
sissi-13
6 sept. 2013 à 10:51
Malekal_morte-
6 sept. 2013 à 21:05

J ai depuis ce matin un virus ou programme indésirable adware/bprotect.D.
Pourriez-vous m'aider à m'en débarrasser svp?
Merci ^^

Malekal_morte-
6 sept. 2013 à 10:51
6 sept. 2013 à 10:51

Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
Sur la page d'AdwCleaner, à droite, clic sur la disquette grise avec la flèche verte pour lancer le téléchargement.
Lance AdwCleaner, clique sur [Scanner] puis patiente (PAS besoin de copier/coller le rapport ici).
Quand cela est terminé, clic sur [Nettoyage].
!!! je répète faire [Nettoyage] !!!
Clic sur Rapport puis copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site pour héberger le rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt


Faire un scan OTL pour diagnostiquer les programmes qui tournent et déceler des infections - Le programme va générer deux rapports OTL.txt et Extras.txt
Fournir les deux rapports :

Tu peux suivre les indications de cette page pour t'aider :

* Télécharge sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).

* Lance OTL
* En haut à droite de Analyse rapide, coche "tous les utilisateurs"
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :

%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.exe /s
%temp%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%windir%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor /s
HKEY_CURRENT_USER\Software\Microsoft\Command Processor /s
nslookup /c
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

* Clique sur le bouton Analyse.

* Quand le scan est fini, utilise le site pour envoyer le rapport OTL.txt (et Extra.txt si présent).
Donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.
Je répète : donne le lien du rapport pjjoint ici dans un nouveau message.


sissi-13
6 sept. 2013 à 11:16
6 sept. 2013 à 11:16
Merci beaucoup pour ta réponse, voici le rapport comme prévu, je t'envoie la suite.
# AdwCleaner v3.002 - Rapport créé le 06/09/2013 à 11:01:05
# Mis à jour le 01/09/2013 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : internet - PC-INTERNET
# Exécuté depuis : D:\Téléchargements\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****

Service Supprimé : Browser Manager

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\Documents and Settings\All Users\Application Data\Babylon
[!] Dossier Supprimé : C:\Documents and Settings\All Users\Application Data\Browser Manager
Dossier Supprimé : C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
Dossier Supprimé : C:\Program Files\Giant Savings
Dossier Supprimé : C:\Documents and Settings\internet\IECompatCache
Dossier Supprimé : C:\Documents and Settings\internet\Local Settings\Application Data\Giant Savings
Dossier Supprimé : C:\Documents and Settings\internet\Application Data\Babylon
Dossier Supprimé : C:\Documents and Settings\internet\Application Data\DriverCure
Dossier Supprimé : C:\Documents and Settings\internet\Application Data\file scout
Dossier Supprimé : C:\Documents and Settings\internet\Application Data\iWin
Dossier Supprimé : C:\Documents and Settings\internet\Application Data\SpeedMaxPc
Fichier Supprimé : C:\Documents and Settings\internet\Application Data\Mozilla\Firefox\Profiles\xq71cxli.default\bprotector_extensions.sqlite
Fichier Supprimé : C:\Documents and Settings\internet\Application Data\Mozilla\Firefox\Profiles\xq71cxli.default\bprotector_prefs.js
Fichier Supprimé : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Fichier Supprimé : C:\Documents and Settings\internet\Application Data\Mozilla\Firefox\Profiles\xq71cxli.default\user.js
Fichier Supprimé : C:\Documents and Settings\internet\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data

***** [ Raccourcis ] *****

***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO.1
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
Clé Supprimée : HKCU\Software\ded6dab034ea17
Clé Supprimée : HKLM\SOFTWARE\ded6dab034ea17
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444479}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Clé Supprimée : HKCU\Software\BabSolution
Clé Supprimée : HKCU\Software\BrowserMngr
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\Cr_Installer
Clé Supprimée : HKCU\Software\Crossrider
Clé Supprimée : HKCU\Software\DataMngr
Clé Supprimée : HKCU\Software\Giant Savings
Clé Supprimée : HKCU\Software\IM
Clé Supprimée : HKCU\Software\ImInstaller
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\InstalledBrowserExtensions
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\SpeedMaxPC
Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar
Clé Supprimée : HKLM\Software\Babylon
Clé Supprimée : HKLM\Software\Boxore
Clé Supprimée : HKLM\Software\BrowserMngr
Clé Supprimée : HKLM\Software\DataMngr
Clé Supprimée : HKLM\Software\ImInstaller
Clé Supprimée : HKLM\Software\SpeedMaxPC
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Giant Savings

***** [ Navigateurs ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v23.0.1 (fr)

[ Fichier : C:\Documents and Settings\internet\Application Data\Mozilla\Firefox\Profiles\xq71cxli.default\prefs.js ]

Ligne Supprimée : user_pref("extensions.BabylonToolbar.admin", false);
Ligne Supprimée : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.excTlbr", false);
Ligne Supprimée : user_pref("", "f883486f000000000000000c763fc33a");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.instlDay", "15624");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.vrsn", "");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.vrsni", "");
Ligne Supprimée : user_pref("extensions.BabylonToolbar_i.babExt", "");
Ligne Supprimée : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113357&tt=270912_7a_3912_6");
Ligne Supprimée : user_pref("extensions.BabylonToolbar_i.newTab", false);
Ligne Supprimée : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Ligne Supprimée : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Ligne Supprimée : user_pref("extensions.BabylonToolbar_i.vrsnTs", "");


AdwCleaner[R0].txt - [8294 octets] - [06/09/2013 10:58:14]
AdwCleaner[S0].txt - [8356 octets] - [06/09/2013 11:01:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8416 octets] ##########
sissi-13
6 sept. 2013 à 12:07
6 sept. 2013 à 12:07
voici la suite

OTL Extras logfile created on: 06/09/2013 11:17:55 - Run 1
OTL by OldTimer - Version Folder = D:\Téléchargements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 71,16% Memory free
3,85 Gb Paging File | 3,34 Gb Available in Paging File | 86,65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38,39 Gb Total Space | 16,38 Gb Free Space | 42,68% Space Free | Partition Type: NTFS
Drive D: | 36,13 Gb Total Space | 13,02 Gb Free Space | 36,02% Space Free | Partition Type: NTFS

Computer Name: PC-INTERNET | User Name: internet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========/color

[color=#E56717]========== File Associations ==========/color

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========/color

batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Documents and Settings\internet\Application Data\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

"Start" = 0

"Start" = 2

[color=#E56717]========== Firewall Settings ==========/color

"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========/color

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxdncoms.exe" = C:\WINDOWS\system32\lxdncoms.exe:*:Enabled:2600 Series Server -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========/color

"{043F86B7-EE12-3399-B2CA-D0B603D87963}" = Microsoft .NET Framework 4 Extended FRA Language Pack
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8}" = Microsoft Antimalware Service FR-FR Language Pack
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype(TM) 6.3
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client FR-FR Language Pack
"{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}" = Microsoft .NET Framework 3.5 Language Pack - fra
"{5DB849D6-9392-4FB7-9ABB-87ED433152E5}" = LG United Mobile Drivers
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Français
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{C06EFB22-B5DB-46C5-9215-BCB5C19C0858}" = LauncherMA
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5D706E3-BF18-4106-B02E-F55A7F22DDEE}" = TRENDnet TEW-648UBM Wireless N USB Adapter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = RoboForm 7-9-0-0 (All Users)
"Avira AntiVir Desktop" = Avira Free Antivirus
"CamStudio 2.0 Fr_is1" = CamStudio 2.0 Fr
"CCleaner" = CCleaner
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Lexmark 2600 Series" = Lexmark 2600 Series
"LG PC Suite" = LG PC Suite
"Microsoft .NET Framework 3.5 Language Pack - fra" = Module linguistique Microsoft .NET Framework 3.5 - fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Extended FRA
"Mozilla Firefox 23.0.1 (x86 fr)" = Mozilla Firefox 23.0.1 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROPLUS" = Microsoft Office Professional Plus 2007
"Revo Uninstaller" = Revo Uninstaller 1.94
"SuperCopier2" = SuperCopier2
"VLC media player" = VLC media player 1.1.11
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== Last 20 Event Log Errors ==========/color

[ Application Events ]
Error - 03/06/2013 09:07:07 | Computer Name = PC-INTERNET | Source = Application Hang | ID = 1002
Description = Application bloquée wmplayer.exe, version 11.0.5721.5145, module bloqué
hungapp, version, adresse de blocage 0x00000000.

Error - 27/06/2013 04:45:46 | Computer Name = PC-INTERNET | Source = Application Error | ID = 1000
Description = Application défaillante skype.exe, version, module défaillant
kernel32.dll, version 5.1.2600.6293, adresse de défaillance 0x0000984e.

Error - 03/07/2013 13:49:54 | Computer Name = PC-INTERNET | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à : <>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.

Error - 03/07/2013 13:49:55 | Computer Name = PC-INTERNET | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à : <>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.

Error - 12/07/2013 10:40:42 | Computer Name = PC-INTERNET | Source = Application Error | ID = 1000
Description = Application défaillante FlashPlayerUpdateService.exe, version 11.6.602.180,
module défaillant ntdll.dll, version 5.1.2600.6055, adresse de défaillance 0x0001331a.

Error - 17/07/2013 06:17:31 | Computer Name = PC-INTERNET | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué
hungapp, version, adresse de blocage 0x00000000.

Error - 07/08/2013 16:05:05 | Computer Name = PC-INTERNET | Source = Avira Antivirus | ID = 4122
Description = Impossible de charger le fichier AvShadow. Code d'erreur : 0x3e5

Error - 27/08/2013 17:28:02 | Computer Name = PC-INTERNET | Source = Avira Antivirus | ID = 4118
Description = ERREUR D'EXCEPTION lors de l'accès à la fonction AVEPROC_TestFile()
pour le fichier F:\2007\corse 2007\IMGP1077.JPG. [ACCESS_VIOLATION Exception!! EIP
= 0x2048c32] Veuillez informer Avira et transmettre le fichier ci-dessus!

Error - 27/08/2013 17:31:26 | Computer Name = PC-INTERNET | Source = Avira Antivirus | ID = 4118
Description = ERREUR D'EXCEPTION lors de l'accès à la fonction AVEPROC_TestFile()
pour le fichier E:\2000\LE COUSIN DE LYON.JPG. [ACCESS_VIOLATION Exception!! EIP
= 0x2048c32] Veuillez informer Avira et transmettre le fichier ci-dessus!

Error - 27/08/2013 17:35:38 | Computer Name = PC-INTERNET | Source = Application Hang | ID = 1002
Description = Application bloquée explorer.exe, version 6.0.2900.5512, module bloqué
hungapp, version, adresse de blocage 0x00000000.

[ System Events ]
Error - 05/09/2013 15:21:37 | Computer Name = PC-INTERNET | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service

Error - 05/09/2013 15:21:37 | Computer Name = PC-INTERNET | Source = Service Control Manager | ID = 7000
Description = Le service lxdnCATSCustConnectService n'a pas pu démarrer en raison
de l'erreur : %%1053

Error - 05/09/2013 15:24:17 | Computer Name = PC-INTERNET | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service

Error - 05/09/2013 15:24:17 | Computer Name = PC-INTERNET | Source = Service Control Manager | ID = 7000
Description = Le service lxdnCATSCustConnectService n'a pas pu démarrer en raison
de l'erreur : %%1053

Error - 05/09/2013 15:31:22 | Computer Name = PC-INTERNET | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service

Error - 05/09/2013 15:31:22 | Computer Name = PC-INTERNET | Source = Service Control Manager | ID = 7000
Description = Le service lxdnCATSCustConnectService n'a pas pu démarrer en raison
de l'erreur : %%1053

Error - 06/09/2013 04:18:00 | Computer Name = PC-INTERNET | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service

Error - 06/09/2013 04:18:00 | Computer Name = PC-INTERNET | Source = Service Control Manager | ID = 7000
Description = Le service lxdnCATSCustConnectService n'a pas pu démarrer en raison
de l'erreur : %%1053

Error - 06/09/2013 05:04:41 | Computer Name = PC-INTERNET | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service

Error - 06/09/2013 05:04:41 | Computer Name = PC-INTERNET | Source = Service Control Manager | ID = 7000
Description = Le service lxdnCATSCustConnectService n'a pas pu démarrer en raison
de l'erreur : %%1053

[ TuneUp Events ]
Error - 27/01/2013 12:05:46 | Computer Name = PC-INTERNET | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-01-27 17:05:46', '\device\harddiskvolume1\program
files\death pages - ghost library collector's edition\deathpages_ghostlibraryce.exe','3392',0)

Error - 27/01/2013 12:19:27 | Computer Name = PC-INTERNET | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-01-27 17:19:27', '\device\harddiskvolume1\program
files\death pages - ghost library collector's edition\pwvlscw.exe','4032',0)

Error - 19/02/2013 15:26:52 | Computer Name = PC-INTERNET | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-19 20:26:52', '\device\harddiskvolume1\program
files\enchantia - wrath of the phoenix queen collector's edition\nsmscrw.exe','2312',0)

Error - 19/02/2013 15:26:53 | Computer Name = PC-INTERNET | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-19 20:26:53', '\device\harddiskvolume1\program
files\enchantia - wrath of the phoenix queen collector's edition\nsmscrw.exe','1280',0)

Error - 19/02/2013 15:27:17 | Computer Name = PC-INTERNET | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-19 20:27:17', '\device\harddiskvolume1\program
files\enchantia - wrath of the phoenix queen collector's edition\nsmscrw.exe','640',0)

Error - 20/02/2013 11:31:37 | Computer Name = PC-INTERNET | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-20 16:31:37', '\device\harddiskvolume1\program
files\enchantia - wrath of the phoenix queen collector's edition\enchantia_wrathofthephoenixqueen_ce.exe','3736',0)

Error - 20/02/2013 11:31:37 | Computer Name = PC-INTERNET | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-20 16:31:37', '\device\harddiskvolume1\program
files\enchantia - wrath of the phoenix queen collector's edition\enchantia_wrathofthephoenixqueen_ce.exe','3092',0)

Error - 12/03/2013 11:15:35 | Computer Name = PC-INTERNET | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-03-12 16:15:35', '\device\harddiskvolume1\program
files\enchantia - wrath of the phoenix queen collector's edition\nsmscrw.exe','908',0)

Error - 13/03/2013 12:08:41 | Computer Name = PC-INTERNET | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-03-13 17:08:41', '\device\harddiskvolume2\téléchargements\enchantia
- wrath of the phoenix queen collector's edition\enchantia - wrath of the phoenix
queen collector's edition.exe','2324',0)

Error - 13/03/2013 12:34:33 | Computer Name = PC-INTERNET | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-03-13 17:34:33', '\device\harddiskvolume1\program
files\enchantia - wrath of the phoenix queen collector's edition\nsmscrw.exe','1812',0)

< End of report >
sissi-13
6 sept. 2013 à 12:08
6 sept. 2013 à 12:08
OTL logfile created on: 06/09/2013 11:31:37 - Run 2
OTL by OldTimer - Version Folder = D:\Téléchargements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,51% Memory free
3,85 Gb Paging File | 3,11 Gb Available in Paging File | 80,73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38,39 Gb Total Space | 16,36 Gb Free Space | 42,63% Space Free | Partition Type: NTFS
Drive D: | 36,13 Gb Total Space | 13,02 Gb Free Space | 36,02% Space Free | Partition Type: NTFS

Computer Name: PC-INTERNET | User Name: internet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/09/06 11:00:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Téléchargements\OTL.exe
PRC - [2013/08/31 20:01:52 | 003,233,806 | ---- | M] () -- C:\Program Files\Tor\tor.exe
PRC - [2013/08/20 19:29:33 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/07/03 19:41:12 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/07/03 19:40:36 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/07/03 19:40:30 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/07/03 19:40:29 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/05/28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2011/10/31 08:07:55 | 000,048,128 | R--- | M] (Mobile Leader Co.,Ltd.) -- C:\WINDOWS\system32\ScsiCommandService2.exe
PRC - [2011/10/27 20:43:15 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2010/07/22 16:22:16 | 000,368,640 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-648UBM\WlanCU.exe
PRC - [2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/28 16:12:40 | 000,589,824 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdncoms.exe
PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/08/20 19:29:32 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/07/26 08:49:57 | 016,166,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/04/12 17:49:02 | 000,397,704 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/07/22 16:22:16 | 000,368,640 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-648UBM\WlanCU.exe
MOD - [2010/06/29 14:58:26 | 000,200,704 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-648UBM\WPSCtrl.dll
MOD - [2009/10/09 03:21:00 | 000,233,472 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-648UBM\WlanDll.dll
MOD - [2009/08/13 13:02:22 | 000,147,968 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdndrpp.dll
MOD - [2009/03/24 14:01:00 | 000,233,472 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-648UBM\WlanSup.dll
MOD - [2009/01/23 11:58:00 | 000,212,992 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-648UBM\WlanCtl.dll
MOD - [2008/06/27 10:10:30 | 000,118,784 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-648UBM\WlanWPS.dll
MOD - [2007/12/15 01:30:54 | 001,167,360 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-648UBM\acAuth.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/08/31 20:01:52 | 003,233,806 | ---- | M] () [Auto | Running] -- C:\Program Files\Tor\tor.exe -- (tor)
SRV - [2013/08/20 19:29:32 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/03 19:41:12 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/07/03 19:40:30 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/05/28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/31 08:07:55 | 000,048,128 | R--- | M] (Mobile Leader Co.,Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ScsiCommandService2.exe -- (ScsiCommandService2)
SRV - [2011/10/27 20:43:15 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2011/10/27 20:43:15 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011/07/20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2009/04/28 10:58:26 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2009/02/11 19:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TRENDnet\TEW-648UBM\WLSVC.exe -- (WLSVC)
SRV - [2008/11/12 16:44:18 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007/11/28 16:12:40 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxdncoms.exe -- (lxdn_device)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\LMouKE.sys -- (LMouKE)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/04/12 17:49:27 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/04/12 17:49:27 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/04/12 17:49:27 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/04/12 17:49:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/07/04 13:47:00 | 000,070,400 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandnetndis.sys -- (andnetndis)
DRV - [2012/07/03 11:56:00 | 000,025,856 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandnetadb.sys -- (andnetadb)
DRV - [2012/07/03 11:43:00 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandnetmodem.sys -- (ANDNetModem)
DRV - [2012/07/03 11:43:00 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandnetdiag.sys -- (AndNetDiag)
DRV - [2010/06/15 17:56:04 | 000,894,440 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV - [2009/06/12 17:21:40 | 000,500,096 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2008/04/13 18:55:34 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 09:35:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2008/02/27 10:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2007/12/28 15:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/03/08 14:34:46 | 004,027,840 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2005/08/10 16:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2005/08/10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005/05/16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2002/10/15 00:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\IdeChnDr.sys -- (IdeChnDr)
DRV - [2002/10/15 00:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\IdeBusDr.sys -- (IdeBusDr)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" ={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{83D7517C-A6C1-4F02-AA2C-7F4D61112796}: "URL" ={searchTerms}&{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-602162358-179605362-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-602162358-179605362-725345543-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-602162358-179605362-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" ={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-602162358-179605362-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" ={searchTerms}&{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_frFR465
IE - HKU\S-1-5-21-602162358-179605362-725345543-1004\..\SearchScopes\{83D7517C-A6C1-4F02-AA2C-7F4D61112796}: "URL" ={searchTerms}&{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_frFR465
IE - HKU\S-1-5-21-602162358-179605362-725345543-1004\..\SearchScopes\{B6E759A8-4C14-4214-AC63-CAE6872E6DED}: "URL" ={searchTerms}&r=
IE - HKU\S-1-5-21-602162358-179605362-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - ""
FF - ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - ""
FF - 3128
FF - 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\ C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2013/07/22 21:15:50 | 000,000,000 | ---D | M]

[2012/08/18 11:09:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\internet\Application Data\Mozilla\Extensions
[2012/11/09 17:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\internet\Application Data\Mozilla\Firefox\Profiles\xq71cxli.default\extensions
[2013/05/25 02:00:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Extensions
[2013/05/24 09:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/20 19:29:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2002/08/30 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-179605362-725345543-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-179605362-725345543-1004\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-179605362-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Remplir les formulaires - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Remplir les formulaires - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Sauvegarder - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Enregistrer les formulaires - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Afficher la barret d'outils - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\ (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\ (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07511212-49A0-4124-A8B1-26ABADF15AC1}: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA31EE1B-2B5E-42B1-977B-DA024B9834A3}: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0D48BB6-FFC7-4192-90D2-BA18ACADD720}: DhcpNameServer =
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\internet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\internet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/27 09:58:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/12 14:29:28 | 000,258,048 | ---- | M] () - D:\AutoClick_2.2_6657.exe -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{dd169de0-8df9-11e2-8904-0014d1eb9f48}\Shell - "" = AutoRun
O33 - MountPoints2\{dd169de0-8df9-11e2-8904-0014d1eb9f48}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{e761bcb1-179e-11e2-8816-000c763fc33a}\Shell - "" = AutoRun
O33 - MountPoints2\{e761bcb1-179e-11e2-8816-000c763fc33a}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\ [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/09/06 10:57:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/05 14:50:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\internet\Recent
[2013/08/31 20:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\tor
[2013/08/31 20:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\Tor
[2013/08/26 15:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Lexmark 2600 Series
[2013/08/26 15:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 2600 Series
[2013/08/26 15:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2013/08/26 15:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/09/06 11:15:34 | 000,000,216 | RHS- | M] () -- C:\boot.ini
[2013/09/06 11:03:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/02 03:00:44 | 000,000,514 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2013/09/02 02:40:15 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/30 15:42:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/29 03:39:36 | 000,062,464 | ---- | M] () -- C:\Documents and Settings\internet\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/26 15:43:28 | 000,003,011 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2013/08/23 02:20:54 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2013/08/16 03:01:09 | 000,566,722 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2013/08/16 03:01:09 | 000,494,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/16 03:01:09 | 000,100,972 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2013/08/16 03:01:09 | 000,084,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/03/17 00:13:51 | 000,271,542 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-602162358-179605362-725345543-1004-0.dat
[2013/03/17 00:13:50 | 000,271,542 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/09/27 18:40:11 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2012/08/07 18:15:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\GAME.INI
[2012/08/07 18:08:03 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2012/02/15 04:51:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/30 14:54:25 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2011/10/27 10:46:08 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/27 10:45:00 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/27 10:35:57 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/10/27 10:35:34 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/10/27 10:35:27 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2011/10/27 10:00:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/27 09:55:39 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/20 14:46:39 | 000,062,464 | ---- | C] () -- C:\Documents and Settings\internet\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/19 20:32:58 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2011/10/19 20:02:04 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2012/12/06 00:08:31 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini



"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 19:33:42 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 12:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:33:50 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2013/07/22 22:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2013/03/16 19:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Ultra
[2011/10/19 20:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2011/10/19 20:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2012/04/13 13:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaLife
[2012/08/17 15:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Micro Application
[2013/08/26 15:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2012/08/18 12:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2012/09/15 18:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Software
[2013/08/26 15:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2012/12/19 20:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2013/05/07 22:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/27 20:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/10/27 20:42:36 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2012/08/11 16:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Application Data\Big Fish Games
[2013/02/20 17:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Application Data\Blue Tea Games
[2013/03/11 15:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Application Data\Boomzap
[2013/03/16 20:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Application Data\DAEMON Tools Ultra
[2013/01/27 14:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Application Data\Elephant Games
[2013/01/27 19:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Application Data\ERS Game Studios
[2013/01/12 19:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Application Data\Fenomen Games
[2013/03/17 00:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Application Data\Frogwares
[2013/01/27 18:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Application Data\Gogii Games
[2012/10/24 22:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Application Data\LG Electronics
[2011/10/22 12:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Application Data\MediaLife
[2012/11/23 20:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Application Data\Orneon
[2013/05/07 22:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Application Data\Silverback Games
[2012/12/19 20:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Application Data\SulusGames
[2011/10/27 20:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Application Data\TuneUp Software
[2013/03/11 16:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Application Data\Vast Studios
[2012/08/18 12:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\internet\Application Data\VSRevoGroup
[2013/03/16 20:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\DAEMON Tools Ultra

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A88BE334
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BAC4211
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90D89144
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870649A4
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC9F291E
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43F5FA9D
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF5C005A
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2EDC57C
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B504E4C2
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6345BDA
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D1D487A
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:869C6B4A
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59A6876B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB3667AF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0168CC60
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8DE80DB
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9524D821
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EB93F0E

< End of report >

Malekal_morte-
6 sept. 2013 à 12:11
6 sept. 2013 à 12:11
Plus de détection ?
Tu devrais désinstaller TuneUp, ça sert à rien.
sissi-13
6 sept. 2013 à 12:32
6 sept. 2013 à 12:32
Malekal_morte-
6 sept. 2013 à 12:36
6 sept. 2013 à 12:36
sissi-13
6 sept. 2013 à 12:47
6 sept. 2013 à 12:47
pour l'instant plus rien et j'ai désinstallé tune up ^^
je relance mon pc et je te dis si avira détecte encore quelque chose
sissi-13
6 sept. 2013 à 12:55
6 sept. 2013 à 12:55
quand je suis allée sur poste de travail j'ai eu une alerte encore :-(
je n'ai malheureusement pas eu le temps de voir le detail
Malekal_morte-
6 sept. 2013 à 12:57
6 sept. 2013 à 12:57
Sur l'alerte, faudrait que tu clics sur "plus de détails" et que tu donnes le chemin du fichier détecté.
Ca se peux que ce soit la quarantaine d'AdwCleaner.
sissi-13
6 sept. 2013 à 13:11
6 sept. 2013 à 13:11
je t ai fait une capture d'ecran
Malekal_morte-
6 sept. 2013 à 15:25
6 sept. 2013 à 15:25
c'est quoi le lecteur D ?
sissi-13
6 sept. 2013 à 20:31
6 sept. 2013 à 20:31
c'est un disque dur je te fais une capture d'écran
sissi-13
6 sept. 2013 à 20:35
6 sept. 2013 à 20:35
Malekal_morte-
6 sept. 2013 à 21:05
6 sept. 2013 à 21:05
Ton infection est donc une infection qui se propage par disques amovibles (clefs USB, disque dur externe, carte flash etc..).
Les disques amovibles que tu as insérés dans l'ordinateur quand celui-ci était infecté ont été infectés à leur tour.

Le simple faite d'ouvrir le poste de travail et de double-cliquer sur ta clef USB/disque dur externe va réinfecter ton système.
Tu trouveras un lien explicatif sur la propagation de ces infections, comment s'en protéger etc.... à partir de ces liens :

Il te faut maintenant nettoyer tes clefs USB/disques dur externes, pour cela suis le tutorial USBFix.
Suis bien le tutorial dans l'ordre : Désactive bien Autorun/Autoplay, insère tes clefs USB et disque dur externe que tu as pour les nettoyer.
Poste les rapports sur et donne les adresses.

L'adresse du tutorial :