Redirection automatique vers des pubs
flav88
Messages postés
8
Statut
Membre
-
Flav88 -
Flav88 -
Bonjour,
Depuis quelques jours, quand je clique sur des liens suite à une recherche Google, je suis automatiquement redirigée vers des pubs. Parfois, je dois cliquer jusqu'à dix fois sur le lien pour attérir sur la bonne page.
J'ai lu sur certains posts qu'il fallait faire une analyse OTL.
Je l'ai faite mais je ne sais pas quoi faire ensuite.
J'utilise google Chrome et je suis sous windows vista.
Voici le rapport d'analyse :
OTL logfile created on: 17/02/2012 09:40:24 - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Users\Flavie\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 49,47% Memory free
6,17 Gb Paging File | 4,61 Gb Available in Paging File | 74,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,45 Gb Total Space | 78,13 Gb Free Space | 27,28% Space Free | Partition Type: NTFS
Drive D: | 11,64 Gb Total Space | 1,73 Gb Free Space | 14,85% Space Free | Partition Type: NTFS
Computer Name: PC-DE-FLAVIE | User Name: Flavie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012/02/17 09:39:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Flavie\Desktop\OTL.exe
PRC - [2012/01/25 20:34:27 | 000,737,656 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/09/05 18:04:56 | 001,489,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2011/09/03 14:32:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 12:21:05 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/27 16:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/01/17 16:37:42 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 16:37:42 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/01/14 22:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/05 19:46:48 | 000,657,536 | ---- | M] (SFR & Celliance) -- C:\Program Files\SFR\Gestionnaire de Connexion 3G SFR\SFRABCdService.exe
PRC - [2009/10/30 12:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012/01/27 09:49:31 | 000,429,040 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
MOD - [2012/01/27 09:49:29 | 003,772,912 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
MOD - [2012/01/27 09:48:06 | 000,122,880 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Google\Chrome\Application\17.0.963.46\avutil-51.dll
MOD - [2012/01/27 09:48:05 | 000,222,208 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Google\Chrome\Application\17.0.963.46\avformat-53.dll
MOD - [2012/01/27 09:48:03 | 001,746,944 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Google\Chrome\Application\17.0.963.46\avcodec-53.dll
MOD - [2012/01/27 06:41:13 | 008,593,056 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
MOD - [2012/01/27 06:41:13 | 008,593,056 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Google\Chrome\APPLIC~1\170963~1.46\gcswf32.dll
MOD - [2011/11/14 09:44:46 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/10/21 12:10:39 | 000,014,336 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.FRA
MOD - [2011/10/21 12:10:26 | 002,508,288 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Annots.FRA
MOD - [2011/10/21 12:10:25 | 000,100,864 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.FRA
MOD - [2011/10/21 12:10:24 | 001,179,648 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_PPKLite.FRA
MOD - [2011/10/21 12:10:23 | 001,319,936 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_AcroForm.FRA
MOD - [2011/10/21 12:10:23 | 000,315,904 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_DigSig.FRA
MOD - [2011/10/21 12:10:00 | 009,373,696 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.fra
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/09/05 18:04:56 | 000,249,232 | ---- | M] () -- C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2009/02/25 09:30:02 | 000,192,512 | ---- | M] () -- C:\Windows\System32\txmlutil.dll
MOD - [2007/09/30 18:33:32 | 000,066,856 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/08/14 14:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2006/12/03 14:53:06 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005/07/22 07:21:46 | 000,032,768 | ---- | M] () -- C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\AmvTransform.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [On_Demand | Stopped] -- -- (Arrakis3)
SRV - [2011/09/03 14:32:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 12:21:05 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/27 16:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2009/11/05 19:46:48 | 000,657,536 | ---- | M] (SFR & Celliance) [Auto | Running] -- C:\Program Files\SFR\Gestionnaire de Connexion 3G SFR\SFRABCdService.exe -- (ServiceSFRABCD)
SRV - [2008/02/22 23:29:55 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 09:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2011/09/03 14:32:08 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/03 14:32:08 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/13 15:28:07 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/02/25 09:29:42 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/02/25 09:08:11 | 000,082,696 | ---- | M] (BitDefender S.R.L.) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - [2007/12/06 12:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/19 21:05:00 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/09 23:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 09:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 15:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/07 03:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 22:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 10:15:23 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2006/11/02 10:14:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2006/07/24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Flavie\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Flavie\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Flavie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2011/01/27 16:46:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\moovida@spointer.com: C:\Program Files\Fluendo\Moovida\spointer\extensions\moovida@spointer.com [2011/03/20 02:08:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2011/01/27 16:46:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{E5886C91-CDD7-4832-B32D-0830705A9C60}: C:\Users\Flavie\AppData\Roaming\5012 [2011/03/03 14:44:18 | 000,000,000 | ---D | M]
[2011/01/07 08:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/27 13:27:13 | 000,065,536 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2006/09/26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Flavie\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Flavie\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Flavie\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: GreenWebPlayer (Enabled) = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eflohacmgbapemoknaelaclkjahlbdkp\1.0_0\npgreenwebplayer.dll
CHR - plugin: STLport Standard ANSI C++ Library (Enabled) = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eflohacmgbapemoknaelaclkjahlbdkp\1.0_0\stlport.5.0.dll
CHR - plugin: Interest Recognizer for Moovida (Enabled) = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngejcchcedjdemdaeneneeahmjnpaec\3.4.1545.153_0\moovida_air_chrome.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Flavie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Recherche Google = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: GreenWebPlayer = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eflohacmgbapemoknaelaclkjahlbdkp\1.0_0\
CHR - Extension: Interest Recognizer for Moovida = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngejcchcedjdemdaeneneeahmjnpaec\3.4.1545.153_0\
CHR - Extension: Grass = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla\1.0_0\
CHR - Extension: Gmail = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hp\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Interest recogniser for Moovida (powered by Spointer)) - {E2A7BD67-0EAF-497f-B05B-748D7BF3C421} - C:\Program Files\Fluendo\Moovida\spointer\extensions\moovida_air_ie.dll (Moovida)
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKCU..\Run: [$Recycle$.exe] C:\$Recycle$\$Recycle$.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Gamfdklxrf] C:\Users\Flavie\AppData\Roaming\INETWH32W.dll ()
O4 - HKCU..\Run: [Llicizufazem] rundll32.exe "C:\Users\Flavie\AppData\Local\KBDTPI.dll",Startup File not found
O4 - HKCU..\Run: [Userinit] C:\Users\Flavie\AppData\Roaming\appconf32.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Flavie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Flavie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.2.22 172.16.2.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00B4DB52-86D8-4B0F-A4C3-7369A0D4B039}: DhcpNameServer = 172.16.2.22 172.16.2.23
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Flavie\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Flavie\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/22 16:05:35 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0fca67ea-e105-11df-b9bb-b62685183046}\Shell - "" = AutoRun
O33 - MountPoints2\{0fca67ea-e105-11df-b9bb-b62685183046}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{0fff2fa1-8f80-11dd-b5e5-001e6863f1df}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs
O33 - MountPoints2\{3100ad18-a009-11dd-8fc8-001e6863f1df}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs
O33 - MountPoints2\{4318f7a3-ff9b-11de-be08-001e6863f1df}\Shell\AutoRun\command - "" = SUD\SSOW\sep.exe
O33 - MountPoints2\{4318f7a3-ff9b-11de-be08-001e6863f1df}\Shell\open\command - "" = SUD\SSOW\sep.exe
O33 - MountPoints2\{5356b98c-b6e0-11dd-a287-001e6863f1df}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs
O33 - MountPoints2\{5448a533-2631-11e0-b01d-894055163574}\Shell - "" = AutoRun
O33 - MountPoints2\{5448a533-2631-11e0-b01d-894055163574}\Shell\AutoRun\command - "" = J:\SFR.exe
O33 - MountPoints2\{6c4f0109-2f63-11df-a246-ed028af4b162}\Shell - "" = AutoRun
O33 - MountPoints2\{6c4f0109-2f63-11df-a246-ed028af4b162}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{6c4f0179-2f63-11df-a246-d539c4a9c024}\Shell - "" = AutoRun
O33 - MountPoints2\{6c4f0179-2f63-11df-a246-d539c4a9c024}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{6c4f017a-2f63-11df-a246-d539c4a9c024}\Shell - "" = AutoRun
O33 - MountPoints2\{6c4f017a-2f63-11df-a246-d539c4a9c024}\Shell\AutoRun\command - "" = H:\RunGame.exe
O33 - MountPoints2\{6c4f017b-2f63-11df-a246-d539c4a9c024}\Shell - "" = AutoRun
O33 - MountPoints2\{6c4f017b-2f63-11df-a246-d539c4a9c024}\Shell\AutoRun\command - "" = I:\RunGame.exe
O33 - MountPoints2\{8a5e2c12-e006-11df-bcbe-fdb09237f9c3}\Shell\AutoRun\command - "" = SUD\SSOW\sep.exe
O33 - MountPoints2\{8a5e2c12-e006-11df-bcbe-fdb09237f9c3}\Shell\open\command - "" = SUD\SSOW\sep.exe
O33 - MountPoints2\{c5c238dd-94fb-11df-8a24-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c5c238dd-94fb-11df-8a24-806e6f6e6963}\Shell\AutoRun\command - "" = J:\WindowsUI\Autorun.exe
O33 - MountPoints2\{c5c23acc-94fb-11df-8a24-ad0ad321c83c}\Shell - "" = AutoRun
O33 - MountPoints2\{c5c23acc-94fb-11df-8a24-ad0ad321c83c}\Shell\AutoRun\command - "" = J:\WindowsUI\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012/02/17 09:39:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Flavie\Desktop\OTL.exe
[2012/02/02 18:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012/02/02 18:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012/02/02 18:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012/02/02 18:01:50 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL
[2012/02/02 18:01:46 | 000,093,696 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLBHBE.DLL
[2012/02/02 18:01:44 | 000,063,488 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BHBE.DLL
[2012/01/25 20:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/01/25 20:33:11 | 000,000,000 | ---D | C] -- C:\Users\Flavie\AppData\Roaming\uTorrent
[2012/01/25 16:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/01/25 16:22:19 | 000,000,000 | ---D | C] -- C:\Users\Flavie\AppData\Local\Babylon
[2012/01/25 16:22:15 | 000,000,000 | ---D | C] -- C:\Users\Flavie\AppData\Roaming\Babylon
[2012/01/25 16:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/01/25 16:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/01/25 16:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/01/25 15:56:45 | 000,000,000 | ---D | C] -- C:\Users\Flavie\AppData\Local\Ilivid Player
[2012/01/25 15:55:33 | 000,000,000 | ---D | C] -- C:\Users\Flavie\AppData\Local\PackageAware
[2012/01/25 15:36:50 | 000,000,000 | ---D | C] -- C:\Users\Flavie\AppData\Roaming\FileOpen
[2012/01/25 15:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2012/01/19 21:48:56 | 000,000,000 | ---D | C] -- C:\Users\Flavie\AppData\Local\Seven Zip
[3 C:\Users\Flavie\Desktop\*.tmp files -> C:\Users\Flavie\Desktop\*.tmp -> ]
[1 C:\Users\Flavie\AppData\Roaming\*.tmp files -> C:\Users\Flavie\AppData\Roaming\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012/02/17 09:49:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/17 09:49:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/17 09:42:18 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{947DF350-DC82-4B85-AAA9-06317789293E}.job
[2012/02/17 09:39:42 | 000,178,782 | ---- | M] () -- C:\Users\Flavie\AppData\Roaming\nvModes.001
[2012/02/17 09:39:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Flavie\Desktop\OTL.exe
[2012/02/17 09:20:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2928176791-2539531792-2359758228-1000UA.job
[2012/02/17 09:08:40 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 09:08:40 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 08:20:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2928176791-2539531792-2359758228-1000Core.job
[2012/02/17 08:14:18 | 000,002,047 | ---- | M] () -- C:\Users\Flavie\Desktop\Google Chrome.lnk
[2012/02/17 08:14:18 | 000,002,009 | ---- | M] () -- C:\Users\Flavie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/17 08:08:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/15 23:12:26 | 000,117,248 | ---- | M] () -- C:\Users\Flavie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 21:28:58 | 000,700,222 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/02/15 21:28:58 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/15 21:28:58 | 000,122,020 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/02/15 21:28:58 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/14 13:08:02 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2012/02/09 22:18:28 | 000,086,016 | RHS- | M] () -- C:\Users\Flavie\AppData\Roaming\INETWH32W.dll
[2012/02/05 10:14:46 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/01/26 08:01:57 | 000,000,764 | ---- | M] () -- C:\Users\Flavie\Desktop\uTorrent.lnk
[2012/01/26 08:01:45 | 000,000,788 | ---- | M] () -- C:\Users\Flavie\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent - Raccourci.lnk
[2012/01/25 20:34:27 | 000,000,736 | ---- | M] () -- C:\Users\Flavie\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/01/25 16:22:33 | 000,001,492 | ---- | M] () -- C:\user.js
[2012/01/19 13:13:13 | 000,007,592 | ---- | M] () -- C:\Users\Flavie\AppData\Local\d3d9caps.dat
[3 C:\Users\Flavie\Desktop\*.tmp files -> C:\Users\Flavie\Desktop\*.tmp -> ]
[1 C:\Users\Flavie\AppData\Roaming\*.tmp files -> C:\Users\Flavie\AppData\Roaming\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012/02/09 22:18:28 | 000,086,016 | RHS- | C] () -- C:\Users\Flavie\AppData\Roaming\INETWH32W.dll
[2012/01/26 08:01:57 | 000,000,764 | ---- | C] () -- C:\Users\Flavie\Desktop\uTorrent.lnk
[2012/01/26 08:01:45 | 000,000,788 | ---- | C] () -- C:\Users\Flavie\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent - Raccourci.lnk
[2012/01/25 20:34:27 | 000,000,736 | ---- | C] () -- C:\Users\Flavie\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/01/25 16:22:31 | 000,001,492 | ---- | C] () -- C:\user.js
[2011/08/08 19:29:37 | 000,000,064 | ---- | C] () -- C:\Users\Flavie\AppData\Roaming\wklnhst.dat
[2011/07/27 20:03:16 | 000,000,000 | ---- | C] () -- C:\Users\Flavie\AppData\Local\{E159D91B-35EC-4627-86DE-1526CD10112E}
[2011/02/27 17:45:57 | 000,000,021 | ---- | C] () -- C:\Users\Flavie\AppData\Roaming\urhtps.dat
[2010/01/25 16:43:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/08 09:26:51 | 000,000,094 | ---- | C] () -- C:\Users\Flavie\AppData\Local\fusioncache.dat
[2009/02/25 09:30:02 | 000,192,512 | ---- | C] () -- C:\Windows\System32\txmlutil.dll
[2009/01/30 15:43:33 | 000,160,346 | ---- | C] () -- C:\Windows\hpoins14.dat
[2009/01/30 15:43:32 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2009/01/14 12:58:34 | 000,047,104 | ---- | C] () -- C:\Windows\System32\wh2robo.dll
[2008/11/25 15:37:47 | 000,000,552 | ---- | C] () -- C:\Users\Flavie\AppData\Local\d3d8caps.dat
[2008/11/13 17:15:49 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv
[2008/11/13 17:15:48 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2008/10/07 11:26:46 | 000,007,592 | ---- | C] () -- C:\Users\Flavie\AppData\Local\d3d9caps.dat
[2008/09/15 15:06:31 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2008/07/18 15:19:08 | 000,001,752 | ---- | C] () -- C:\Windows\eReg.dat
[2008/07/10 10:04:59 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008/06/29 16:28:59 | 000,178,782 | ---- | C] () -- C:\Users\Flavie\AppData\Roaming\nvModes.001
[2008/06/29 16:00:37 | 000,178,782 | ---- | C] () -- C:\Users\Flavie\AppData\Roaming\nvModes.dat
[2008/06/29 15:21:38 | 000,117,248 | ---- | C] () -- C:\Users\Flavie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/06 16:12:05 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/05/06 16:08:09 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/02/22 23:20:23 | 000,700,222 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2008/02/22 23:20:23 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2008/02/22 23:20:23 | 000,122,020 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2008/02/22 23:20:23 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,417,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,618,470 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,107,614 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006/11/02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 08:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/03/09 23:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004/09/16 12:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\System32\drivers\ADFUUD.SYS
[2004/09/16 12:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\ADFUUD.SYS
< End of report >
Depuis quelques jours, quand je clique sur des liens suite à une recherche Google, je suis automatiquement redirigée vers des pubs. Parfois, je dois cliquer jusqu'à dix fois sur le lien pour attérir sur la bonne page.
J'ai lu sur certains posts qu'il fallait faire une analyse OTL.
Je l'ai faite mais je ne sais pas quoi faire ensuite.
J'utilise google Chrome et je suis sous windows vista.
Voici le rapport d'analyse :
OTL logfile created on: 17/02/2012 09:40:24 - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Users\Flavie\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 49,47% Memory free
6,17 Gb Paging File | 4,61 Gb Available in Paging File | 74,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,45 Gb Total Space | 78,13 Gb Free Space | 27,28% Space Free | Partition Type: NTFS
Drive D: | 11,64 Gb Total Space | 1,73 Gb Free Space | 14,85% Space Free | Partition Type: NTFS
Computer Name: PC-DE-FLAVIE | User Name: Flavie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012/02/17 09:39:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Flavie\Desktop\OTL.exe
PRC - [2012/01/25 20:34:27 | 000,737,656 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/09/05 18:04:56 | 001,489,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2011/09/03 14:32:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 12:21:05 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/27 16:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/01/17 16:37:42 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 16:37:42 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/01/14 22:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/05 19:46:48 | 000,657,536 | ---- | M] (SFR & Celliance) -- C:\Program Files\SFR\Gestionnaire de Connexion 3G SFR\SFRABCdService.exe
PRC - [2009/10/30 12:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012/01/27 09:49:31 | 000,429,040 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
MOD - [2012/01/27 09:49:29 | 003,772,912 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
MOD - [2012/01/27 09:48:06 | 000,122,880 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Google\Chrome\Application\17.0.963.46\avutil-51.dll
MOD - [2012/01/27 09:48:05 | 000,222,208 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Google\Chrome\Application\17.0.963.46\avformat-53.dll
MOD - [2012/01/27 09:48:03 | 001,746,944 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Google\Chrome\Application\17.0.963.46\avcodec-53.dll
MOD - [2012/01/27 06:41:13 | 008,593,056 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
MOD - [2012/01/27 06:41:13 | 008,593,056 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Google\Chrome\APPLIC~1\170963~1.46\gcswf32.dll
MOD - [2011/11/14 09:44:46 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/10/21 12:10:39 | 000,014,336 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.FRA
MOD - [2011/10/21 12:10:26 | 002,508,288 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Annots.FRA
MOD - [2011/10/21 12:10:25 | 000,100,864 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.FRA
MOD - [2011/10/21 12:10:24 | 001,179,648 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_PPKLite.FRA
MOD - [2011/10/21 12:10:23 | 001,319,936 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_AcroForm.FRA
MOD - [2011/10/21 12:10:23 | 000,315,904 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_DigSig.FRA
MOD - [2011/10/21 12:10:00 | 009,373,696 | ---- | M] () -- C:\Users\Flavie\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.fra
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/09/05 18:04:56 | 000,249,232 | ---- | M] () -- C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2009/02/25 09:30:02 | 000,192,512 | ---- | M] () -- C:\Windows\System32\txmlutil.dll
MOD - [2007/09/30 18:33:32 | 000,066,856 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/08/14 14:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2006/12/03 14:53:06 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005/07/22 07:21:46 | 000,032,768 | ---- | M] () -- C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\AmvTransform.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [On_Demand | Stopped] -- -- (Arrakis3)
SRV - [2011/09/03 14:32:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 12:21:05 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/27 16:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2009/11/05 19:46:48 | 000,657,536 | ---- | M] (SFR & Celliance) [Auto | Running] -- C:\Program Files\SFR\Gestionnaire de Connexion 3G SFR\SFRABCdService.exe -- (ServiceSFRABCD)
SRV - [2008/02/22 23:29:55 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 09:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2011/09/03 14:32:08 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/03 14:32:08 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/13 15:28:07 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/02/25 09:29:42 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/02/25 09:08:11 | 000,082,696 | ---- | M] (BitDefender S.R.L.) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - [2007/12/06 12:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/19 21:05:00 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/09 23:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 09:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 15:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/07 03:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 22:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 10:15:23 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2006/11/02 10:14:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2006/07/24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Flavie\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Flavie\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Flavie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2011/01/27 16:46:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\moovida@spointer.com: C:\Program Files\Fluendo\Moovida\spointer\extensions\moovida@spointer.com [2011/03/20 02:08:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2011/01/27 16:46:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{E5886C91-CDD7-4832-B32D-0830705A9C60}: C:\Users\Flavie\AppData\Roaming\5012 [2011/03/03 14:44:18 | 000,000,000 | ---D | M]
[2011/01/07 08:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/27 13:27:13 | 000,065,536 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2006/09/26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Flavie\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Flavie\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Flavie\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: GreenWebPlayer (Enabled) = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eflohacmgbapemoknaelaclkjahlbdkp\1.0_0\npgreenwebplayer.dll
CHR - plugin: STLport Standard ANSI C++ Library (Enabled) = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eflohacmgbapemoknaelaclkjahlbdkp\1.0_0\stlport.5.0.dll
CHR - plugin: Interest Recognizer for Moovida (Enabled) = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngejcchcedjdemdaeneneeahmjnpaec\3.4.1545.153_0\moovida_air_chrome.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Flavie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Recherche Google = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: GreenWebPlayer = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eflohacmgbapemoknaelaclkjahlbdkp\1.0_0\
CHR - Extension: Interest Recognizer for Moovida = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngejcchcedjdemdaeneneeahmjnpaec\3.4.1545.153_0\
CHR - Extension: Grass = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla\1.0_0\
CHR - Extension: Gmail = C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hp\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Interest recogniser for Moovida (powered by Spointer)) - {E2A7BD67-0EAF-497f-B05B-748D7BF3C421} - C:\Program Files\Fluendo\Moovida\spointer\extensions\moovida_air_ie.dll (Moovida)
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKCU..\Run: [$Recycle$.exe] C:\$Recycle$\$Recycle$.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Gamfdklxrf] C:\Users\Flavie\AppData\Roaming\INETWH32W.dll ()
O4 - HKCU..\Run: [Llicizufazem] rundll32.exe "C:\Users\Flavie\AppData\Local\KBDTPI.dll",Startup File not found
O4 - HKCU..\Run: [Userinit] C:\Users\Flavie\AppData\Roaming\appconf32.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Flavie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Flavie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.2.22 172.16.2.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00B4DB52-86D8-4B0F-A4C3-7369A0D4B039}: DhcpNameServer = 172.16.2.22 172.16.2.23
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Flavie\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Flavie\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/22 16:05:35 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0fca67ea-e105-11df-b9bb-b62685183046}\Shell - "" = AutoRun
O33 - MountPoints2\{0fca67ea-e105-11df-b9bb-b62685183046}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{0fff2fa1-8f80-11dd-b5e5-001e6863f1df}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs
O33 - MountPoints2\{3100ad18-a009-11dd-8fc8-001e6863f1df}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs
O33 - MountPoints2\{4318f7a3-ff9b-11de-be08-001e6863f1df}\Shell\AutoRun\command - "" = SUD\SSOW\sep.exe
O33 - MountPoints2\{4318f7a3-ff9b-11de-be08-001e6863f1df}\Shell\open\command - "" = SUD\SSOW\sep.exe
O33 - MountPoints2\{5356b98c-b6e0-11dd-a287-001e6863f1df}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs
O33 - MountPoints2\{5448a533-2631-11e0-b01d-894055163574}\Shell - "" = AutoRun
O33 - MountPoints2\{5448a533-2631-11e0-b01d-894055163574}\Shell\AutoRun\command - "" = J:\SFR.exe
O33 - MountPoints2\{6c4f0109-2f63-11df-a246-ed028af4b162}\Shell - "" = AutoRun
O33 - MountPoints2\{6c4f0109-2f63-11df-a246-ed028af4b162}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{6c4f0179-2f63-11df-a246-d539c4a9c024}\Shell - "" = AutoRun
O33 - MountPoints2\{6c4f0179-2f63-11df-a246-d539c4a9c024}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{6c4f017a-2f63-11df-a246-d539c4a9c024}\Shell - "" = AutoRun
O33 - MountPoints2\{6c4f017a-2f63-11df-a246-d539c4a9c024}\Shell\AutoRun\command - "" = H:\RunGame.exe
O33 - MountPoints2\{6c4f017b-2f63-11df-a246-d539c4a9c024}\Shell - "" = AutoRun
O33 - MountPoints2\{6c4f017b-2f63-11df-a246-d539c4a9c024}\Shell\AutoRun\command - "" = I:\RunGame.exe
O33 - MountPoints2\{8a5e2c12-e006-11df-bcbe-fdb09237f9c3}\Shell\AutoRun\command - "" = SUD\SSOW\sep.exe
O33 - MountPoints2\{8a5e2c12-e006-11df-bcbe-fdb09237f9c3}\Shell\open\command - "" = SUD\SSOW\sep.exe
O33 - MountPoints2\{c5c238dd-94fb-11df-8a24-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c5c238dd-94fb-11df-8a24-806e6f6e6963}\Shell\AutoRun\command - "" = J:\WindowsUI\Autorun.exe
O33 - MountPoints2\{c5c23acc-94fb-11df-8a24-ad0ad321c83c}\Shell - "" = AutoRun
O33 - MountPoints2\{c5c23acc-94fb-11df-8a24-ad0ad321c83c}\Shell\AutoRun\command - "" = J:\WindowsUI\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012/02/17 09:39:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Flavie\Desktop\OTL.exe
[2012/02/02 18:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012/02/02 18:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012/02/02 18:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012/02/02 18:01:50 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL
[2012/02/02 18:01:46 | 000,093,696 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLBHBE.DLL
[2012/02/02 18:01:44 | 000,063,488 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BHBE.DLL
[2012/01/25 20:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/01/25 20:33:11 | 000,000,000 | ---D | C] -- C:\Users\Flavie\AppData\Roaming\uTorrent
[2012/01/25 16:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/01/25 16:22:19 | 000,000,000 | ---D | C] -- C:\Users\Flavie\AppData\Local\Babylon
[2012/01/25 16:22:15 | 000,000,000 | ---D | C] -- C:\Users\Flavie\AppData\Roaming\Babylon
[2012/01/25 16:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/01/25 16:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/01/25 16:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/01/25 15:56:45 | 000,000,000 | ---D | C] -- C:\Users\Flavie\AppData\Local\Ilivid Player
[2012/01/25 15:55:33 | 000,000,000 | ---D | C] -- C:\Users\Flavie\AppData\Local\PackageAware
[2012/01/25 15:36:50 | 000,000,000 | ---D | C] -- C:\Users\Flavie\AppData\Roaming\FileOpen
[2012/01/25 15:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2012/01/19 21:48:56 | 000,000,000 | ---D | C] -- C:\Users\Flavie\AppData\Local\Seven Zip
[3 C:\Users\Flavie\Desktop\*.tmp files -> C:\Users\Flavie\Desktop\*.tmp -> ]
[1 C:\Users\Flavie\AppData\Roaming\*.tmp files -> C:\Users\Flavie\AppData\Roaming\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012/02/17 09:49:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/17 09:49:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/17 09:42:18 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{947DF350-DC82-4B85-AAA9-06317789293E}.job
[2012/02/17 09:39:42 | 000,178,782 | ---- | M] () -- C:\Users\Flavie\AppData\Roaming\nvModes.001
[2012/02/17 09:39:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Flavie\Desktop\OTL.exe
[2012/02/17 09:20:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2928176791-2539531792-2359758228-1000UA.job
[2012/02/17 09:08:40 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 09:08:40 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 08:20:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2928176791-2539531792-2359758228-1000Core.job
[2012/02/17 08:14:18 | 000,002,047 | ---- | M] () -- C:\Users\Flavie\Desktop\Google Chrome.lnk
[2012/02/17 08:14:18 | 000,002,009 | ---- | M] () -- C:\Users\Flavie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/17 08:08:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/15 23:12:26 | 000,117,248 | ---- | M] () -- C:\Users\Flavie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 21:28:58 | 000,700,222 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/02/15 21:28:58 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/15 21:28:58 | 000,122,020 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/02/15 21:28:58 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/14 13:08:02 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2012/02/09 22:18:28 | 000,086,016 | RHS- | M] () -- C:\Users\Flavie\AppData\Roaming\INETWH32W.dll
[2012/02/05 10:14:46 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/01/26 08:01:57 | 000,000,764 | ---- | M] () -- C:\Users\Flavie\Desktop\uTorrent.lnk
[2012/01/26 08:01:45 | 000,000,788 | ---- | M] () -- C:\Users\Flavie\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent - Raccourci.lnk
[2012/01/25 20:34:27 | 000,000,736 | ---- | M] () -- C:\Users\Flavie\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/01/25 16:22:33 | 000,001,492 | ---- | M] () -- C:\user.js
[2012/01/19 13:13:13 | 000,007,592 | ---- | M] () -- C:\Users\Flavie\AppData\Local\d3d9caps.dat
[3 C:\Users\Flavie\Desktop\*.tmp files -> C:\Users\Flavie\Desktop\*.tmp -> ]
[1 C:\Users\Flavie\AppData\Roaming\*.tmp files -> C:\Users\Flavie\AppData\Roaming\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012/02/09 22:18:28 | 000,086,016 | RHS- | C] () -- C:\Users\Flavie\AppData\Roaming\INETWH32W.dll
[2012/01/26 08:01:57 | 000,000,764 | ---- | C] () -- C:\Users\Flavie\Desktop\uTorrent.lnk
[2012/01/26 08:01:45 | 000,000,788 | ---- | C] () -- C:\Users\Flavie\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent - Raccourci.lnk
[2012/01/25 20:34:27 | 000,000,736 | ---- | C] () -- C:\Users\Flavie\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/01/25 16:22:31 | 000,001,492 | ---- | C] () -- C:\user.js
[2011/08/08 19:29:37 | 000,000,064 | ---- | C] () -- C:\Users\Flavie\AppData\Roaming\wklnhst.dat
[2011/07/27 20:03:16 | 000,000,000 | ---- | C] () -- C:\Users\Flavie\AppData\Local\{E159D91B-35EC-4627-86DE-1526CD10112E}
[2011/02/27 17:45:57 | 000,000,021 | ---- | C] () -- C:\Users\Flavie\AppData\Roaming\urhtps.dat
[2010/01/25 16:43:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/08 09:26:51 | 000,000,094 | ---- | C] () -- C:\Users\Flavie\AppData\Local\fusioncache.dat
[2009/02/25 09:30:02 | 000,192,512 | ---- | C] () -- C:\Windows\System32\txmlutil.dll
[2009/01/30 15:43:33 | 000,160,346 | ---- | C] () -- C:\Windows\hpoins14.dat
[2009/01/30 15:43:32 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2009/01/14 12:58:34 | 000,047,104 | ---- | C] () -- C:\Windows\System32\wh2robo.dll
[2008/11/25 15:37:47 | 000,000,552 | ---- | C] () -- C:\Users\Flavie\AppData\Local\d3d8caps.dat
[2008/11/13 17:15:49 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv
[2008/11/13 17:15:48 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2008/10/07 11:26:46 | 000,007,592 | ---- | C] () -- C:\Users\Flavie\AppData\Local\d3d9caps.dat
[2008/09/15 15:06:31 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2008/07/18 15:19:08 | 000,001,752 | ---- | C] () -- C:\Windows\eReg.dat
[2008/07/10 10:04:59 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008/06/29 16:28:59 | 000,178,782 | ---- | C] () -- C:\Users\Flavie\AppData\Roaming\nvModes.001
[2008/06/29 16:00:37 | 000,178,782 | ---- | C] () -- C:\Users\Flavie\AppData\Roaming\nvModes.dat
[2008/06/29 15:21:38 | 000,117,248 | ---- | C] () -- C:\Users\Flavie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/06 16:12:05 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/05/06 16:08:09 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/02/22 23:20:23 | 000,700,222 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2008/02/22 23:20:23 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2008/02/22 23:20:23 | 000,122,020 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2008/02/22 23:20:23 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,417,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,618,470 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,107,614 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006/11/02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 08:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/03/09 23:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004/09/16 12:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\System32\drivers\ADFUUD.SYS
[2004/09/16 12:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\ADFUUD.SYS
< End of report >
A voir également:
- Redirection automatique vers des pubs
- Recherche automatique des chaînes ne fonctionne pas - Guide
- Réponse automatique thunderbird - Guide
- Logiciel de sauvegarde automatique gratuit - Guide
- Bloquer les pubs youtube - Accueil - Streaming
- Table des matières automatique word - Guide
3 réponses
salut
telecharge et enregistre ceci sur ton bureau :
Pre_Scan
Avertissement: tous les processus non-vitaux de windows seront coupés --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition du rapport sur le bureau.
si 'outil est bloqué par l'infection utilise cette version : Version .pif
ou encore cette version renommée : Winlogon.exe
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler
Si l'outil ouvre une fenetre "Lecteurs virtuels" , fais exactement ce qui est indiqué dans cettte fenetre
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan après redemarrage
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
heberge le rapport sur http://pjjoint.malekal.com et donne le lien obtenu
telecharge et enregistre ceci sur ton bureau :
Pre_Scan
Avertissement: tous les processus non-vitaux de windows seront coupés --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition du rapport sur le bureau.
si 'outil est bloqué par l'infection utilise cette version : Version .pif
ou encore cette version renommée : Winlogon.exe
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler
Si l'outil ouvre une fenetre "Lecteurs virtuels" , fais exactement ce qui est indiqué dans cettte fenetre
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan après redemarrage
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
heberge le rapport sur http://pjjoint.malekal.com et donne le lien obtenu
tu fais n'importe quoi avec ton ordi , tu cliques n'importe où....
=======
windows pas à jour => à faire
internet explorer pas à jour => à faire
=======
desinstalle windows searchqu toolbar
desinstalle Fluendo
desinstalle Viewpoint
desinstalle java update 29
desinstalle Moovida
desinstalle Ilivid
desinstalle babylon
desinstalle UnityWebPlayer
=======
fais glisser une icone n'importe quel fichier sur Pre_scan , pre_script va apparaitre
Lance Pre_script , une page vierge va s'ouvrir.
selectionne tout le texte en gras ci-dessous, puis (clic droit/copier ou ctrl+c) :
___________________________________________________
Kill::
Registry::
[HKEY_USERS\S-1-5-21-2928176791-2539531792-2359758228-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"$Recycle$.exe"=-
"Userinit"=-
"Llicizufazem"=-
"Gamfdklxrf"=-
[-HKEY_CLASSES_ROOT\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[-HKEY_CLASSES_ROOT\CLSID\!{98889811-442D-49dd-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\!{98889811-442D-49dd-99D7-DC866BE87DBC}]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\!{98889811-442D-49dd-99D7-DC866BE87DBC}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\!{98889811-442D-49dd-99D7-DC866BE87DBC}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\!{98889811-442D-49dd-99D7-DC866BE87DBC}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"!{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"!{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"10"=-
"!{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"!{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"!{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"!{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"!{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
[-HKEY_CLASSES_ROOT\CLSID\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}"=-
[-HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}]
[-HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
[-HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}]
[-HKCU\Software\Datamngr]
[-HKCU\Software\ilivid]
[-HKCU\Software\JVWYDK]
[-HKCU\Software\Microsoft Windows]
[-HKCU\Software\Moovida]
[-HKCU\Software\Spointer]
[-HKCU\Software\SweetIM]
[-HKCU\Software\ ]
[-HKLM\Software\Babylon]
[-HKLM\Software\MetaStream]
[-HKLM\Software\Moovida]
[-HKLM\Software\SweetIM]
[-HKLM\Software\Viewpoint]
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=DWORD:00000000
txt::
C:\Windows\System32\Tasks\{14E694C7-FB91-4BFC-9386-509299276D88}
C:\Windows\System32\Tasks\{6A6C929A-6E30-464B-A9A9-86F0E048BFDA}
C:\Windows\System32\Tasks\{74613424-E6D7-4FEA-ABA0-60ED44BBEF02}
C:\Windows\System32\Tasks\{BCD2C599-424D-455F-9CDD-3D26D362546F}
C:\Windows\System32\Tasks\{C4E1FC89-84D2-45FB-A264-6BFDF53B4E52}
C:\Windows\System32\Tasks\{CF9A0007-C9BC-4C51-B792-D54FD8E690AD}
C:\Windows\System32\Tasks\{DE7D3C1E-2C3E-4162-A406-F5366EBFCFB4}
C:\Windows\System32\Tasks\{F3C1A8EE-4D3B-49F0-AE64-F83FE1672ADB}
file::
C:\Users\Flavie\AppData\Roaming\appconf32.exe
C:\Users\Flavie\AppData\Local\KBDTPI.dll
C:\Users\Flavie\AppData\Roaming\INETWH32W.dll
folder::
C:\PROGRA~1\WI371A~1\Datamngr
C:\Program Files\Fluendo
C:\c7ed43127de4022d39055c889cd42214
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moovida
C:\Users\Flavie\AppData\Roaming\Babylon
C:\Users\Flavie\AppData\Roaming\moovida-1
C:\Users\Flavie\AppData\Roaming\xmldm
C:\ProgramData\Babylon
C:\ProgramData\Viewpoint
C:\Users\Flavie\AppData\Local\Babylon
C:\Users\Flavie\AppData\Local\Ilivid Player
C:\Users\Flavie\AppData\Local\moovida Air
C:\Program Files\Fluendo
C:\Program Files\Viewpoint
Mbr::
clean::
Reboot::
___________________________________________________
colle-le ensuite (clic droit/coller ou ctrl+V) dans la page vierge.
puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte
des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille
poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail
=======
▶ Télécharge Sur cette page : AdwCleaner (de Xplode)
▶ clique sur Télécharger et enregistre le fichier sur ton Bureau
▶ Double-clique sur l'icône AdwCleaner0.exe pour lancer l'installation
==================================
▶▶▶ Sous Vista et Windows 7 /!\ :
il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
==================================
Sur le menu principal :
▶ clique sur Suppression et patiente le temps de l'analyse
▶ poste le contenu du rapport que tu trouveras dans ton disque dur c:\ADwcleaner[Sx].txt ou son contenu s'il s'ouvre.
========
▶ Téléchargez UsbFix (créé par El Desaparecido) sur votre Bureau.
▶ Si votre antivirus affiche une alerte, ignorez-la et désactivez l'antivirus temporairement.
▶ Branchez toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc...) sans les ouvrir.
▶ Double cliquez sur UsbFix.exe.
▶ Cliquez sur Suppression.
▶ Laissez travailler l'outil.
▶ À la fin du scan, un rapport va s'afficher, postez-le dans votre prochaine réponse sur le forum.
▶ Le rapport est aussi sauvegardé à la racine du disque système ( C:\UsbFix.txt ).
▶ Tutoriel vidéo
=======
▶ Télécharge Malwarebytes' Anti-Malware (MBAM).
Malwarebytes : clique pour la version FREE
ou : lien mirroir
▶ enregistre l'exécutable sur le bureau. (attention! ne pas télécharger Registry booster ou autre chose que MBAM.)
▶ Installe-le puis configure-le comme ceci :
Configuration
si tu n'as rien modifié fais directement quitter sinon enregistrer
▶ Si MBAM est déjà installé, aller directement à la mise à jour puis à l'analyse.
▶▶▶ Ce logiciel gratuit est à garder.
===================================================
Uniquement en cas de problème de mise à jour:
Télécharger mises à jour manuelles MBAM
▶ Exécute le fichier après l'installation de MBAM
===================================================
Connecter les supports amovibles (clés usb etc.) avant de lancer l'analyse.
▶ Double clique sur le fichier téléchargé pour lancer le processus d'installation.
▶ Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
▶ Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
▶ Sélectionne "Exécuter un examen complet"
▶ Clique sur "Rechercher"
▶ L'analyse démarre, le scan est relativement long, c'est normal.
A la fin de l'analyse, un message s'affiche :
Citation :
L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
▶ Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
▶ Ferme tes navigateurs.
▶ Si des malwares ont été détectés, clique sur Afficher les résultats.
▶ Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse.
▶ Copie-colle ce rapport et poste-le dans ta prochaine réponse.
Si MBAM demande à redémarrer le pc : ▶ fais-le.
Si au redémarrage Windows te dit qu'il a bloqué certains programmes de démarrage : ▶ clique sur la bulle puis sur Exécuter les programmes bloqués/Malwarebytes Anti-Malware.
=======
Télécharge ici :OTL
▶ enregistre le sur ton Bureau.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ => Clique ici pour voir la Configuration
▶ Copie et colle le contenu de ce qui suit en gras dans la partie inférieure d'OTL "Personnalisation"
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
netsvcs
safebootminimal
safebootnetwork
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.ini
%systemroot%\Tasks\*.*
%systemroot%\system32\Tasks\*.*
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\config\*.exe /s
%systemroot%\system32\*.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
CREATERESTOREPOINT
▶ Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\<Bureau ou Desktop>\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
heberge OTL.txt et extra.txt sur http://pjjoint.malekal.com et donne les liens
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_Developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_Scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
=======
windows pas à jour => à faire
internet explorer pas à jour => à faire
=======
desinstalle windows searchqu toolbar
desinstalle Fluendo
desinstalle Viewpoint
desinstalle java update 29
desinstalle Moovida
desinstalle Ilivid
desinstalle babylon
desinstalle UnityWebPlayer
=======
fais glisser une icone n'importe quel fichier sur Pre_scan , pre_script va apparaitre
Lance Pre_script , une page vierge va s'ouvrir.
selectionne tout le texte en gras ci-dessous, puis (clic droit/copier ou ctrl+c) :
___________________________________________________
Kill::
Registry::
[HKEY_USERS\S-1-5-21-2928176791-2539531792-2359758228-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"$Recycle$.exe"=-
"Userinit"=-
"Llicizufazem"=-
"Gamfdklxrf"=-
[-HKEY_CLASSES_ROOT\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[-HKEY_CLASSES_ROOT\CLSID\!{98889811-442D-49dd-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\!{98889811-442D-49dd-99D7-DC866BE87DBC}]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\!{98889811-442D-49dd-99D7-DC866BE87DBC}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\!{98889811-442D-49dd-99D7-DC866BE87DBC}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\!{98889811-442D-49dd-99D7-DC866BE87DBC}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"!{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"!{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"10"=-
"!{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"!{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"!{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"!{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"!{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
[-HKEY_CLASSES_ROOT\CLSID\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}"=-
[-HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}]
[-HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
[-HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}]
[-HKCU\Software\Datamngr]
[-HKCU\Software\ilivid]
[-HKCU\Software\JVWYDK]
[-HKCU\Software\Microsoft Windows]
[-HKCU\Software\Moovida]
[-HKCU\Software\Spointer]
[-HKCU\Software\SweetIM]
[-HKCU\Software\ ]
[-HKLM\Software\Babylon]
[-HKLM\Software\MetaStream]
[-HKLM\Software\Moovida]
[-HKLM\Software\SweetIM]
[-HKLM\Software\Viewpoint]
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=DWORD:00000000
txt::
C:\Windows\System32\Tasks\{14E694C7-FB91-4BFC-9386-509299276D88}
C:\Windows\System32\Tasks\{6A6C929A-6E30-464B-A9A9-86F0E048BFDA}
C:\Windows\System32\Tasks\{74613424-E6D7-4FEA-ABA0-60ED44BBEF02}
C:\Windows\System32\Tasks\{BCD2C599-424D-455F-9CDD-3D26D362546F}
C:\Windows\System32\Tasks\{C4E1FC89-84D2-45FB-A264-6BFDF53B4E52}
C:\Windows\System32\Tasks\{CF9A0007-C9BC-4C51-B792-D54FD8E690AD}
C:\Windows\System32\Tasks\{DE7D3C1E-2C3E-4162-A406-F5366EBFCFB4}
C:\Windows\System32\Tasks\{F3C1A8EE-4D3B-49F0-AE64-F83FE1672ADB}
file::
C:\Users\Flavie\AppData\Roaming\appconf32.exe
C:\Users\Flavie\AppData\Local\KBDTPI.dll
C:\Users\Flavie\AppData\Roaming\INETWH32W.dll
folder::
C:\PROGRA~1\WI371A~1\Datamngr
C:\Program Files\Fluendo
C:\c7ed43127de4022d39055c889cd42214
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moovida
C:\Users\Flavie\AppData\Roaming\Babylon
C:\Users\Flavie\AppData\Roaming\moovida-1
C:\Users\Flavie\AppData\Roaming\xmldm
C:\ProgramData\Babylon
C:\ProgramData\Viewpoint
C:\Users\Flavie\AppData\Local\Babylon
C:\Users\Flavie\AppData\Local\Ilivid Player
C:\Users\Flavie\AppData\Local\moovida Air
C:\Program Files\Fluendo
C:\Program Files\Viewpoint
Mbr::
clean::
Reboot::
___________________________________________________
colle-le ensuite (clic droit/coller ou ctrl+V) dans la page vierge.
puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte
des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille
poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail
=======
▶ Télécharge Sur cette page : AdwCleaner (de Xplode)
▶ clique sur Télécharger et enregistre le fichier sur ton Bureau
▶ Double-clique sur l'icône AdwCleaner0.exe pour lancer l'installation
==================================
▶▶▶ Sous Vista et Windows 7 /!\ :
il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
==================================
Sur le menu principal :
▶ clique sur Suppression et patiente le temps de l'analyse
▶ poste le contenu du rapport que tu trouveras dans ton disque dur c:\ADwcleaner[Sx].txt ou son contenu s'il s'ouvre.
========
▶ Téléchargez UsbFix (créé par El Desaparecido) sur votre Bureau.
▶ Si votre antivirus affiche une alerte, ignorez-la et désactivez l'antivirus temporairement.
▶ Branchez toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc...) sans les ouvrir.
▶ Double cliquez sur UsbFix.exe.
▶ Cliquez sur Suppression.
▶ Laissez travailler l'outil.
▶ À la fin du scan, un rapport va s'afficher, postez-le dans votre prochaine réponse sur le forum.
▶ Le rapport est aussi sauvegardé à la racine du disque système ( C:\UsbFix.txt ).
▶ Tutoriel vidéo
=======
▶ Télécharge Malwarebytes' Anti-Malware (MBAM).
Malwarebytes : clique pour la version FREE
ou : lien mirroir
▶ enregistre l'exécutable sur le bureau. (attention! ne pas télécharger Registry booster ou autre chose que MBAM.)
▶ Installe-le puis configure-le comme ceci :
Configuration
si tu n'as rien modifié fais directement quitter sinon enregistrer
▶ Si MBAM est déjà installé, aller directement à la mise à jour puis à l'analyse.
▶▶▶ Ce logiciel gratuit est à garder.
===================================================
Uniquement en cas de problème de mise à jour:
Télécharger mises à jour manuelles MBAM
▶ Exécute le fichier après l'installation de MBAM
===================================================
Connecter les supports amovibles (clés usb etc.) avant de lancer l'analyse.
▶ Double clique sur le fichier téléchargé pour lancer le processus d'installation.
▶ Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
▶ Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
▶ Sélectionne "Exécuter un examen complet"
▶ Clique sur "Rechercher"
▶ L'analyse démarre, le scan est relativement long, c'est normal.
A la fin de l'analyse, un message s'affiche :
Citation :
L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
▶ Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
▶ Ferme tes navigateurs.
▶ Si des malwares ont été détectés, clique sur Afficher les résultats.
▶ Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse.
▶ Copie-colle ce rapport et poste-le dans ta prochaine réponse.
Si MBAM demande à redémarrer le pc : ▶ fais-le.
Si au redémarrage Windows te dit qu'il a bloqué certains programmes de démarrage : ▶ clique sur la bulle puis sur Exécuter les programmes bloqués/Malwarebytes Anti-Malware.
=======
Télécharge ici :OTL
▶ enregistre le sur ton Bureau.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ => Clique ici pour voir la Configuration
▶ Copie et colle le contenu de ce qui suit en gras dans la partie inférieure d'OTL "Personnalisation"
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
netsvcs
safebootminimal
safebootnetwork
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.ini
%systemroot%\Tasks\*.*
%systemroot%\system32\Tasks\*.*
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\config\*.exe /s
%systemroot%\system32\*.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
CREATERESTOREPOINT
▶ Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\<Bureau ou Desktop>\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
heberge OTL.txt et extra.txt sur http://pjjoint.malekal.com et donne les liens
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_Developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_Scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Salut
Question probablement stupide mais : Comment mettre à jour windows et internet explorer?
Sinon, je n'ai pas retrouvé certains des programmes que tu as cités, tu coup je n'ai pas pu les supprimer. C'est le cas de :
windows searchqu toolbar
Fluendo
livid
babylon
Rapport presript :
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script | 2.214 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤
Mis à jour : 14/02/2012 | 00.20 Par g3n-h@ckm@n
Utilisateur : Flavie (Administrateurs)
Ordinateur : PC-DE-FLAVIE
Système d'exploitation : Windows Vista (TM) Home Premium (32 bits)
Internet Explorer : 8.0.6001.18904
Mozilla Firefox :
Switchs possibles :
processes:: | file:: | folder:: | Registry::
Driver:: | replace:: | DNS:: | Command::
txt:: | Host:: | NsLook:: | DLL:: | Unhide_Part::
list:: | IP:: | Kill:: | clean:: | Del_Part::
Reboot:: | MBR:: | Fixmbr:: | 40:: | Zip::
Tray::
Script : 17:12:21
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Modification du registre effectuée
¤
Absent : C:\Users\Flavie\AppData\Roaming\appconf32.exe
Absent : C:\Users\Flavie\AppData\Local\KBDTPI.dll
Absent : C:\Users\Flavie\AppData\Roaming\INETWH32W.dll
¤
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\Flavie\Downloads\OOo_3.3.0_Win_x86_install_fr.exe -d C:\Users\Flavie\Downloads</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PC-de-Flavie\Flavie</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Author>SkypeSetupLight</Author>
</RegistrationInfo>
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files\Skype\Phone\Skype.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<GroupId>S-1-5-32-545</GroupId>
</Principal>
</Principals>
</Task>
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\Flavie\Desktop\Stage\PSN8\PSN8_crk.exe -d C:\Users\Flavie\Desktop\Stage\PSN8</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PC-de-Flavie\Flavie</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\Setup.exe" -d "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}" -c -l040c</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PC-de-Flavie\Flavie</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\Flavie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FXBSVA5A\wmp11-windowsxp-x86-FR-FR[1].exe" -d C:\Users\Flavie\Desktop</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PC-de-Flavie\Flavie</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\Flavie\Desktop\PSN 8.5.exe" -d C:\Users\Flavie\Desktop</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PC-de-Flavie\Flavie</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Tixel\unins000.exe</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PC-de-Flavie\Flavie</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\Flavie\Desktop\PSN8\PSN 8.5\Setup.exe" -d "C:\Users\Flavie\Desktop\PSN8\PSN 8.5"</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PC-de-Flavie\Flavie</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>
¤
Absent : C:\PROGRA~1\WI371A~1\Datamngr
Supprimé : C:\Program Files\Fluendo
Supprimé : C:\c7ed43127de4022d39055c889cd42214
Absent : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moovida
Supprimé : C:\Users\Flavie\AppData\Roaming\Babylon
Supprimé : C:\Users\Flavie\AppData\Roaming\moovida-1
Supprimé : C:\Users\Flavie\AppData\Roaming\xmldm
Supprimé : C:\ProgramData\Babylon
Absent : C:\ProgramData\Viewpoint
Supprimé : C:\Users\Flavie\AppData\Local\Babylon
Supprimé : C:\Users\Flavie\AppData\Local\Ilivid Player
Supprimé : C:\Users\Flavie\AppData\Local\moovida Air
Absent : C:\Program Files\Fluendo
Absent : C:\Program Files\Viewpoint
¤
¤¤¤¤¤¤¤¤¤¤ | MBR
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6700 Notebook PC
Logical Drives Mask: 0x0000001c
Analysis of file "C:\Kill'em\MBR.bin":
Unknown MBR code
¤
¤¤¤¤¤¤¤¤¤¤ | Nettoyage disque
Nettoyage du disque effectué
¤
explorer.exe -> Processus redémarré
Fin : 17:14:28
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
Question probablement stupide mais : Comment mettre à jour windows et internet explorer?
Sinon, je n'ai pas retrouvé certains des programmes que tu as cités, tu coup je n'ai pas pu les supprimer. C'est le cas de :
windows searchqu toolbar
Fluendo
livid
babylon
Rapport presript :
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script | 2.214 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤
Mis à jour : 14/02/2012 | 00.20 Par g3n-h@ckm@n
Utilisateur : Flavie (Administrateurs)
Ordinateur : PC-DE-FLAVIE
Système d'exploitation : Windows Vista (TM) Home Premium (32 bits)
Internet Explorer : 8.0.6001.18904
Mozilla Firefox :
Switchs possibles :
processes:: | file:: | folder:: | Registry::
Driver:: | replace:: | DNS:: | Command::
txt:: | Host:: | NsLook:: | DLL:: | Unhide_Part::
list:: | IP:: | Kill:: | clean:: | Del_Part::
Reboot:: | MBR:: | Fixmbr:: | 40:: | Zip::
Tray::
Script : 17:12:21
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Modification du registre effectuée
¤
Absent : C:\Users\Flavie\AppData\Roaming\appconf32.exe
Absent : C:\Users\Flavie\AppData\Local\KBDTPI.dll
Absent : C:\Users\Flavie\AppData\Roaming\INETWH32W.dll
¤
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\Flavie\Downloads\OOo_3.3.0_Win_x86_install_fr.exe -d C:\Users\Flavie\Downloads</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PC-de-Flavie\Flavie</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Author>SkypeSetupLight</Author>
</RegistrationInfo>
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files\Skype\Phone\Skype.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<GroupId>S-1-5-32-545</GroupId>
</Principal>
</Principals>
</Task>
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\Flavie\Desktop\Stage\PSN8\PSN8_crk.exe -d C:\Users\Flavie\Desktop\Stage\PSN8</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PC-de-Flavie\Flavie</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\Setup.exe" -d "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}" -c -l040c</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PC-de-Flavie\Flavie</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\Flavie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FXBSVA5A\wmp11-windowsxp-x86-FR-FR[1].exe" -d C:\Users\Flavie\Desktop</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PC-de-Flavie\Flavie</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\Flavie\Desktop\PSN 8.5.exe" -d C:\Users\Flavie\Desktop</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PC-de-Flavie\Flavie</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Tixel\unins000.exe</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PC-de-Flavie\Flavie</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\Flavie\Desktop\PSN8\PSN 8.5\Setup.exe" -d "C:\Users\Flavie\Desktop\PSN8\PSN 8.5"</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PC-de-Flavie\Flavie</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>
¤
Absent : C:\PROGRA~1\WI371A~1\Datamngr
Supprimé : C:\Program Files\Fluendo
Supprimé : C:\c7ed43127de4022d39055c889cd42214
Absent : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moovida
Supprimé : C:\Users\Flavie\AppData\Roaming\Babylon
Supprimé : C:\Users\Flavie\AppData\Roaming\moovida-1
Supprimé : C:\Users\Flavie\AppData\Roaming\xmldm
Supprimé : C:\ProgramData\Babylon
Absent : C:\ProgramData\Viewpoint
Supprimé : C:\Users\Flavie\AppData\Local\Babylon
Supprimé : C:\Users\Flavie\AppData\Local\Ilivid Player
Supprimé : C:\Users\Flavie\AppData\Local\moovida Air
Absent : C:\Program Files\Fluendo
Absent : C:\Program Files\Viewpoint
¤
¤¤¤¤¤¤¤¤¤¤ | MBR
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6700 Notebook PC
Logical Drives Mask: 0x0000001c
Analysis of file "C:\Kill'em\MBR.bin":
Unknown MBR code
¤
¤¤¤¤¤¤¤¤¤¤ | Nettoyage disque
Nettoyage du disque effectué
¤
explorer.exe -> Processus redémarré
Fin : 17:14:28
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
# AdwCleaner v1.409 - Rapport créé le 18/02/2012 à 17:26:14
# Mis à jour le 12/02/2012 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium (32 bits)
# Nom d'utilisateur : Flavie - PC-DE-FLAVIE (Administrateur)
# Exécuté depuis : C:\Users\Flavie\Downloads\adwcleaner.exe
# Option [Suppression]
***** [Services] *****
***** [Fichiers / Dossiers] *****
Dossier Supprimé : C:\Users\Flavie\AppData\Local\TempDir
Dossier Supprimé : C:\Users\Flavie\AppData\LocalLow\BabylonToolbar
Dossier Supprimé : C:\Users\Flavie\AppData\LocalLow\searchquband
***** [Registre] *****
Clé Supprimée : HKCU\Software\DataMngr
Clé Supprimée : HKCU\Software\SweetIm
Clé Supprimée : HKCU\Software\AppDataLow\Software\searchqutoolbar
Clé Supprimée : HKLM\SOFTWARE\Babylon
Clé Supprimée : HKLM\SOFTWARE\SweetIM
Clé Supprimée : HKLM\SOFTWARE\Viewpoint
Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079a25-328f-4bd4-be04-00955acaa0a7}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079a25-328f-4bd4-be04-00955acaa0a7}]
***** [Navigateurs] *****
-\\ Internet Explorer v8.0.6001.18904
[OK] Le registre ne contient aucune entrée illégitime.
-\\ Google Chrome v17.0.963.56
Fichier : C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Preferences
Supprimée : "host_referral_list": [ 2, [ "hxxp://4xe6ra1yhz.s.ad6media.fr/", [ "hxxp://4xe6ra1yhz.s.ad6med[...]
Supprimée : "name": "GreenWebPlayer",
Supprimée : "path": "npgreenwebplayer.dll",
Supprimée : "update_url": "hxxp://download.greentube.com/magic/games/sc12/webplayer/plugin/update[...]
Supprimée : "name": "GreenWebPlayer",
Supprimée : "path": "C:\\Users\\Flavie\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\[...]
Supprimée : "name": "GreenWebPlayer"
*************************
AdwCleaner[S1].txt - [5032 octets] - [18/02/2012 17:26:14]
*************************
Dossier Temporaire : 45 dossier(s) et 247 fichier(s) supprimés
########## EOF - C:\AdwCleaner[S1].txt - [5255 octets] ##########
# Mis à jour le 12/02/2012 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium (32 bits)
# Nom d'utilisateur : Flavie - PC-DE-FLAVIE (Administrateur)
# Exécuté depuis : C:\Users\Flavie\Downloads\adwcleaner.exe
# Option [Suppression]
***** [Services] *****
***** [Fichiers / Dossiers] *****
Dossier Supprimé : C:\Users\Flavie\AppData\Local\TempDir
Dossier Supprimé : C:\Users\Flavie\AppData\LocalLow\BabylonToolbar
Dossier Supprimé : C:\Users\Flavie\AppData\LocalLow\searchquband
***** [Registre] *****
Clé Supprimée : HKCU\Software\DataMngr
Clé Supprimée : HKCU\Software\SweetIm
Clé Supprimée : HKCU\Software\AppDataLow\Software\searchqutoolbar
Clé Supprimée : HKLM\SOFTWARE\Babylon
Clé Supprimée : HKLM\SOFTWARE\SweetIM
Clé Supprimée : HKLM\SOFTWARE\Viewpoint
Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079a25-328f-4bd4-be04-00955acaa0a7}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079a25-328f-4bd4-be04-00955acaa0a7}]
***** [Navigateurs] *****
-\\ Internet Explorer v8.0.6001.18904
[OK] Le registre ne contient aucune entrée illégitime.
-\\ Google Chrome v17.0.963.56
Fichier : C:\Users\Flavie\AppData\Local\Google\Chrome\User Data\Default\Preferences
Supprimée : "host_referral_list": [ 2, [ "hxxp://4xe6ra1yhz.s.ad6media.fr/", [ "hxxp://4xe6ra1yhz.s.ad6med[...]
Supprimée : "name": "GreenWebPlayer",
Supprimée : "path": "npgreenwebplayer.dll",
Supprimée : "update_url": "hxxp://download.greentube.com/magic/games/sc12/webplayer/plugin/update[...]
Supprimée : "name": "GreenWebPlayer",
Supprimée : "path": "C:\\Users\\Flavie\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\[...]
Supprimée : "name": "GreenWebPlayer"
*************************
AdwCleaner[S1].txt - [5032 octets] - [18/02/2012 17:26:14]
*************************
Dossier Temporaire : 45 dossier(s) et 247 fichier(s) supprimés
########## EOF - C:\AdwCleaner[S1].txt - [5255 octets] ##########
############################## | UsbFix V 7.081 | [Suppression]
Utilisateur: Flavie (Administrateur) # PC-DE-FLAVIE
Mis à jour le 05/02/2012 par El Desaparecido
Lancé à 17:39:20 | 18/02/2012
Site Web: https://www.sosvirus.net/
Fichier suspect ? : http://eldesaparecido.com/upload.html
Contact: contact@eldesaparecido.com
PC: Hewlett-Packard (HP Pavilion dv6700 Notebook PC ) (X86-based PC) # Notebook
CPU: AMD Turion(tm) 64 X2 Mobile Technology TL-62 (2100)
RAM -> [ Total : 3070 | Free : 1678 ]
BIOS: PhoenixBIOS 4.0 Release 6.1
BOOT: Normal boot
OS: Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6000 32-Bit) #
WB: Windows Internet Explorer 8.0.6001.18904
SC: Security Center Service [ Enabled ]
WU: Windows Update Service [ Enabled ]
FW: Windows FireWall Service [ Enabled ]
C:\ (%systemdrive%) -> Disque fixe # 286 Go (84 Go libre(s) - 29%) [] # NTFS
D:\ -> Disque fixe # 12 Go (2 Go libre(s) - 14%) [HP_RECOVERY] # NTFS
E:\ -> CD-ROM
K:\ -> Disque fixe # 466 Go (105 Go libre(s) - 23%) [SAMSUNG] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (472)
C:\Windows\system32\csrss.exe (524)
C:\Windows\system32\wininit.exe (532)
C:\Windows\system32\services.exe (572)
C:\Windows\system32\lsass.exe (588)
C:\Windows\system32\lsm.exe (612)
C:\Windows\system32\winlogon.exe (620)
C:\Windows\system32\svchost.exe (784)
C:\Windows\system32\svchost.exe (848)
C:\Windows\System32\svchost.exe (944)
C:\Windows\System32\svchost.exe (968)
C:\Windows\system32\svchost.exe (988)
C:\Windows\system32\svchost.exe (1112)
C:\Windows\system32\SLsvc.exe (1128)
C:\Windows\system32\svchost.exe (1184)
C:\Windows\system32\svchost.exe (1308)
C:\Windows\System32\spoolsv.exe (1600)
C:\Program Files\Avira\AntiVir Desktop\sched.exe (1624)
C:\Windows\system32\svchost.exe (1644)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1816)
C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1848)
C:\Windows\system32\svchost.exe (1884)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe (1904)
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (2028)
C:\Windows\System32\svchost.exe (296)
C:\Windows\System32\svchost.exe (440)
C:\Windows\system32\svchost.exe (452)
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe (476)
C:\Windows\system32\Dwm.exe (2100)
C:\Windows\system32\taskeng.exe (2168)
C:\Windows\Explorer.EXE (2176)
C:\Windows\system32\taskeng.exe (2212)
C:\Program Files\Google\Update\GoogleUpdate.exe (2228)
C:\Program Files\CyberLink\Shared Files\RichVideo.exe (2264)
C:\Program Files\SFR\Gestionnaire de Connexion 3G SFR\SFRABCDService.exe (2292)
C:\Windows\system32\svchost.exe (2320)
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (2348)
C:\Windows\System32\svchost.exe (2440)
C:\Windows\system32\SearchIndexer.exe (2460)
C:\Windows\system32\DRIVERS\xaudio.exe (2556)
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (2580)
C:\Program Files\Windows Sidebar\sidebar.exe (2756)
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (2796)
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (2812)
C:\Windows\ehome\ehtray.exe (2820)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe (2880)
C:\Program Files\Skype\Phone\Skype.exe (3012)
C:\Users\Flavie\AppData\Local\Google\Update\GoogleUpdate.exe (3068)
C:\Program Files\uTorrent\uTorrent.exe (3120)
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe (3156)
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (3164)
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (3188)
C:\Program Files\OpenOffice.org 3\program\soffice.exe (3644)
C:\Windows\system32\NOTEPAD.EXE (3660)
C:\Windows\ehome\ehmsas.exe (3712)
C:\Program Files\OpenOffice.org 3\program\soffice.bin (3872)
C:\Users\Flavie\AppData\Local\Google\Chrome\Application\chrome.exe (2148)
C:\Users\Flavie\AppData\Local\Google\Chrome\Application\chrome.exe (1156)
C:\Program Files\Windows Media Player\wmpnscfg.exe (1424)
C:\Windows\system32\rundll32.exe (3280)
C:\Users\Flavie\AppData\Local\Google\Chrome\Application\chrome.exe (1444)
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (2520)
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (2984)
C:\Windows\system32\wbem\wmiprvse.exe (6068)
C:\UsbFix\Go.exe (4280)
C:\Windows\system32\sdclt.exe (4772)
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (4788)
################## | Processus Stoppés |
Stoppé! C:\Windows\system32\SLsvc.exe (1128)
Stoppé! C:\Windows\System32\spoolsv.exe (1600)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\sched.exe (1624)
Stoppé! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1816)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1848)
Stoppé! C:\Program Files\Common Files\LightScribe\LSSrvc.exe (1904)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (2028)
Stoppé! C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe (476)
Stoppé! C:\Windows\system32\taskeng.exe (2168)
Stoppé! C:\Windows\system32\taskeng.exe (2212)
Stoppé! C:\Program Files\Google\Update\GoogleUpdate.exe (2228)
Stoppé! C:\Program Files\CyberLink\Shared Files\RichVideo.exe (2264)
Stoppé! C:\Program Files\SFR\Gestionnaire de Connexion 3G SFR\SFRABCDService.exe (2292)
Stoppé! C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (2348)
Stoppé! C:\Windows\system32\SearchIndexer.exe (2460)
Stoppé! C:\Windows\system32\DRIVERS\xaudio.exe (2556)
Stoppé! C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (2580)
Stoppé! C:\Program Files\Windows Sidebar\sidebar.exe (2756)
Stoppé! C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (2796)
Stoppé! C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (2812)
Stoppé! C:\Windows\ehome\ehtray.exe (2820)
Stoppé! C:\Program Files\Windows Live\Messenger\msnmsgr.exe (2880)
Stoppé! C:\Program Files\Skype\Phone\Skype.exe (3012)
Stoppé! C:\Users\Flavie\AppData\Local\Google\Update\GoogleUpdate.exe (3068)
Stoppé! C:\Program Files\uTorrent\uTorrent.exe (3120)
Stoppé! C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe (3156)
Stoppé! C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (3164)
Stoppé! C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (3188)
Stoppé! C:\Program Files\OpenOffice.org 3\program\soffice.exe (3644)
Stoppé! C:\Windows\ehome\ehmsas.exe (3712)
Stoppé! C:\Program Files\OpenOffice.org 3\program\soffice.bin (3872)
Stoppé! C:\Users\Flavie\AppData\Local\Google\Chrome\Application\chrome.exe (2148)
Stoppé! C:\Users\Flavie\AppData\Local\Google\Chrome\Application\chrome.exe (1156)
Stoppé! C:\Program Files\Windows Media Player\wmpnscfg.exe (1424)
Stoppé! C:\Windows\system32\rundll32.exe (3280)
Stoppé! C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (2520)
Stoppé! c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (2984)
Stoppé! C:\Windows\system32\sdclt.exe (4772)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (4788)
Stoppé! \\?\C:\Windows\system32\wbem\WMIADAP.EXE (4912)
################## | Éléments infectieux |
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-1453765893-1662031185-888260578-500
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-2928176791-2539531792-2359758228-1000
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-2928176791-2539531792-2359758228-500
Supprimé! D:\$RECYCLE.BIN\S-1-5-21-2928176791-2539531792-2359758228-1000
Supprimé! D:\$RECYCLE.BIN\S-1-5-21-2928176791-2539531792-2359758228-500
Supprimé! C:\user.js
(!) Fichiers temporaires supprimés.
################## | Registre |
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|userinit
################## | Mountpoints2 |
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{6c4f017b-2f63-11df-a246-d539c4a9c024}
################## | Listing |
[18/02/2012 - 17:42:29 | SHD ] C:\$Recycle.bin
[18/02/2012 - 17:26:30 | N | 5256] C:\AdwCleaner[S1].txt
[22/02/2008 - 16:05:35 | N | 74] C:\autoexec.bat
[29/01/2011 - 18:11:34 | N | 5349] C:\bdlog.txt
[27/01/2011 - 16:46:34 | D ] C:\Binaries
[09/11/2006 - 14:01:51 | D ] C:\boot
[02/11/2006 - 10:53:57 | RASH | 438840] C:\bootmgr
[18/09/2006 - 22:43:37 | N | 10] C:\config.sys
[22/02/2008 - 16:30:40 | D ] C:\CVS
[02/11/2006 - 14:02:03 | SHD ] C:\Documents and Settings
[26/03/2010 - 18:31:36 | D ] C:\found.000
[12/12/2011 - 21:04:11 | D ] C:\Games
[06/05/2008 - 16:28:51 | D ] C:\HP
[08/12/2008 - 14:41:27 | N | 0] C:\IO.SYS
[22/02/2008 - 15:42:02 | N | 360] C:\IPH.PH
[18/02/2012 - 17:14:28 | D ] C:\Kill'em
[08/12/2008 - 14:41:27 | N | 0] C:\MSDOS.SYS
[22/02/2008 - 16:15:21 | RD ] C:\MSOCache
[18/02/2012 - 17:28:11 | ASH | 3534094336] C:\pagefile.sys
[12/02/2009 - 08:06:30 | D ] C:\PerfLogs
[18/02/2012 - 17:12:23 | D ] C:\Program Files
[18/02/2012 - 17:12:24 | D ] C:\ProgramData
[19/01/2009 - 20:19:30 | D ] C:\SWSetup
[18/02/2012 - 16:47:10 | SHD ] C:\System Volume Information
[04/12/2008 - 12:03:58 | D ] C:\System.sav
[24/03/2010 - 19:18:44 | D ] C:\Tixel
[05/05/2011 - 21:38:32 | N | 894] C:\updatedatfix.log
[18/02/2012 - 17:42:30 | D ] C:\UsbFix
[18/02/2012 - 17:40:00 | A | 9142] C:\UsbFix.txt
[29/06/2008 - 13:42:34 | D ] C:\Users
[03/02/2012 - 08:04:55 | D ] C:\Windows
[22/01/2009 - 08:13:31 | D ] C:\xmldata
[18/02/2012 - 17:42:29 | SHD ] D:\$RECYCLE.BIN
[11/09/2005 - 16:18:54 | N | 340] D:\AUTOMODE
[29/06/2008 - 15:54:48 | N | 1507] D:\BDWizReg.log
[29/06/2008 - 13:43:00 | N | 13] D:\BLOCK.RIN
[06/05/2008 - 18:34:43 | D ] D:\boot
[04/10/2006 - 00:02:44 | SH | 438328] D:\bootmgr
[06/09/2008 - 12:19:22 | SH | 891] D:\Desktop.ini
[10/09/2002 - 17:14:28 | N | 8134] D:\Folder.htt
[06/05/2008 - 18:34:43 | D ] D:\HP
[10/03/2009 - 23:46:20 | N | 22] D:\HPCD.sys
[10/03/2009 - 23:30:23 | N | 926] D:\MASTER.LOG
[10/03/2009 - 23:46:21 | D ] D:\preload
[16/09/2002 - 15:37:48 | N | 181898] D:\protect.chinese hong kong
[16/09/2002 - 15:37:40 | N | 181916] D:\protect.chinese simplified
[16/09/2002 - 15:37:48 | N | 181898] D:\protect.chinese traditional
[27/04/2006 - 17:19:40 | N | 181865] D:\protect.czech
[03/11/2005 - 16:21:26 | N | 181726] D:\protect.danish
[10/09/2002 - 14:56:12 | N | 181605] D:\protect.dutch
[10/09/2002 - 14:50:18 | N | 181651] D:\protect.ed
[22/11/2004 - 16:28:30 | N | 181648] D:\protect.english
[03/11/2005 - 16:20:20 | N | 181673] D:\protect.finnish
[03/11/2005 - 16:19:52 | N | 181736] D:\protect.french
[03/11/2005 - 16:18:10 | N | 181669] D:\protect.german
[23/11/2005 - 16:56:46 | N | 182689] D:\protect.greek
[23/01/2006 - 10:18:00 | N | 182605] D:\protect.hebrew
[28/08/2007 - 15:58:08 | N | 181696] D:\protect.hungarian
[03/11/2005 - 16:17:00 | N | 181554] D:\protect.italian
[10/04/2006 - 10:46:30 | N | 182566] D:\protect.japanese
[24/11/2005 - 12:24:44 | N | 218295] D:\protect.korean
[03/11/2005 - 16:15:12 | N | 181578] D:\protect.norwegian
[25/04/2006 - 15:44:10 | N | 181789] D:\protect.polish
[03/11/2005 - 16:13:12 | N | 181624] D:\protect.portuguese
[27/10/2005 - 20:24:10 | N | 181882] D:\protect.portuguese brazilian
[28/06/2004 - 09:52:46 | N | 211936] D:\protect.russian
[03/11/2005 - 16:11:46 | N | 181586] D:\protect.spanish
[10/09/2002 - 15:15:06 | N | 181602] D:\protect.swedish
[12/08/2003 - 11:37:30 | N | 181783] D:\protect.turkish
[10/03/2009 - 22:09:59 | N | 26] D:\RCBoot.sys
[06/05/2008 - 18:34:45 | RD ] D:\RECOVERY
[06/05/2008 - 18:34:44 | D ] D:\SOURCES
[18/02/2012 - 16:47:12 | SHD ] D:\System Volume Information
[06/05/2008 - 18:34:45 | D ] D:\Tools
[10/03/2009 - 22:08:54 | N | 14] D:\USER
[06/05/2008 - 18:34:44 | D ] D:\WINDOWS
################## | Vaccin |
C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | Upload |
Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_PC-DE-FLAVIE.zip
http://eldesaparecido.com/upload.html
Merci de votre contribution.
################## | E.O.F |
Utilisateur: Flavie (Administrateur) # PC-DE-FLAVIE
Mis à jour le 05/02/2012 par El Desaparecido
Lancé à 17:39:20 | 18/02/2012
Site Web: https://www.sosvirus.net/
Fichier suspect ? : http://eldesaparecido.com/upload.html
Contact: contact@eldesaparecido.com
PC: Hewlett-Packard (HP Pavilion dv6700 Notebook PC ) (X86-based PC) # Notebook
CPU: AMD Turion(tm) 64 X2 Mobile Technology TL-62 (2100)
RAM -> [ Total : 3070 | Free : 1678 ]
BIOS: PhoenixBIOS 4.0 Release 6.1
BOOT: Normal boot
OS: Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6000 32-Bit) #
WB: Windows Internet Explorer 8.0.6001.18904
SC: Security Center Service [ Enabled ]
WU: Windows Update Service [ Enabled ]
FW: Windows FireWall Service [ Enabled ]
C:\ (%systemdrive%) -> Disque fixe # 286 Go (84 Go libre(s) - 29%) [] # NTFS
D:\ -> Disque fixe # 12 Go (2 Go libre(s) - 14%) [HP_RECOVERY] # NTFS
E:\ -> CD-ROM
K:\ -> Disque fixe # 466 Go (105 Go libre(s) - 23%) [SAMSUNG] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (472)
C:\Windows\system32\csrss.exe (524)
C:\Windows\system32\wininit.exe (532)
C:\Windows\system32\services.exe (572)
C:\Windows\system32\lsass.exe (588)
C:\Windows\system32\lsm.exe (612)
C:\Windows\system32\winlogon.exe (620)
C:\Windows\system32\svchost.exe (784)
C:\Windows\system32\svchost.exe (848)
C:\Windows\System32\svchost.exe (944)
C:\Windows\System32\svchost.exe (968)
C:\Windows\system32\svchost.exe (988)
C:\Windows\system32\svchost.exe (1112)
C:\Windows\system32\SLsvc.exe (1128)
C:\Windows\system32\svchost.exe (1184)
C:\Windows\system32\svchost.exe (1308)
C:\Windows\System32\spoolsv.exe (1600)
C:\Program Files\Avira\AntiVir Desktop\sched.exe (1624)
C:\Windows\system32\svchost.exe (1644)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1816)
C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1848)
C:\Windows\system32\svchost.exe (1884)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe (1904)
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (2028)
C:\Windows\System32\svchost.exe (296)
C:\Windows\System32\svchost.exe (440)
C:\Windows\system32\svchost.exe (452)
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe (476)
C:\Windows\system32\Dwm.exe (2100)
C:\Windows\system32\taskeng.exe (2168)
C:\Windows\Explorer.EXE (2176)
C:\Windows\system32\taskeng.exe (2212)
C:\Program Files\Google\Update\GoogleUpdate.exe (2228)
C:\Program Files\CyberLink\Shared Files\RichVideo.exe (2264)
C:\Program Files\SFR\Gestionnaire de Connexion 3G SFR\SFRABCDService.exe (2292)
C:\Windows\system32\svchost.exe (2320)
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (2348)
C:\Windows\System32\svchost.exe (2440)
C:\Windows\system32\SearchIndexer.exe (2460)
C:\Windows\system32\DRIVERS\xaudio.exe (2556)
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (2580)
C:\Program Files\Windows Sidebar\sidebar.exe (2756)
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (2796)
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (2812)
C:\Windows\ehome\ehtray.exe (2820)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe (2880)
C:\Program Files\Skype\Phone\Skype.exe (3012)
C:\Users\Flavie\AppData\Local\Google\Update\GoogleUpdate.exe (3068)
C:\Program Files\uTorrent\uTorrent.exe (3120)
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe (3156)
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (3164)
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (3188)
C:\Program Files\OpenOffice.org 3\program\soffice.exe (3644)
C:\Windows\system32\NOTEPAD.EXE (3660)
C:\Windows\ehome\ehmsas.exe (3712)
C:\Program Files\OpenOffice.org 3\program\soffice.bin (3872)
C:\Users\Flavie\AppData\Local\Google\Chrome\Application\chrome.exe (2148)
C:\Users\Flavie\AppData\Local\Google\Chrome\Application\chrome.exe (1156)
C:\Program Files\Windows Media Player\wmpnscfg.exe (1424)
C:\Windows\system32\rundll32.exe (3280)
C:\Users\Flavie\AppData\Local\Google\Chrome\Application\chrome.exe (1444)
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (2520)
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (2984)
C:\Windows\system32\wbem\wmiprvse.exe (6068)
C:\UsbFix\Go.exe (4280)
C:\Windows\system32\sdclt.exe (4772)
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (4788)
################## | Processus Stoppés |
Stoppé! C:\Windows\system32\SLsvc.exe (1128)
Stoppé! C:\Windows\System32\spoolsv.exe (1600)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\sched.exe (1624)
Stoppé! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1816)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1848)
Stoppé! C:\Program Files\Common Files\LightScribe\LSSrvc.exe (1904)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (2028)
Stoppé! C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe (476)
Stoppé! C:\Windows\system32\taskeng.exe (2168)
Stoppé! C:\Windows\system32\taskeng.exe (2212)
Stoppé! C:\Program Files\Google\Update\GoogleUpdate.exe (2228)
Stoppé! C:\Program Files\CyberLink\Shared Files\RichVideo.exe (2264)
Stoppé! C:\Program Files\SFR\Gestionnaire de Connexion 3G SFR\SFRABCDService.exe (2292)
Stoppé! C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (2348)
Stoppé! C:\Windows\system32\SearchIndexer.exe (2460)
Stoppé! C:\Windows\system32\DRIVERS\xaudio.exe (2556)
Stoppé! C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (2580)
Stoppé! C:\Program Files\Windows Sidebar\sidebar.exe (2756)
Stoppé! C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (2796)
Stoppé! C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (2812)
Stoppé! C:\Windows\ehome\ehtray.exe (2820)
Stoppé! C:\Program Files\Windows Live\Messenger\msnmsgr.exe (2880)
Stoppé! C:\Program Files\Skype\Phone\Skype.exe (3012)
Stoppé! C:\Users\Flavie\AppData\Local\Google\Update\GoogleUpdate.exe (3068)
Stoppé! C:\Program Files\uTorrent\uTorrent.exe (3120)
Stoppé! C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe (3156)
Stoppé! C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (3164)
Stoppé! C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (3188)
Stoppé! C:\Program Files\OpenOffice.org 3\program\soffice.exe (3644)
Stoppé! C:\Windows\ehome\ehmsas.exe (3712)
Stoppé! C:\Program Files\OpenOffice.org 3\program\soffice.bin (3872)
Stoppé! C:\Users\Flavie\AppData\Local\Google\Chrome\Application\chrome.exe (2148)
Stoppé! C:\Users\Flavie\AppData\Local\Google\Chrome\Application\chrome.exe (1156)
Stoppé! C:\Program Files\Windows Media Player\wmpnscfg.exe (1424)
Stoppé! C:\Windows\system32\rundll32.exe (3280)
Stoppé! C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (2520)
Stoppé! c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (2984)
Stoppé! C:\Windows\system32\sdclt.exe (4772)
Stoppé! C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (4788)
Stoppé! \\?\C:\Windows\system32\wbem\WMIADAP.EXE (4912)
################## | Éléments infectieux |
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-1453765893-1662031185-888260578-500
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-2928176791-2539531792-2359758228-1000
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-2928176791-2539531792-2359758228-500
Supprimé! D:\$RECYCLE.BIN\S-1-5-21-2928176791-2539531792-2359758228-1000
Supprimé! D:\$RECYCLE.BIN\S-1-5-21-2928176791-2539531792-2359758228-500
Supprimé! C:\user.js
(!) Fichiers temporaires supprimés.
################## | Registre |
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|userinit
################## | Mountpoints2 |
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{6c4f017b-2f63-11df-a246-d539c4a9c024}
################## | Listing |
[18/02/2012 - 17:42:29 | SHD ] C:\$Recycle.bin
[18/02/2012 - 17:26:30 | N | 5256] C:\AdwCleaner[S1].txt
[22/02/2008 - 16:05:35 | N | 74] C:\autoexec.bat
[29/01/2011 - 18:11:34 | N | 5349] C:\bdlog.txt
[27/01/2011 - 16:46:34 | D ] C:\Binaries
[09/11/2006 - 14:01:51 | D ] C:\boot
[02/11/2006 - 10:53:57 | RASH | 438840] C:\bootmgr
[18/09/2006 - 22:43:37 | N | 10] C:\config.sys
[22/02/2008 - 16:30:40 | D ] C:\CVS
[02/11/2006 - 14:02:03 | SHD ] C:\Documents and Settings
[26/03/2010 - 18:31:36 | D ] C:\found.000
[12/12/2011 - 21:04:11 | D ] C:\Games
[06/05/2008 - 16:28:51 | D ] C:\HP
[08/12/2008 - 14:41:27 | N | 0] C:\IO.SYS
[22/02/2008 - 15:42:02 | N | 360] C:\IPH.PH
[18/02/2012 - 17:14:28 | D ] C:\Kill'em
[08/12/2008 - 14:41:27 | N | 0] C:\MSDOS.SYS
[22/02/2008 - 16:15:21 | RD ] C:\MSOCache
[18/02/2012 - 17:28:11 | ASH | 3534094336] C:\pagefile.sys
[12/02/2009 - 08:06:30 | D ] C:\PerfLogs
[18/02/2012 - 17:12:23 | D ] C:\Program Files
[18/02/2012 - 17:12:24 | D ] C:\ProgramData
[19/01/2009 - 20:19:30 | D ] C:\SWSetup
[18/02/2012 - 16:47:10 | SHD ] C:\System Volume Information
[04/12/2008 - 12:03:58 | D ] C:\System.sav
[24/03/2010 - 19:18:44 | D ] C:\Tixel
[05/05/2011 - 21:38:32 | N | 894] C:\updatedatfix.log
[18/02/2012 - 17:42:30 | D ] C:\UsbFix
[18/02/2012 - 17:40:00 | A | 9142] C:\UsbFix.txt
[29/06/2008 - 13:42:34 | D ] C:\Users
[03/02/2012 - 08:04:55 | D ] C:\Windows
[22/01/2009 - 08:13:31 | D ] C:\xmldata
[18/02/2012 - 17:42:29 | SHD ] D:\$RECYCLE.BIN
[11/09/2005 - 16:18:54 | N | 340] D:\AUTOMODE
[29/06/2008 - 15:54:48 | N | 1507] D:\BDWizReg.log
[29/06/2008 - 13:43:00 | N | 13] D:\BLOCK.RIN
[06/05/2008 - 18:34:43 | D ] D:\boot
[04/10/2006 - 00:02:44 | SH | 438328] D:\bootmgr
[06/09/2008 - 12:19:22 | SH | 891] D:\Desktop.ini
[10/09/2002 - 17:14:28 | N | 8134] D:\Folder.htt
[06/05/2008 - 18:34:43 | D ] D:\HP
[10/03/2009 - 23:46:20 | N | 22] D:\HPCD.sys
[10/03/2009 - 23:30:23 | N | 926] D:\MASTER.LOG
[10/03/2009 - 23:46:21 | D ] D:\preload
[16/09/2002 - 15:37:48 | N | 181898] D:\protect.chinese hong kong
[16/09/2002 - 15:37:40 | N | 181916] D:\protect.chinese simplified
[16/09/2002 - 15:37:48 | N | 181898] D:\protect.chinese traditional
[27/04/2006 - 17:19:40 | N | 181865] D:\protect.czech
[03/11/2005 - 16:21:26 | N | 181726] D:\protect.danish
[10/09/2002 - 14:56:12 | N | 181605] D:\protect.dutch
[10/09/2002 - 14:50:18 | N | 181651] D:\protect.ed
[22/11/2004 - 16:28:30 | N | 181648] D:\protect.english
[03/11/2005 - 16:20:20 | N | 181673] D:\protect.finnish
[03/11/2005 - 16:19:52 | N | 181736] D:\protect.french
[03/11/2005 - 16:18:10 | N | 181669] D:\protect.german
[23/11/2005 - 16:56:46 | N | 182689] D:\protect.greek
[23/01/2006 - 10:18:00 | N | 182605] D:\protect.hebrew
[28/08/2007 - 15:58:08 | N | 181696] D:\protect.hungarian
[03/11/2005 - 16:17:00 | N | 181554] D:\protect.italian
[10/04/2006 - 10:46:30 | N | 182566] D:\protect.japanese
[24/11/2005 - 12:24:44 | N | 218295] D:\protect.korean
[03/11/2005 - 16:15:12 | N | 181578] D:\protect.norwegian
[25/04/2006 - 15:44:10 | N | 181789] D:\protect.polish
[03/11/2005 - 16:13:12 | N | 181624] D:\protect.portuguese
[27/10/2005 - 20:24:10 | N | 181882] D:\protect.portuguese brazilian
[28/06/2004 - 09:52:46 | N | 211936] D:\protect.russian
[03/11/2005 - 16:11:46 | N | 181586] D:\protect.spanish
[10/09/2002 - 15:15:06 | N | 181602] D:\protect.swedish
[12/08/2003 - 11:37:30 | N | 181783] D:\protect.turkish
[10/03/2009 - 22:09:59 | N | 26] D:\RCBoot.sys
[06/05/2008 - 18:34:45 | RD ] D:\RECOVERY
[06/05/2008 - 18:34:44 | D ] D:\SOURCES
[18/02/2012 - 16:47:12 | SHD ] D:\System Volume Information
[06/05/2008 - 18:34:45 | D ] D:\Tools
[10/03/2009 - 22:08:54 | N | 14] D:\USER
[06/05/2008 - 18:34:44 | D ] D:\WINDOWS
################## | Vaccin |
C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | Upload |
Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_PC-DE-FLAVIE.zip
http://eldesaparecido.com/upload.html
Merci de votre contribution.
################## | E.O.F |
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Version de la base de données: v2012.02.18.06
Windows Vista x86 NTFS
Internet Explorer 8.0.6001.18904
Flavie :: PC-DE-FLAVIE [administrateur]
18/02/2012 17:52:24
mbam-log-2012-02-18 (17-52-24).txt
Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 412750
Temps écoulé: 4 heure(s), 39 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 4
HKCR\CLSID\{A3EF6FD4-4769-4734-9494-4707087225B9} (Trojan.Banker) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3EF6FD4-4769-4734-9494-4707087225B9} (Trojan.Banker) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A3EF6FD4-4769-4734-9494-4707087225B9} (Trojan.Banker) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3EF6FD4-4769-4734-9494-4707087225B9} (Trojan.Banker) -> Mis en quarantaine et supprimé avec succès.
Valeur(s) du Registre détectée(s): 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|$Recycle$.exe (Trojan.SpyEyes) -> Données: C:\$Recycle$\$Recycle$.exe -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Llicizufazem (Trojan.Agent.U) -> Données: rundll32.exe "C:\Users\Flavie\AppData\Local\KBDTPI.dll",Startup -> Mis en quarantaine et supprimé avec succès.
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)
(fin)
www.malwarebytes.org
Version de la base de données: v2012.02.18.06
Windows Vista x86 NTFS
Internet Explorer 8.0.6001.18904
Flavie :: PC-DE-FLAVIE [administrateur]
18/02/2012 17:52:24
mbam-log-2012-02-18 (17-52-24).txt
Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 412750
Temps écoulé: 4 heure(s), 39 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 4
HKCR\CLSID\{A3EF6FD4-4769-4734-9494-4707087225B9} (Trojan.Banker) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3EF6FD4-4769-4734-9494-4707087225B9} (Trojan.Banker) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A3EF6FD4-4769-4734-9494-4707087225B9} (Trojan.Banker) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3EF6FD4-4769-4734-9494-4707087225B9} (Trojan.Banker) -> Mis en quarantaine et supprimé avec succès.
Valeur(s) du Registre détectée(s): 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|$Recycle$.exe (Trojan.SpyEyes) -> Données: C:\$Recycle$\$Recycle$.exe -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Llicizufazem (Trojan.Agent.U) -> Données: rundll32.exe "C:\Users\Flavie\AppData\Local\KBDTPI.dll",Startup -> Mis en quarantaine et supprimé avec succès.
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)
(fin)
Voici le lien vers le fichier texte : https://pjjoint.malekal.com/files.php?id=20120217_q13p9x5h5f7
Merci beaucoup de ton aide!