SymEFA)
DRV:[b]64bit:[/b] - [2009/08/22 08:21:19 | 000,334,384 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:[b]64bit:[/b] - [2009/08/22 08:21:19 | 000,278,576 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV:[b]64bit:[/b] - [2009/08/22 08:21:19 | 000,032,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:[b]64bit:[/b] - [2009/08/22 08:21:19 | 000,031,280 | R--- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:[b]64bit:[/b] - [2009/08/17 17:05:43 | 000,022,096 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2009/08/17 17:05:31 | 000,065,616 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2008/04/21 09:35:00 | 000,748,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:[b]64bit:[/b] - [2007/07/31 19:04:48 | 000,090,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ser2pl64.sys -- (Ser2pl)
DRV:[b]64bit:[/b] - [2006/09/18 22:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2009/08/20 09:00:00 | 001,461,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090822.004\EX64.SYS -- (NAVEX15)
DRV - [2009/08/20 09:00:00 | 000,136,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090822.004\ENG64.SYS -- (NAVENG)
DRV - [2009/07/11 20:34:06 | 000,397,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/06/29 00:49:30 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/06/29 00:49:30 | 000,131,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/09/26 02:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKLM\..\URLSearchHook: {346de098-61f9-4b42-89da-6dfba7091bb6} - C:\Program Files (x86)\IMBooster4web-en\tbIMB0.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files (x86)\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll ()
IE - HKCU\..\URLSearchHook: {346de098-61f9-4b42-89da-6dfba7091bb6} - C:\Program Files (x86)\IMBooster4web-en\tbIMB0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll (Iminent)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultthis.engineName: "IMBooster4web-en Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "https://www.google.com/webhp?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&gws_rd=ssl"
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/30 12:00:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 15:18:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/28 11:00:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/28 11:01:42 | 000,000,000 | ---D | M]
[2009/10/17 13:05:26 | 000,000,000 | ---D | M] -- C:\Users\Ishaq\AppData\Roaming\mozilla\Extensions
[2010/11/28 11:11:13 | 000,000,000 | ---D | M] -- C:\Users\Ishaq\AppData\Roaming\mozilla\Firefox\Profiles\n535ka85.default\extensions
[2010/06/28 17:24:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ishaq\AppData\Roaming\mozilla\Firefox\Profiles\n535ka85.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/29 15:14:47 | 000,000,000 | ---D | M] -- C:\Users\Ishaq\AppData\Roaming\mozilla\Firefox\Profiles\n535ka85.default\extensions\vshare@toolbar
[2010/11/28 15:17:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/25 08:11:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkcontent@iminent
[2010/11/28 13:28:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com
[2010/02/21 11:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/02/11 20:16:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
[2010/10/31 21:25:09 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/10/31 21:25:09 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/10/31 21:25:09 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/10/31 21:25:09 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/10/31 21:25:09 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IMBooster4web-en Toolbar) - {346de098-61f9-4b42-89da-6dfba7091bb6} - C:\Program Files (x86)\IMBooster4web-en\tbIMB0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Iminent.BHO.NavigationError) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll (Iminent)
O2 - BHO: (LinkToContent Class) - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - C:\Program Files (x86)\Iminent\IMBooster\Iminent.LinkToContent.dll File not found
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (IMBooster4web-en Toolbar) - {346de098-61f9-4b42-89da-6dfba7091bb6} - C:\Program Files (x86)\IMBooster4web-en\tbIMB0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (IMBooster4web-en Toolbar) - {346DE098-61F9-4B42-89DA-6DFBA7091BB6} - C:\Program Files (x86)\IMBooster4web-en\tbIMB0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:[b]64bit:[/b] - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:[b]64bit:[/b] - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:[b]64bit:[/b] - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\IMBooster.exe File not found
O4 - HKLM..\Run: [Iminent.Notifier] C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.Notifier.exe (Iminent)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files (x86)\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [BitComet] C:\Program Files (x86)\BitComet\BitComet.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Ishaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:[b]64bit:[/b] - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html ()
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html ()
O9 - Extra Button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ishaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ishaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4c9cc913-9a0d-11df-8f3c-002354a3ed73}\Shell\AutoRun\command - "" = rwj0.cmd
O33 - MountPoints2\{4c9cc913-9a0d-11df-8f3c-002354a3ed73}\Shell\open\Command - "" = rwj0.cmd
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010/11/28 13:40:32 | 000,000,000 | ---D | C] -- C:\Users\Ishaq\AppData\Roaming\Malwarebytes
[2010/11/28 13:40:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/28 13:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/28 13:40:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/28 10:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2010/11/28 10:49:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Remover
[2010/11/27 11:55:50 | 000,000,000 | ---D | C] -- C:\Users\Ishaq\AppData\Roaming\vlc
[2010/11/27 11:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/11/27 11:07:11 | 000,000,000 | ---D | C] -- C:\Temp
[2010/11/25 13:45:52 | 000,000,000 | ---D | C] -- C:\Users\Ishaq\Desktop\patch_temp
[2010/11/25 13:25:07 | 000,000,000 | ---D | C] -- C:\JungleFlasher v0.1.76 Beta (166)
[2010/11/24 22:06:17 | 000,000,000 | ---D | C] -- C:\4234ccc4cce4729c2fe016
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2010/11/28 15:23:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/28 15:17:15 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/28 15:17:06 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/28 15:17:05 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/28 15:16:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/28 13:40:27 | 000,000,874 | ---- | M] () -- C:\Users\Ishaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/28 13:40:27 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/28 11:04:51 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\WebReg HP Photosmart C4500 series.job
[2010/11/28 10:58:04 | 000,188,538 | ---- | M] () -- C:\Windows\hpoins30.dat
[2010/11/28 10:49:37 | 000,001,732 | ---- | M] () -- C:\Users\Ishaq\Desktop\AD-R.lnk
[2010/11/09 18:46:47 | 000,026,130 | ---- | M] () -- C:\Users\Ishaq\Documents\Sans nom 1.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010/11/28 13:40:27 | 000,000,874 | ---- | C] () -- C:\Users\Ishaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/28 13:40:27 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/28 13:40:23 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/28 10:58:02 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\WebReg HP Photosmart C4500 series.job
[2010/11/28 10:49:37 | 000,001,732 | ---- | C] () -- C:\Users\Ishaq\Desktop\AD-R.lnk
[2010/11/25 13:45:30 | 000,512,000 | ---- | C] () -- C:\Users\Ishaq\Desktop\2.exe
[2010/11/25 13:45:30 | 000,001,242 | ---- | C] () -- C:\Users\Ishaq\Desktop\1.cmd
[2010/11/25 13:45:30 | 000,000,394 | ---- | C] () -- C:\Users\Ishaq\Desktop\3.cmd
[2010/11/09 18:46:45 | 000,026,130 | ---- | C] () -- C:\Users\Ishaq\Documents\Sans nom 1.odt
[2010/10/05 18:23:05 | 000,548,864 | ---- | C] () -- C:\Windows\SysWow64\ALLEG40.DLL
[2010/10/05 18:23:05 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.DLL
[2010/09/01 10:54:32 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId0_5
[2010/07/12 12:50:12 | 000,000,114 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\wklnhst.dat
[2009/12/25 12:28:40 | 000,000,121 | ---- | C] () -- C:\Windows\disney.ini
[2009/12/03 19:39:10 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId0_4
[2009/12/02 14:55:32 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId0_3
[2009/12/02 14:49:36 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId0_2
[2009/12/02 14:46:56 | 000,000,173 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\D2Info0
[2009/12/02 14:46:56 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId0_1
[2009/11/27 22:10:28 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId1_3
[2009/11/27 21:59:49 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId1_1
[2009/11/27 21:37:15 | 000,000,177 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\D2Info1
[2009/11/27 21:37:15 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId1_2
[2009/11/25 14:17:23 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId3_4
[2009/11/25 14:16:46 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId3_3
[2009/11/25 14:15:00 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId3_2
[2009/11/24 17:48:51 | 000,000,169 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\D2Info3
[2009/11/24 17:48:49 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId3_1
[2009/08/30 11:55:23 | 000,003,852 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/07/16 17:22:06 | 000,006,656 | ---- | C] () -- C:\Users\Ishaq\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/02 11:34:31 | 000,007,592 | ---- | C] () -- C:\Users\Ishaq\AppData\Local\d3d9caps.dat
[2009/06/23 18:13:47 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2008/12/01 21:25:24 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/12/01 21:25:24 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/21 03:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
OTL by OldTimer - Version 3.2.17.3 Folder = c:\Users\Ishaq\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,11 Gb Total Space | 498,34 Gb Free Space | 85,61% Space Free | Partition Type: NTFS
Drive D: | 14,06 Gb Total Space | 1,92 Gb Free Space | 13,68% Space Free | Partition Type: NTFS
Computer Name: PC-DE-ISHAQ | User Name: Ishaq | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2010/11/28 11:39:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- c:\Users\Ishaq\Downloads\OTL.scr
PRC - [2010/10/31 21:25:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/31 21:25:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/08/16 09:35:25 | 002,885,120 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.Notifier.exe
PRC - [2009/09/16 17:47:38 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
PRC - [2009/08/24 12:22:34 | 000,069,632 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2009/08/22 08:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/08/17 17:07:23 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/08/17 17:07:17 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/08/17 17:07:01 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 17:04:21 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/08/17 16:58:55 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/10/17 16:57:18 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/10/17 16:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/05/05 13:37:22 | 000,487,424 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-624UB_TEW-644UB\WlanCU.exe
PRC - [2007/04/18 16:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - [2010/11/28 11:39:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- c:\Users\Ishaq\Downloads\OTL.scr
MOD - [2010/08/31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Windows\SysNative\ezsvc7.dll -- (ezSharedSvc)
SRV:[b]64bit:[/b] - [2009/08/17 17:07:17 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2009/08/17 17:07:01 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV:[b]64bit:[/b] - [2009/08/17 17:04:21 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV:[b]64bit:[/b] - [2009/08/17 16:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV:[b]64bit:[/b] - [2008/01/21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/08/24 13:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/08/24 12:22:34 | 000,069,632 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2009/08/22 08:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2008/07/27 19:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/25 20:23:58 | 000,894,976 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2008/02/03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SYMREDRV.SYS -- (SYMREDRV)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1005000.087\SYMNDISV.SYS -- (SYMNDISV)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1005000.087\SYMFW.SYS -- (SYMFW)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SYMDNS.SYS -- (SYMDNS)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:[b]64bit:[/b] - [2010/09/17 16:20:26 | 000,116,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EagleX64.sys -- (EagleX64)
DRV:[b]64bit:[/b] - [2010/02/03 14:36:44 | 000,583,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\ccHPx64.sys -- (ccHP)
DRV:[b]64bit:[/b] - [2009/09/11 12:32:33 | 000,172,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:[b]64bit:[/b] - [2009/08/22 08:21:19 | 000,476,720 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SRTSP64.SYS -- (SRTSP)
DRV:[b]64bit:[/b] - [2009/08/22 08:21:19 | 000,402,992 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SYMEFA64.SYS -- (SymEFA)
DRV:[b]64bit:[/b] - [2009/08/22 08:21:19 | 000,334,384 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:[b]64bit:[/b] - [2009/08/22 08:21:19 | 000,278,576 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV:[b]64bit:[/b] - [2009/08/22 08:21:19 | 000,032,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:[b]64bit:[/b] - [2009/08/22 08:21:19 | 000,031,280 | R--- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:[b]64bit:[/b] - [2009/08/17 17:05:43 | 000,022,096 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2009/08/17 17:05:31 | 000,065,616 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2008/04/21 09:35:00 | 000,748,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:[b]64bit:[/b] - [2007/07/31 19:04:48 | 000,090,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ser2pl64.sys -- (Ser2pl)
DRV:[b]64bit:[/b] - [2006/09/18 22:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2009/08/20 09:00:00 | 001,461,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090822.004\EX64.SYS -- (NAVEX15)
DRV - [2009/08/20 09:00:00 | 000,136,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090822.004\ENG64.SYS -- (NAVENG)
DRV - [2009/07/11 20:34:06 | 000,397,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/06/29 00:49:30 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/06/29 00:49:30 | 000,131,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/09/26 02:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKLM\..\URLSearchHook: {346de098-61f9-4b42-89da-6dfba7091bb6} - C:\Program Files (x86)\IMBooster4web-en\tbIMB0.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files (x86)\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll ()
IE - HKCU\..\URLSearchHook: {346de098-61f9-4b42-89da-6dfba7091bb6} - C:\Program Files (x86)\IMBooster4web-en\tbIMB0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll (Iminent)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultthis.engineName: "IMBooster4web-en Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "https://www.google.com/webhp?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&gws_rd=ssl"
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/30 12:00:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 15:18:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/28 11:00:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/28 11:01:42 | 000,000,000 | ---D | M]
[2009/10/17 13:05:26 | 000,000,000 | ---D | M] -- C:\Users\Ishaq\AppData\Roaming\mozilla\Extensions
[2010/11/28 11:11:13 | 000,000,000 | ---D | M] -- C:\Users\Ishaq\AppData\Roaming\mozilla\Firefox\Profiles\n535ka85.default\extensions
[2010/06/28 17:24:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ishaq\AppData\Roaming\mozilla\Firefox\Profiles\n535ka85.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/29 15:14:47 | 000,000,000 | ---D | M] -- C:\Users\Ishaq\AppData\Roaming\mozilla\Firefox\Profiles\n535ka85.default\extensions\vshare@toolbar
[2010/11/28 15:17:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/25 08:11:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkcontent@iminent
[2010/11/28 13:28:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com
[2010/02/21 11:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/02/11 20:16:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
[2010/10/31 21:25:09 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/10/31 21:25:09 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/10/31 21:25:09 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/10/31 21:25:09 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/10/31 21:25:09 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IMBooster4web-en Toolbar) - {346de098-61f9-4b42-89da-6dfba7091bb6} - C:\Program Files (x86)\IMBooster4web-en\tbIMB0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Iminent.BHO.NavigationError) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll (Iminent)
O2 - BHO: (LinkToContent Class) - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - C:\Program Files (x86)\Iminent\IMBooster\Iminent.LinkToContent.dll File not found
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (IMBooster4web-en Toolbar) - {346de098-61f9-4b42-89da-6dfba7091bb6} - C:\Program Files (x86)\IMBooster4web-en\tbIMB0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (IMBooster4web-en Toolbar) - {346DE098-61F9-4B42-89DA-6DFBA7091BB6} - C:\Program Files (x86)\IMBooster4web-en\tbIMB0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:[b]64bit:[/b] - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:[b]64bit:[/b] - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:[b]64bit:[/b] - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\IMBooster.exe File not found
O4 - HKLM..\Run: [Iminent.Notifier] C:\Program Files (x86)\Iminent\SearchTheWeb\Iminent.Notifier.exe (Iminent)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files (x86)\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [BitComet] C:\Program Files (x86)\BitComet\BitComet.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Ishaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:[b]64bit:[/b] - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html ()
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html ()
O9 - Extra Button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ishaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ishaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4c9cc913-9a0d-11df-8f3c-002354a3ed73}\Shell\AutoRun\command - "" = rwj0.cmd
O33 - MountPoints2\{4c9cc913-9a0d-11df-8f3c-002354a3ed73}\Shell\open\Command - "" = rwj0.cmd
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010/11/28 13:40:32 | 000,000,000 | ---D | C] -- C:\Users\Ishaq\AppData\Roaming\Malwarebytes
[2010/11/28 13:40:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/28 13:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/28 13:40:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/28 10:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2010/11/28 10:49:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Remover
[2010/11/27 11:55:50 | 000,000,000 | ---D | C] -- C:\Users\Ishaq\AppData\Roaming\vlc
[2010/11/27 11:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/11/27 11:07:11 | 000,000,000 | ---D | C] -- C:\Temp
[2010/11/25 13:45:52 | 000,000,000 | ---D | C] -- C:\Users\Ishaq\Desktop\patch_temp
[2010/11/25 13:25:07 | 000,000,000 | ---D | C] -- C:\JungleFlasher v0.1.76 Beta (166)
[2010/11/24 22:06:17 | 000,000,000 | ---D | C] -- C:\4234ccc4cce4729c2fe016
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2010/11/28 15:23:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/28 15:17:15 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/28 15:17:06 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/28 15:17:05 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/28 15:16:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/28 13:40:27 | 000,000,874 | ---- | M] () -- C:\Users\Ishaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/28 13:40:27 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/28 11:04:51 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\WebReg HP Photosmart C4500 series.job
[2010/11/28 10:58:04 | 000,188,538 | ---- | M] () -- C:\Windows\hpoins30.dat
[2010/11/28 10:49:37 | 000,001,732 | ---- | M] () -- C:\Users\Ishaq\Desktop\AD-R.lnk
[2010/11/09 18:46:47 | 000,026,130 | ---- | M] () -- C:\Users\Ishaq\Documents\Sans nom 1.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010/11/28 13:40:27 | 000,000,874 | ---- | C] () -- C:\Users\Ishaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/28 13:40:27 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/28 13:40:23 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/28 10:58:02 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\WebReg HP Photosmart C4500 series.job
[2010/11/28 10:49:37 | 000,001,732 | ---- | C] () -- C:\Users\Ishaq\Desktop\AD-R.lnk
[2010/11/25 13:45:30 | 000,512,000 | ---- | C] () -- C:\Users\Ishaq\Desktop\2.exe
[2010/11/25 13:45:30 | 000,001,242 | ---- | C] () -- C:\Users\Ishaq\Desktop\1.cmd
[2010/11/25 13:45:30 | 000,000,394 | ---- | C] () -- C:\Users\Ishaq\Desktop\3.cmd
[2010/11/09 18:46:45 | 000,026,130 | ---- | C] () -- C:\Users\Ishaq\Documents\Sans nom 1.odt
[2010/10/05 18:23:05 | 000,548,864 | ---- | C] () -- C:\Windows\SysWow64\ALLEG40.DLL
[2010/10/05 18:23:05 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.DLL
[2010/09/01 10:54:32 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId0_5
[2010/07/12 12:50:12 | 000,000,114 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\wklnhst.dat
[2009/12/25 12:28:40 | 000,000,121 | ---- | C] () -- C:\Windows\disney.ini
[2009/12/03 19:39:10 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId0_4
[2009/12/02 14:55:32 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId0_3
[2009/12/02 14:49:36 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId0_2
[2009/12/02 14:46:56 | 000,000,173 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\D2Info0
[2009/12/02 14:46:56 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId0_1
[2009/11/27 22:10:28 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId1_3
[2009/11/27 21:59:49 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId1_1
[2009/11/27 21:37:15 | 000,000,177 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\D2Info1
[2009/11/27 21:37:15 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId1_2
[2009/11/25 14:17:23 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId3_4
[2009/11/25 14:16:46 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId3_3
[2009/11/25 14:15:00 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId3_2
[2009/11/24 17:48:51 | 000,000,169 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\D2Info3
[2009/11/24 17:48:49 | 000,000,008 | ---- | C] () -- C:\Users\Ishaq\AppData\Roaming\DofusAppId3_1
[2009/08/30 11:55:23 | 000,003,852 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/07/16 17:22:06 | 000,006,656 | ---- | C] () -- C:\Users\Ishaq\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/02 11:34:31 | 000,007,592 | ---- | C] () -- C:\Users\Ishaq\AppData\Local\d3d9caps.dat
[2009/06/23 18:13:47 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2008/12/01 21:25:24 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/12/01 21:25:24 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/21 03:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
30 nov. 2010 à 13:13
30 nov. 2010 à 13:13
lalalala,
On termine alors.
--------------------------------------
Mets à jour ton PC.
Télécharge JavaRa de PaulMcLain et Fred De Vries.
https://javara.fr.malavida.com/
* Click droit sur l'archive JavaRa.zip et extraire sur le bureau.
* Un dossier sera crée. L'ouvrir et double-cliquer sur JavaRa.exe pour le lancer
* Choisis la langue ( français )
Une fenêtre va s'ouvrir ou tu auras le choix entre mettre à jour et supprimer les anciennes versions de Java.
- Mise à jour :
* clique sur Recherche de mise à jour et choisis l'option Mettre à jour via jucheck.exe .
* Il te sera précisé si il existe ou pas de nouvelle version à installer sur ton PC.
* Si oui, clique sur Installer puis suis les invites.
Note : Si tu n'y arrives pas avec cette option, choisis l'autre Mettre à jour via le site Internet de Sun ou alors sur le site suivant https://www.java.com/fr/download/manual.jsp
- Suppression des anciennes versions :
* Relance JavaRa.exe s'il le faut et choisis Effacer les anciennes versions
* Suis les invites.
* Il te sera précisé de la suppression les versions trouvées et supprimées
---------------------------------------------------------
On va enlever les outils utilisés, à lexception de Malwarebytes que tu garderas. C'est un bon complément à un antivirus.
* Lance OTL et clique sur purge outils.
Le PC va redémarrer pour supprimer l'outil et sa quarantaine.
* lance Ad-Remover et choisis l'option de désinstallation.
---------------------------------------------------------
Il est préférable maintenant que ton PC est propre de créer un point propre pour une utilisation ultérieure.
Dans le Panneau de configuration choisis l'affichage classique :
# Système --> dans la liste des taches, à gauche, choisis propriétés du système
# sélectionner le disque c: puis clique ensuite créer pour la création d'un point de restauration.
Suis les invites.
------------------------------------------------------
Ton PC est propre.
Tu as remarqué le nombre de logiciels , toolbars qu'on avait désinstallé.
Sois un peu plus prudente dans ton surf.
Une lecture : projet antimalwares : https://www.malekal.com/fichiers/projetantimalwares/ProjetAntiMalware-courte.pdf
------------------------------------------------------------
Peux-tu mettre le sujet en résolu ? Merci.
En te souhaitant bonne lecture et bon surf.
Salut.
On termine alors.
--------------------------------------
Mets à jour ton PC.
Télécharge JavaRa de PaulMcLain et Fred De Vries.
https://javara.fr.malavida.com/
* Click droit sur l'archive JavaRa.zip et extraire sur le bureau.
* Un dossier sera crée. L'ouvrir et double-cliquer sur JavaRa.exe pour le lancer
* Choisis la langue ( français )
Une fenêtre va s'ouvrir ou tu auras le choix entre mettre à jour et supprimer les anciennes versions de Java.
- Mise à jour :
* clique sur Recherche de mise à jour et choisis l'option Mettre à jour via jucheck.exe .
* Il te sera précisé si il existe ou pas de nouvelle version à installer sur ton PC.
* Si oui, clique sur Installer puis suis les invites.
Note : Si tu n'y arrives pas avec cette option, choisis l'autre Mettre à jour via le site Internet de Sun ou alors sur le site suivant https://www.java.com/fr/download/manual.jsp
- Suppression des anciennes versions :
* Relance JavaRa.exe s'il le faut et choisis Effacer les anciennes versions
* Suis les invites.
* Il te sera précisé de la suppression les versions trouvées et supprimées
---------------------------------------------------------
On va enlever les outils utilisés, à lexception de Malwarebytes que tu garderas. C'est un bon complément à un antivirus.
* Lance OTL et clique sur purge outils.
Le PC va redémarrer pour supprimer l'outil et sa quarantaine.
* lance Ad-Remover et choisis l'option de désinstallation.
---------------------------------------------------------
Il est préférable maintenant que ton PC est propre de créer un point propre pour une utilisation ultérieure.
Dans le Panneau de configuration choisis l'affichage classique :
# Système --> dans la liste des taches, à gauche, choisis propriétés du système
# sélectionner le disque c: puis clique ensuite créer pour la création d'un point de restauration.
Suis les invites.
------------------------------------------------------
Ton PC est propre.
Tu as remarqué le nombre de logiciels , toolbars qu'on avait désinstallé.
Sois un peu plus prudente dans ton surf.
Une lecture : projet antimalwares : https://www.malekal.com/fichiers/projetantimalwares/ProjetAntiMalware-courte.pdf
------------------------------------------------------------
Peux-tu mettre le sujet en résolu ? Merci.
En te souhaitant bonne lecture et bon surf.
Salut.
28 nov. 2010 à 12:39