> Tous les forums > Forum Sécurité
 Adware PrimawegaSujet résolu
Ajouter un message à la discussion
Pages : [1] 2 ... Fin
Page 1 sur 2 [Fin]
wwwiiilll
  Posté le 07/03/2011 @ 00:49 
Aller en bas de la page 
Petit astucien

BONJOUR j ai une fenetre qui s ouvre continuelement dans firefox,il sagit de ADSERVED BY PROFIMUSE,j ai fait la derniere mise a jour de firefox 3.6.15 et ca na rien regler.j ai fait une analyse avec hijackthis voici ce que ca donne...

il y as un programme qui porte le nom de profimuse mais je ne sais pas si c est un virus ou ...

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:28:00, on 3/6/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\Ati2evxx.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\Ati2evxx.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\cisvc.exe

C:\windows\Explorer.EXE

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\hasplms.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\ATnotes\atnotes .exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\windows\system32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\System32\svchost.exe

C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

C:\windows\system32\cidaemon.exe

C:\windows\system32\cidaemon.exe

C:\Program Files\XericDesign\EarthDesk\EarthDesk.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files\Fichiers communs\Apple\Apple Application Support\distnoted.exe

C:\windows\system32\utilman.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT2535290

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Messenger Plus Live CA-EN Toolbar - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll

R3 - URLSearchHook: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSof2.dll

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll

O2 - BHO: Messenger Plus Live CA-EN - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll

O2 - BHO: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSof2.dll

O2 - BHO: profitmuse - {51884eba-69c3-6492-ee43-918f6074797d} - C:\windows\system32\50c5f8b5.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Messenger Plus Live CA-EN Toolbar - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

O3 - Toolbar: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSof2.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll

O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"

O4 - HKLM\..\Run: [Service Scheduler2 Acronis] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\atnotes .exe

O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user')

O4 - S-1-5-18 Startup: EarthDesk.lnk = C:\Program Files\XericDesign\EarthDesk\earthdesk.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: EarthDesk.lnk = C:\Program Files\XericDesign\EarthDesk\earthdesk.exe (User 'Default user')

O4 - Startup: EarthDesk.lnk = C:\Program Files\XericDesign\EarthDesk\earthdesk.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll

O23 - Service: Service Scheduler2 Acronis (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: Service Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskNetSrv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\windows\System32\dmadmin.exe

O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\windows\system32\services.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\windows\system32\imapi.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: Autodesk Moldflow Inventor Tool Suite Integration 2011 Job Manager (mitsijm2011) - Unknown owner - C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\windows\system32\services.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PS3 Media Server - Unknown owner - C:\Program Files\PS3 Media Server\win32\service\wrapper.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\windows\System32\SCardSvr.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\windows\system32\smlogsvc.exe

O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\windows\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

UN GROS MERCI D AVANCE{#}



Modifié par wwwiiilll le 16/03/2011 00:14
Publicité
Banon
 Posté le 07/03/2011 à 04:31 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Cette question serait mieux logée dans la rubrique Sécurité.

koopa
 Posté le 07/03/2011 à 09:24 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

{#}bonjour,

Clique sur le petit triangle jaune afin de faire déplacer ton sujet dans la rubrique sécurité.

Tu liras ceci en attendant une aide : https://forum.pcastuces.com/aide_au_diagnostic_un_pc_infecte_pcastuces-f25s17490.htm



Modifié par koopa le 07/03/2011 09:26
pcastuces
 Posté le 07/03/2011 à 11:31 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Equipe PC Astuces
Bonjour,

Le sujet a été déplacé par la modération dans un forum plus adéquat.

Vous pouvez continuer la discussion à la suite.

A bientôt.
Fill
 Posté le 07/03/2011 à 11:45 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Bonjour,

Commence déjà par au minimum fermer ce processus Torrent : C:\Program Files\uTorrent\uTorrent.exe

Difficile d'envisager une désinfection avec du téléchargement en cours. Lem ieux étant de supprimer ce genre de programmes, vecteur d'infection N°1.

Fill

wwwiiilll
 Posté le 07/03/2011 à 12:01 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

nouveau rapport

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 05:55:19, on 3/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\cisvc.exe
C:\windows\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\ATnotes\atnotes .exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\windows\system32\cidaemon.exe
C:\windows\system32\cidaemon.exe
C:\windows\system32\utilman.exe
c:\program files\fichiers communs\installshield\updateservice\isuspm.exe
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://search.conduit.com/?SearchSource=10&ctid=CT2535290
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Messenger Plus Live CA-EN Toolbar -

{437c4386-9237-441f-a940-009430030ee0} - C:\Program

Files\Messenger_Plus_Live_CA-EN\tbMes1.dll
R3 - URLSearchHook: Softonic_France Toolbar -

{4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program

Files\Softonic_France\tbSof2.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} -

C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -

C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} -

C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: Messenger Plus Live CA-EN - {437c4386-9237-441f-a940-009430030ee0} -

C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll
O2 - BHO: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} -

C:\Program Files\Softonic_France\tbSof2.dll
O2 - BHO: profitmuse - {51884eba-69c3-6492-ee43-918f6074797d} -

C:\windows\system32\50c5f8b5.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -

C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention -

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet

Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program

Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers

communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper -

{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows

Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program

Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068}

- C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Messenger Plus Live CA-EN Toolbar -

{437c4386-9237-441f-a940-009430030ee0} - C:\Program

Files\Messenger_Plus_Live_CA-EN\tbMes1.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -

C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O3 - Toolbar: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352}

- C:\Program Files\Softonic_France\tbSof2.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} -

C:\Program Files\ConduitEngine\ConduitEngin0.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program

Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Service Scheduler2 Acronis] "C:\Program Files\Fichiers

communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup]

C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers

communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI

Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program

Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers

communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\atnotes .exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user')
O4 - S-1-5-18 Startup: EarthDesk.lnk = C:\Program

Files\XericDesign\EarthDesk\earthdesk.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: EarthDesk.lnk = C:\Program

Files\XericDesign\EarthDesk\earthdesk.exe (User 'Default user')
O4 - Startup: EarthDesk.lnk = C:\Program

Files\XericDesign\EarthDesk\earthdesk.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network

Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui -

{438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant -

{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Service Scheduler2 Acronis (AcrSch2Svc) - Acronis - C:\Program

Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Service Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program

Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers

communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers

communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program

Files\Fichiers communs\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique

(dmadmin) - Unknown owner - C:\windows\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner -

C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner -

C:\windows\system32\services.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program

Files\Fichiers communs\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner -

C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd.

- C:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown

owner - C:\windows\system32\imapi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems,

Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program

Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. -

C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Autodesk Moldflow Inventor Tool Suite Integration 2011 Job Manager

(mitsijm2011) - Unknown owner - C:\Program Files\Autodesk\Inventor

2011\Moldflow\bin\mitsijm.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown

owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers

communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program

Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program

Files\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner -

C:\windows\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PS3 Media Server - Unknown owner - C:\Program Files\PS3 Media

Server\win32\service\wrapper.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr)

- Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner -

C:\windows\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner -

C:\windows\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner -

C:\windows\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner -

C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 13817 bytes

Fill
 Posté le 07/03/2011 à 12:06 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re,

On va tester en effet le fichier que tu as mis en rouge. Google n'est pas bavard pour ce qui le concerne. C'est mauvais signe.

1/

  • Peux-tu tester ceci : C:\windows\system32\50c5f8b5.dll
  • Clique sur ce lien.
  • Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
  • Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.
  • Tu peux t'aider de ce tuto pour cela.

2/

  • Télécharge DeFogger de Jpshortstuff sur ton Bureau,
  • Double-clique sur DeFogger.exe pour démarrer l'outil (ou clic droit et exécuter en tant qu'administrateur sous Vista),
  • La fenêtre de DeFogger apparait,
  • Clique sur Disable pour désactiver les drivers d'émulateurs CD,
  • Clique sur Yes pour continuer,
  • Un message "Finished" apparaîtra,
  • Clique sur OK,
  • DeFogger va demander de redémarrer le pc,
  • Ne réactive pas les drivers avant que te le demande.

3/

  • Télécharge OTL (de Old_Timer) sur ton bureau,
  • Double-clique sur son icône pour le démarrer. Si tu es sous Vista ou 7, démarre par clic droit, exécuter en tant qu'administrateur. Assure toi d'avoir fermé le maximum de fenêtres ouvertes, avant ce qui suit.
  • Coche la case "Tous les utilisateurs",
  • Sous l'emplacement "Personnalisation", copie colle le contenu ce qui suit :

netsvcs
drivers32
SAVEMBR:0
%SYSTEMDRIVE%\*.exe
%APPDATA%\*.exe
/md5start
Magnify.exe
explorer.exe
winlogon.exe
wininit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

  • Clique ensuite sur le bouton "Analyse" puis patiente pour que l'outil analyse le pc. Cela peut durer quelques minutes, selon l'état du système.
  • A la fin de l'analyse, la fenêtre du bloc-note s'ouvre. Elle s'appelle OTL.txt
  • Copie-colle ce texte dans ta prochaine réponse. Si un message d'erreur apparait, c'est parce que le rapport est trop long. Il faut alors l'éditer en plusieurs messages sans rien oublier.
  • Pour sélectionner le texte : CTRL+A
  • Pour copier le texte sélectionné : CTRL+C,
  • Pour coller le texte dans ta prochaine réponse : CRTL+V

Fill

wwwiiilll
 Posté le 07/03/2011 à 12:18 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

merci pour ton aides...mais je dois m en aller travailler...je vais essayer en rentrant du travaille

wwwiiilll
 Posté le 07/03/2011 à 22:49 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

rapport virustotal sur le fichier 50c5f8b5.dll

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
50c5f8b5.dll
Submission date:
2011-03-07 21:02:51 (UTC)
Current status:
queued (#13) queued analysing finished
Result:
2/ 43 (4.7%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.03.07.06 2011.03.07 -
AntiVir 7.11.4.100 2011.03.07 -
Antiy-AVL 2.0.3.7 2011.03.06 -
Avast 4.8.1351.0 2011.03.07 -
Avast5 5.0.677.0 2011.03.07 -
AVG 10.0.0.1190 2011.03.07 -
BitDefender 7.2 2011.03.07 -
CAT-QuickHeal 11.00 2011.03.07 -
ClamAV 0.96.4.0 2011.03.07 -
Commtouch 5.2.11.5 2011.03.07 -
Comodo 7907 2011.03.07 -
DrWeb 5.0.2.03300 2011.03.07 -
Emsisoft 5.1.0.2 2011.03.07 Riskware.AdWare.Win32.EZula!IK
eSafe 7.0.17.0 2011.03.07 -
eTrust-Vet 36.1.8200 2011.03.07 -
F-Prot 4.6.2.117 2011.03.07 -
F-Secure 9.0.16440.0 2011.03.07 -
Fortinet 4.2.254.0 2011.03.07 -
GData 21 2011.03.07 -
Ikarus T3.1.1.97.0 2011.03.07 not-a-virus:AdWare.Win32.EZula
Jiangmin 13.0.900 2011.03.07 -
K7AntiVirus 9.92.4048 2011.03.07 -
Kaspersky 7.0.0.125 2011.03.07 -
McAfee 5.400.0.1158 2011.03.07 -
McAfee-GW-Edition 2010.1C 2011.03.07 -
Microsoft 1.6603 2011.03.07 -
NOD32 5934 2011.03.07 -
Norman 6.07.03 2011.03.07 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.03.07 -
PCTools 7.0.3.5 2011.03.07 -
Prevx 3.0 2011.03.07 -
Rising 23.48.00.06 2011.03.07 -
Sophos 4.63.0 2011.03.07 -
SUPERAntiSpyware 4.40.0.1006 2011.03.07 -
Symantec 20101.3.0.103 2011.03.07 -
TheHacker 6.7.0.1.145 2011.03.06 -
TrendMicro 9.200.0.1012 2011.03.07 -
TrendMicro-HouseCall 9.200.0.1012 2011.03.07 -
VBA32 3.12.14.3 2011.03.04 -
VIPRE 8630 2011.03.07 -
ViRobot 2011.3.7.4345 2011.03.07 -
VirusBuster 13.6.239.0 2011.03.07 -

Publicité
wwwiiilll
 Posté le 08/03/2011 à 00:28 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

rapport otl 1 de 2

OTL logfile created on: 3/7/2011 17:29:02 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Alain\Mes documents\Téléchargements
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 129.05 Gb Total Space | 53.35 Gb Free Space | 41.34% Space Free | Partition Type: NTFS
Drive E: | 232.86 Gb Total Space | 64.61 Gb Free Space | 27.75% Space Free | Partition Type: NTFS
Drive F: | 232.90 Gb Total Space | 56.40 Gb Free Space | 24.22% Space Free | Partition Type: NTFS
Drive I: | 7.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DELL-DIM5150 | User Name: Alain | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011/03/07 16:24:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alain\Mes documents\Téléchargements\OTL.exe
PRC - [2011/03/05 19:08:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/03 10:43:53 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe
PRC - [2011/02/18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/02/18 11:00:28 | 001,654,424 | ---- | M] (Xeric Design, Ltd.) -- C:\Program Files\XericDesign\EarthDesk\earthdesk.exe
PRC - [2011/02/01 21:11:28 | 000,391,120 | ---- | M] (Acronis) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
PRC - [2011/02/01 21:11:26 | 000,804,928 | ---- | M] (Acronis) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
PRC - [2011/02/01 21:10:58 | 005,582,392 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/11/16 04:19:56 | 002,570,080 | ---- | M] (Acronis) -- C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010/09/27 13:49:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/09/27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/05/31 10:31:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2010/01/22 11:42:06 | 000,462,336 | ---- | M] () -- C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
PRC - [2009/05/15 06:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/13 18:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/19 11:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2007/10/12 07:34:56 | 000,071,096 | ---- | M] () -- C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
PRC - [2005/01/05 14:45:36 | 001,015,808 | ---- | M] (Thomas Ascher) -- C:\Program Files\ATnotes\atnotes .exe
PRC - [2004/08/09 05:03:38 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011/03/07 16:24:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alain\Mes documents\Téléchargements\OTL.exe
MOD - [2010/09/20 14:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\asoehook.dll
MOD - [2010/08/23 11:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/11 23:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/11 23:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011/03/03 10:43:53 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/02/18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/02/01 21:11:26 | 000,804,928 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/09/27 13:49:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/09/27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/09/07 21:07:16 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/05/31 10:31:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/05/20 16:26:04 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2010/01/22 11:42:06 | 000,462,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe -- (mitsijm2011)
SRV - [2009/05/15 06:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/08/17 03:40:50 | 000,217,088 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2008/06/05 23:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2008/03/19 11:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\windows\System32\hasplms.exe -- (hasplms)
SRV - [2007/10/12 07:34:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/03/03 10:44:02 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2011/03/03 10:43:41 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2011/03/03 10:43:39 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011/03/03 10:43:03 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011/02/25 16:59:12 | 000,800,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20110225.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/12/16 17:22:06 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20110307.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/16 17:22:06 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20110307.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/08 19:50:31 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20110303.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/09/27 13:50:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/07/28 10:06:33 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/28 10:06:33 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/28 09:49:10 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/31 10:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/05/31 10:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/05/05 23:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\NIS\1108000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/05/05 23:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/05/05 23:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/11 02:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/12/18 17:36:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/10/14 15:17:34 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/09/26 23:20:13 | 000,009,887 | ---- | M] (Ken Kato) [Kernel | On_Demand | Stopped] -- F:\mitchell\Shared\Workstation\Virtual_Floppy_Driver-2\vfd.sys -- (VirtualFD)
DRV - [2009/07/16 23:56:53 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/10 15:25:07 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/06/11 15:33:40 | 000,104,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/01/08 17:00:54 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DsAudioDevice_282.sys -- (DsAudioDevice_282)
DRV - [2008/12/10 15:56:26 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/06/12 09:46:40 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2008/04/13 10:56:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/18 14:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/02/11 14:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007/12/31 15:19:50 | 000,461,056 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC230NC.SYS -- (SPC230NC)
DRV - [2007/11/01 17:53:20 | 000,042,880 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vacs2xkd.sys -- (EuMusDesignVirtualAudioCableWdm_s2x) Sound2x Audio Cable (WDM)
DRV - [2007/09/26 13:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV - [2007/01/24 13:45:28 | 000,067,584 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2006/09/22 13:06:10 | 000,092,160 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/03/24 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006/03/24 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2004/11/19 17:07:00 | 000,101,488 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys -- (LF30FS)
DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT2535290
IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/defaultf.aspx?lang=fr-ca&OCID=iehp
IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ca
IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 F4 06 54 38 FF CA 01 [binary data]
IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\..\URLSearchHook: {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSof2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live CA-EN Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {437c4386-9237-441f-a940-009430030ee0}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {d6a7220f-27cd-ac7b-b672-30020af63b5c}:4.6.7.4
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2010/07/29 16:34:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\ [2010/07/28 09:49:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/07 08:13:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 19:08:27 | 000,000,000 | ---D | M]

[2010/04/05 09:46:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Extensions
[2009/07/07 15:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/07 16:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions
[2010/12/10 05:26:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/02 17:54:23 | 000,000,000 | ---D | M] (Softonic_France Toolbar) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{364d4e0c-543f-4b85-abe3-19551139da4f}
[2011/02/18 12:02:32 | 000,000,000 | ---D | M] (Messenger Plus Live CA-EN Community Toolbar) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{437c4386-9237-441f-a940-009430030ee0}
[2010/04/05 09:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2010/12/24 06:38:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/01 08:43:01 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/02/21 08:11:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\engine@conduit.com
[2010/04/05 09:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\personas@christopher.beard
[2010/04/01 13:19:10 | 000,000,953 | ---- | M] () -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\searchplugins\conduit.xml
[2010/12/17 17:15:50 | 000,002,358 | ---- | M] () -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\searchplugins\google-dictionary-english-french.xml
[2011/01/07 05:47:19 | 000,012,703 | ---- | M] () -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\searchplugins\imdb.xml
[2011/03/07 16:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/25 22:19:19 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{d6a7220f-27cd-ac7b-b672-30020af63b5c}
[2010/07/29 13:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\info@finbu.com
[2010/07/28 09:49:33 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\COFFPLGN
[2010/07/29 16:34:45 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPLGN
[2010/03/21 20:32:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2007/02/04 22:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2011/03/05 19:08:22 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2011/03/05 19:08:22 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/03/05 19:08:22 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2011/03/05 19:08:22 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2011/03/05 19:08:22 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/04/13 21:12:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live CA-EN Toolbar) - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSof2.dll (Conduit Ltd.)
O2 - BHO: (profitmuse) - {51884eba-69c3-6492-ee43-918f6074797d} - C:\WINDOWS\system32\50c5f8b5.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live CA-EN Toolbar) - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-1060284298-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-1060284298-839522115-1003\..\Toolbar\WebBrowser: (Messenger Plus Live CA-EN Toolbar) - {437C4386-9237-441F-A940-009430030EE0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-823518204-1060284298-839522115-1003\..\Toolbar\WebBrowser: (Softonic_France Toolbar) - {4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - C:\Program Files\Softonic_France\tbSof2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-823518204-1060284298-839522115-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Service Scheduler2 Acronis] C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-823518204-1060284298-839522115-1003..\Run: [ATnotes.exe] C:\Program Files\ATnotes\atnotes .exe (Thomas Ascher)
O4 - HKU\.DEFAULT..\RunOnce: [Magnify] C:\windows\System32\magnify.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [Magnify] C:\windows\System32\magnify.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-823518204-1060284298-839522115-1003..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil10m_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Alain\Menu Démarrer\Programmes\Démarrage\EarthDesk.lnk = C:\Program Files\XericDesign\EarthDesk\earthdesk.exe (Xeric Design, Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-1060284298-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-1060284298-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-823518204-1060284298-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-823518204-1060284298-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\windows\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Alain\Application Data\XericDesign\EarthDesk\5.0\EarthDeskWallpaper180E45A0.BMP
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alain\Application Data\XericDesign\EarthDesk\5.0\EarthDeskWallpaper180E45A0.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/31 20:52:28 | 000,000,000 | ---D | M] - F:\autocad -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.WMV3 - C:\windows\System32\wmv9vcm.dll (Microsoft Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

wwwiiilll
 Posté le 08/03/2011 à 00:30 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

2/2



[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/03/05 17:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\iTunes
[2011/03/03 10:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alain\Application Data\64F8BC8A-3C16-4DC0-BD9D-29D37923FC37
[2011/03/01 09:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CCleaner
[2011/02/24 18:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alain\Application Data\XericDesign
[2011/02/24 18:56:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\EarthDesk
[2011/02/24 18:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\XericDesign
[2011/02/22 17:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common~1
[2011/02/22 17:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Ford Motor Company
[2011/02/22 17:13:37 | 000,000,000 | ---D | C] -- C:\TSO
[2011/02/18 07:09:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Alain\Recent
[2009/12/30 06:58:28 | 000,718,232 | ---- | C] (Pelmorex Media Inc.) -- C:\Program Files\weathereye .exe
[2009/12/30 06:58:27 | 004,026,672 | ---- | C] (Pelmorex Media Inc.) -- C:\Program Files\WeatherEye.dll
[2009/07/14 20:37:38 | 000,122,880 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\Veui32.dll
[2009/07/14 20:37:38 | 000,110,592 | ---- | C] (Ulead Systems, Inc) -- C:\Program Files\wUfoComp.dll
[2009/07/14 20:37:38 | 000,032,768 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\Vepb40.dll
[2009/07/14 20:37:38 | 000,028,672 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\VFX32.dll
[2009/07/14 20:37:37 | 000,163,840 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\UssCvt.dll
[2009/07/14 20:37:37 | 000,045,056 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\USSGifsa.dll
[2009/07/14 20:37:37 | 000,036,864 | ---- | C] (Ulead Systems, Inc) -- C:\Program Files\uwUpdate.dll
[2009/07/14 20:37:36 | 000,135,168 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\uRender.dll
[2009/07/14 20:37:35 | 000,081,920 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\ucp1.ucp
[2009/07/14 20:37:35 | 000,028,672 | ---- | C] (Ulead Systems, Inc) -- C:\Program Files\ucsRWUFO.dll
[2009/07/14 20:37:34 | 000,802,816 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Prod.dll
[2009/07/14 20:37:34 | 000,180,224 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32video.dll
[2009/07/14 20:37:33 | 000,221,184 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Fido.dll
[2009/07/14 20:37:33 | 000,114,688 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32File.dll
[2009/07/14 20:37:33 | 000,110,592 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Comm.dll
[2009/07/14 20:37:33 | 000,032,768 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Misc.dll
[2009/07/14 20:37:32 | 000,348,160 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Cfg.dll
[2009/07/14 20:37:32 | 000,241,664 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Base.dll
[2009/07/14 20:37:32 | 000,135,168 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Clips.dll
[2009/07/14 20:37:32 | 000,045,056 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Brows.dll
[2009/07/14 20:37:31 | 000,344,064 | ---- | C] (Ulead Systems) -- C:\Program Files\mpg_hvd.dll
[2009/07/14 20:37:31 | 000,077,824 | ---- | C] (Ulead Systems, Inc) -- C:\Program Files\OLREG.EXE
[2009/07/14 20:37:30 | 001,654,784 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\ga_main.exe
[2009/07/14 20:37:30 | 000,077,824 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\anigen.exe
[2009/07/14 20:33:44 | 000,054,272 | R--- | C] (InstallShield Software Corporation) -- C:\Program Files\Setup_1.exe
[2009/07/05 09:00:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Alain\Application Data\pcouffin.sys
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/03/07 17:29:55 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/03/07 17:07:00 | 000,001,052 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/07 16:17:34 | 000,000,312 | ---- | M] () -- C:\windows\tasks\GlaryInitialize.job
[2011/03/07 16:17:23 | 000,001,048 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/07 16:17:02 | 000,012,598 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2011/03/07 16:16:58 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/03/07 11:18:34 | 000,000,402 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{2011F957-2727-45BA-97B4-FD75AF3DBA48}.job
[2011/03/07 05:41:58 | 000,000,390 | ---- | M] () -- C:\windows\tasks\GlaryOneClickOptimizer.job
[2011/03/06 07:34:49 | 000,000,570 | ---- | M] () -- C:\windows\tasks\Norton Internet Security - Alain - Analyse complète du système.job
[2011/03/05 23:47:22 | 000,213,504 | ---- | M] () -- C:\Documents and Settings\Alain\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/05 18:56:50 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Alain\Menu Démarrer\Programmes\Démarrage\EarthDesk.lnk
[2011/03/05 17:31:39 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2011/03/03 10:51:59 | 000,551,532 | ---- | M] () -- C:\windows\System32\perfh00C.dat
[2011/03/03 10:51:59 | 000,483,332 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/03/03 10:51:59 | 000,099,222 | ---- | M] () -- C:\windows\System32\perfc00C.dat
[2011/03/03 10:51:59 | 000,086,384 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/03/03 10:51:58 | 000,464,238 | ---- | M] () -- C:\windows\System32\perfh040.dat
[2011/03/03 10:51:58 | 000,063,140 | ---- | M] () -- C:\windows\System32\perfc040.dat
[2011/03/03 10:44:02 | 000,167,968 | ---- | M] (Acronis) -- C:\windows\System32\drivers\afcdp.sys
[2011/03/03 10:43:41 | 000,752,128 | ---- | M] (Acronis) -- C:\windows\System32\drivers\tdrpm273.sys
[2011/03/03 10:43:39 | 000,600,928 | ---- | M] (Acronis) -- C:\windows\System32\drivers\timntr.sys
[2011/03/03 10:43:03 | 000,170,528 | ---- | M] (Acronis) -- C:\windows\System32\drivers\snapman.sys
[2011/02/25 22:19:20 | 000,125,926 | ---- | M] () -- C:\windows\System32\f8b114cd.exe
[2011/02/22 17:15:02 | 000,004,205 | ---- | M] () -- C:\windows\ODBCINST.INI
[2011/02/21 18:37:15 | 000,049,084 | ---- | M] () -- C:\windows\od5.ini
[2011/02/21 05:56:23 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Safari.lnk
[2011/02/21 05:56:23 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Alain\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/02/16 10:01:12 | 002,646,528 | ---- | M] () -- C:\windows\System32\50c5f8b5.dll
[2011/02/14 05:37:57 | 000,167,207 | ---- | M] () -- C:\Documents and Settings\Alain\Bureau\calendriertremplin2010-2011.pdf
[2011/02/09 17:27:33 | 002,525,000 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/02/06 15:10:07 | 000,001,023 | ---- | M] () -- C:\Documents and Settings\Alain\Bureau\Raccourci vers PDFXCview.exe (2).lnk
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/03/07 16:28:57 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/03/05 18:56:50 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Alain\Menu Démarrer\Programmes\Démarrage\EarthDesk.lnk
[2011/03/05 17:31:38 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2011/02/25 22:19:20 | 000,125,926 | ---- | C] () -- C:\windows\System32\f8b114cd.exe
[2011/02/21 05:56:23 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Safari.lnk
[2011/02/16 10:01:12 | 002,646,528 | ---- | C] () -- C:\windows\System32\50c5f8b5.dll
[2011/02/14 05:37:57 | 000,167,207 | ---- | C] () -- C:\Documents and Settings\Alain\Bureau\calendriertremplin2010-2011.pdf
[2011/02/06 15:10:07 | 000,001,023 | ---- | C] () -- C:\Documents and Settings\Alain\Bureau\Raccourci vers PDFXCview.exe (2).lnk
[2011/01/01 17:38:05 | 000,004,312 | ---- | C] () -- C:\windows\System32\RW_{D70944CE-6818-11DE-A8BE-001372DDBB75}.dat
[2010/11/11 05:24:51 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/11/11 05:19:34 | 000,593,920 | ---- | C] () -- C:\windows\System32\ati2sgag.exe
[2010/11/10 06:01:28 | 000,000,000 | ---- | C] () -- C:\windows\InvTXTStack.INI
[2010/08/18 05:06:24 | 000,484,352 | ---- | C] () -- C:\windows\System32\lame_enc.dll
[2010/08/17 19:49:20 | 000,020,992 | ---- | C] () -- C:\windows\jestertb.dll
[2010/07/21 12:42:09 | 000,129,024 | ---- | C] () -- C:\windows\System32\AVERM.dll
[2010/07/17 09:37:08 | 000,891,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/16 20:05:30 | 000,000,130 | -H-- | C] () -- C:\Documents and Settings\Alain\Application Data\lakerda1967.sys
[2010/05/12 21:08:24 | 018,499,623 | ---- | C] () -- C:\Program Files\vlc-1.0.5-win32.exe
[2010/05/01 05:40:04 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\inst.exe
[2010/04/28 19:39:13 | 000,003,840 | ---- | C] () -- C:\windows\System32\drivers\BANTExt.sys
[2010/04/28 16:29:57 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\docXConverter (3).ini
[2010/04/23 22:15:05 | 000,000,168 | ---- | C] () -- C:\windows\System32\RW_{4AEDA20A-6805-11DE-A8B7-806D6172696F}.dat
[2010/04/20 12:09:25 | 000,044,521 | ---- | C] () -- C:\Program Files\GUYLAINE 2009.u09
[2010/04/13 19:42:12 | 000,004,256 | ---- | C] () -- C:\windows\System32\RW_{4AEDA20B-6805-11DE-A8B7-806D6172696F}.dat
[2010/03/29 19:14:23 | 000,000,000 | ---- | C] () -- C:\windows\System32\cd.dat
[2010/03/20 21:50:32 | 000,000,476 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\default.rss
[2010/03/20 21:50:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\downloads.m3u
[2010/03/20 21:36:59 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2010/03/20 21:22:15 | 000,254,238 | ---- | C] () -- C:\windows\System32\RW_AppData.dat
[2010/03/20 21:22:15 | 000,094,480 | ---- | C] () -- C:\windows\System32\RW_FileType.dat
[2010/03/20 21:22:15 | 000,008,344 | ---- | C] () -- C:\windows\System32\RW_{E487744A-67C1-11DE-9F6A-806D6172696F}.dat
[2010/03/20 21:22:15 | 000,000,972 | ---- | C] () -- C:\windows\System32\RW_FileFlag.dat
[2010/03/20 21:15:08 | 000,004,767 | ---- | C] () -- C:\windows\Irremote.ini
[2010/02/10 23:12:00 | 003,107,788 | ---- | C] () -- C:\windows\System32\ativva5x.dat
[2010/02/10 23:12:00 | 000,887,724 | ---- | C] () -- C:\windows\System32\ativva6x.dat
[2010/02/08 05:46:37 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\wklnhst.dat
[2010/01/14 18:28:09 | 000,464,238 | ---- | C] () -- C:\windows\System32\perfh040.dat
[2010/01/14 18:28:09 | 000,063,140 | ---- | C] () -- C:\windows\System32\perfc040.dat
[2010/01/14 05:32:59 | 000,037,888 | ---- | C] () -- C:\windows\System32\setupnt.dll
[2009/12/30 18:56:33 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\Settings.cfg
[2009/12/30 06:58:28 | 000,005,403 | ---- | C] () -- C:\Program Files\WeatherEye.daz
[2009/11/27 22:03:01 | 000,087,924 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2009/11/05 06:01:41 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\xpy.ini
[2009/11/04 06:07:18 | 130,284,263 | ---- | C] () -- C:\Program Files\java_ee_sdk-5_01-windows.exe
[2009/10/25 14:58:19 | 012,802,048 | ---- | C] () -- C:\Program Files\GoogleEarthProWin.exe
[2009/10/14 15:33:36 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Alain\Local Settings\Application Data\fusioncache.dat
[2009/10/14 15:17:34 | 000,000,383 | ---- | C] () -- C:\windows\System32\haspdos.sys
[2009/10/08 17:39:42 | 000,000,009 | -H-- | C] () -- C:\windows\System32\wxmmin.dll
[2009/09/27 13:31:25 | 000,000,048 | ---- | C] () -- C:\windows\PickList.ini
[2009/09/27 13:30:42 | 000,049,084 | ---- | C] () -- C:\windows\od5.ini
[2009/09/09 06:42:00 | 000,000,221 | ---- | C] () -- C:\windows\NCLogConfig.ini
[2009/08/25 20:12:23 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2009/08/14 06:40:54 | 000,001,324 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2009/08/12 17:22:50 | 000,000,067 | ---- | C] () -- C:\windows\Easy Avi Divx Xvid to DVD Burner.INI
[2009/07/21 21:52:11 | 001,454,671 | ---- | C] () -- C:\Program Files\lockfldr.exe
[2009/07/16 14:48:35 | 000,000,905 | ---- | C] () -- C:\windows\my.ini
[2009/07/14 20:37:48 | 000,000,352 | ---- | C] () -- C:\windows\ULEAD32.INI
[2009/07/14 20:37:36 | 000,237,568 | ---- | C] () -- C:\Program Files\UpiCtrl.dll
[2009/07/14 20:37:36 | 000,053,248 | ---- | C] () -- C:\Program Files\UFCCOMM.dll
[2009/07/14 20:37:36 | 000,036,864 | ---- | C] () -- C:\Program Files\UFCCOLOR.dll
[2009/07/14 20:37:35 | 000,040,960 | ---- | C] () -- C:\Program Files\UAboutbox.dll
[2009/07/14 20:37:35 | 000,032,768 | ---- | C] () -- C:\Program Files\UFCBUF.dll
[2009/07/14 20:37:33 | 000,002,396 | -H-- | C] () -- C:\Program Files\U32FILE.CFG
[2009/07/14 20:37:31 | 000,167,936 | ---- | C] () -- C:\Program Files\sepa.dll
[2009/07/14 20:37:30 | 000,081,920 | ---- | C] () -- C:\Program Files\EXE.UXE
[2009/07/14 20:37:30 | 000,003,766 | ---- | C] () -- C:\Program Files\iearrowhead.dat
[2009/07/14 20:37:30 | 000,003,507 | ---- | C] () -- C:\Program Files\IEDEFORM.DAT
[2009/07/14 20:33:44 | 000,417,764 | R--- | C] () -- C:\Program Files\Setup.bmp
[2009/07/14 20:33:44 | 000,339,565 | R--- | C] () -- C:\Program Files\ikernel.ex_
[2009/07/14 20:33:44 | 000,175,704 | R--- | C] () -- C:\Program Files\setup.inx
[2009/07/14 20:33:44 | 000,000,455 | R--- | C] () -- C:\Program Files\layout.bin
[2009/07/14 20:33:44 | 000,000,094 | R--- | C] () -- C:\Program Files\Setup.ini
[2009/07/12 07:16:53 | 000,151,552 | ---- | C] () -- C:\windows\System32\SSCoInst.exe
[2009/07/12 07:16:53 | 000,135,168 | ---- | C] () -- C:\windows\System32\SVSetup.Exe
[2009/07/12 07:16:53 | 000,053,248 | ---- | C] () -- C:\windows\System32\SVSetup.dll
[2009/07/12 07:16:52 | 000,057,344 | ---- | C] () -- C:\windows\System32\SSCoInst.dll
[2009/07/12 07:16:48 | 000,020,594 | ---- | C] () -- C:\windows\System32\Dels3LMK.DLL
[2009/07/11 07:06:49 | 000,029,656 | ---- | C] () -- C:\windows\System32\Lanceur2.exe
[2009/07/11 07:06:47 | 000,053,248 | ---- | C] () -- C:\windows\System32\ArmAccess.dll
[2009/07/10 20:54:52 | 000,213,504 | ---- | C] () -- C:\Documents and Settings\Alain\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/08 20:56:37 | 000,129,318 | ---- | C] () -- C:\windows\hpoins11.dat
[2009/07/08 20:32:53 | 000,077,824 | ---- | C] () -- C:\windows\System32\HPZIDS01.dll
[2009/07/08 19:05:25 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2009/07/07 18:46:03 | 000,000,842 | ---- | C] () -- C:\windows\System32\SPC230NC.INI
[2009/07/06 20:42:18 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll
[2009/07/06 20:42:16 | 000,007,023 | ---- | C] () -- C:\windows\mgxoschk.ini
[2009/07/05 09:01:12 | 000,001,173 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\vso_ts_preview.xml
[2009/07/05 09:00:49 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\pcouffin.cat
[2009/07/05 09:00:48 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\pcouffin.inf
[2009/07/04 13:00:55 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2009/07/03 14:33:00 | 000,189,051 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/07/03 11:51:34 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/03 11:24:09 | 000,021,892 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2009/07/03 06:19:09 | 000,004,205 | ---- | C] () -- C:\windows\ODBCINST.INI
[2009/07/03 06:18:04 | 002,525,000 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2007/07/29 14:57:12 | 000,454,656 | ---- | C] () -- C:\windows\System32\PaintX.dll
[2006/05/05 05:20:40 | 000,011,634 | ---- | C] () -- C:\windows\hpomdl11.dat
[2006/03/24 07:00:00 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2006/03/24 07:00:00 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2006/03/24 07:00:00 | 000,551,532 | ---- | C] () -- C:\windows\System32\perfh00C.dat
[2006/03/24 07:00:00 | 000,483,332 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2006/03/24 07:00:00 | 000,322,810 | ---- | C] () -- C:\windows\System32\perfi00C.dat
[2006/03/24 07:00:00 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2006/03/24 07:00:00 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2006/03/24 07:00:00 | 000,099,222 | ---- | C] () -- C:\windows\System32\perfc00C.dat
[2006/03/24 07:00:00 | 000,086,384 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2006/03/24 07:00:00 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2006/03/24 07:00:00 | 000,034,108 | ---- | C] () -- C:\windows\System32\perfd00C.dat
[2006/03/24 07:00:00 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2006/03/24 07:00:00 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2006/03/24 07:00:00 | 000,004,461 | ---- | C] () -- C:\windows\System32\oembios.dat
[2006/03/24 07:00:00 | 000,001,804 | ---- | C] () -- C:\windows\System32\dcache.bin
[2006/03/24 07:00:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
[2005/03/20 20:25:52 | 028,476,483 | ---- | C] () -- C:\Program Files\Ulead Gif Animator 5 Full.exe
[2001/07/07 02:00:00 | 000,003,279 | ---- | C] () -- C:\windows\System32\HPTCPMON.INI
[1998/10/27 00:00:00 | 001,691,408 | ---- | C] () -- C:\windows\System32\MSO97V.DLL
[1998/10/27 00:00:00 | 000,022,016 | ---- | C] () -- C:\windows\System32\DOCOBJ.DLL
[1998/10/27 00:00:00 | 000,016,384 | ---- | C] () -- C:\windows\System32\MSORFS.DLL
[1998/10/27 00:00:00 | 000,012,288 | ---- | C] () -- C:\windows\System32\HLINKPRX.DLL
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\windows\System32\giveio.sys

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< %APPDATA%\*.exe >[/color]
[2010/07/17 14:46:22 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Alain\Application Data\inst.exe


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2006/03/24 07:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 18:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 18:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2006/03/24 07:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 18:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 18:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Alain\Mes documents\My Drivers\hdc\primary_ide_channel\atapi.sys
[2008/04/13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Alain\Mes documents\My Drivers\hdc\secondary_ide_channel\atapi.sys
[2008/04/13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/03/24 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2006/03/24 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 18:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2006/03/24 07:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 18:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 18:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/13 18:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[color=#A23BEC]< MD5 for: MAGNIFY.EXE >[/color]
[2009/11/11 16:26:20 | 000,735,088 | ---- | M] (Microsoft Corporation) MD5=991D8FEC45A8E90D1D7E07C9008BDB59 -- C:\Program Files\Microsoft IntelliPoint\Components\Commands\DPGMgy\magnify.exe
[2006/03/24 07:00:00 | 000,073,216 | ---- | M] (Microsoft Corporation) MD5=A76B6B35E664B314A28CA70A5E6DCB25 -- C:\WINDOWS\$NtServicePackUninstall$\magnify.exe
[2008/04/13 18:34:12 | 000,073,216 | ---- | M] (Microsoft Corporation) MD5=A9FC4E6AC1D1A2A35E01D76D399C1D3D -- C:\WINDOWS\ServicePackFiles\i386\magnify.exe
[2008/04/13 18:34:12 | 000,073,216 | ---- | M] (Microsoft Corporation) MD5=A9FC4E6AC1D1A2A35E01D76D399C1D3D -- C:\WINDOWS\system32\magnify.exe

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/13 18:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2006/03/24 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2008/04/13 18:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2006/03/24 07:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2006/03/24 07:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 18:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 18:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 18:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2010/02/10 23:46:14 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2008/04/13 18:33:22 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2010/03/10 01:16:48 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21

< End of report >

Fill
 Posté le 08/03/2011 à 09:56 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Bonjour,

  • Télécharge Ad Remover d'El Desaparecido , C_XX & Chimay8 sur ton Bureau. Autre lien de téléchargement possible.
  • Double-clique sur l'outil pour l'exécuter (Sous Vista ou windows 7, il faut faire un clic droit et l'exécuter en tant qu'administrateur),
  • Lance la recherche et édite le rapport généré par l'outil dans ta prochaine réponse.

Fill

wwwiiilll
 Posté le 08/03/2011 à 11:39 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

rapport AD-REMOVER

======= RAPPORT D'AD-REMOVER 2.0.0.2,F | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 01/03/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [2]) -> Lancé à 05:37:12 le 08/03/2011, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
Alain@DELL-DIM5150 ( )

============== RECHERCHE ==============


Fichier trouvé: C:\windows\system32\ConduitEngine.tmp
Dossier trouvé: C:\Documents and Settings\Alain\Application Data\Mozilla\FireFox\Profiles\wy4qi0e6.default\conduit
Dossier trouvé: C:\Documents and Settings\Alain\Application Data\Mozilla\FireFox\Profiles\wy4qi0e6.default\ConduitEngine
Dossier trouvé: C:\Documents and Settings\Alain\Application Data\Mozilla\FireFox\Profiles\wy4qi0e6.default\extensions\engine@conduit.com
Fichier trouvé: C:\Documents and Settings\Alain\Application Data\Mozilla\FireFox\Profiles\wy4qi0e6.default\searchplugins\conduit.xml
Dossier trouvé: C:\Documents and Settings\Alain\Local Settings\Application Data\Conduit
Dossier trouvé: C:\Program Files\Conduit
Dossier trouvé: C:\Documents and Settings\Alain\Local Settings\Application Data\ConduitEngine
Dossier trouvé: C:\Program Files\ConduitEngine
Dossier trouvé: C:\Documents and Settings\Alain\Application Data\PriceGong
Dossier trouvé: C:\Documents and Settings\Alain\Application Data\VMNTOOLBAR
Dossier trouvé: C:\Program Files\VMNTOOLBAR

-- Fichier ouvert: C:\Documents and Settings\Alain\Application Data\Mozilla\FireFox\Profiles\wy4qi0e6.default\Prefs.js --
Ligne trouvée: user_pref("CT2535290.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Ligne trouvée: user_pref("CT2535290.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT253...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/CA", "\"0\"")...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20...
Ligne trouvée: user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Ligne trouvée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Ligne trouvée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList", "CT2535290,ConduitEngine");
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList2", "CT2535290");
Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Mar 07 2011 16:00:15 GMT-0500 (Est)"...
Ligne trouvée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.alert.locale", "en");
Ligne trouvée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Mar 07 2011 16:00:15 GMT-0500 (Est)");
Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Ligne trouvée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Ligne trouvée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Ligne trouvée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Ligne trouvée: user_pref("CommunityToolbar.alert.userId", "9d19813f-acc0-4f57-a229-15f4370bf777");
Ligne trouvée: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2535290");
Ligne trouvée: user_pref("ConduitEngine.CTID", "ConduitEngine");
Ligne trouvée: user_pref("ConduitEngine.FirstServerDate", "02/18/2011 20");
Ligne trouvée: user_pref("ConduitEngine.FirstTime", true);
Ligne trouvée: user_pref("ConduitEngine.FirstTimeFF3", true);
Ligne trouvée: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Ligne trouvée: user_pref("ConduitEngine.Initialize", true);
Ligne trouvée: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Ligne trouvée: user_pref("ConduitEngine.InstalledDate", "Fri Feb 18 2011 12:03:11 GMT-0500 (Est)");
Ligne trouvée: user_pref("ConduitEngine.IsMulticommunity", false);
Ligne trouvée: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Ligne trouvée: user_pref("ConduitEngine.IsOpenUninstallPage", true);
Ligne trouvée: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Feb 21 2011 05:23:52 GMT-0500 (Est)");
Ligne trouvée: user_pref("ConduitEngine.LastLogin_3.2.3.3", "Mon Feb 21 2011 05:23:52 GMT-0500 (Est)");
Ligne trouvée: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Ligne trouvée: user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Feb 21 2011 05:23:49 GMT-0500 (Est)");
Ligne trouvée: user_pref("ConduitEngine.UserID", "UN40471428824310552");
Ligne trouvée: user_pref("ConduitEngine.componentAlertEnabled", true);
Ligne trouvée: user_pref("ConduitEngine.engineLocale", "fr");
Ligne trouvée: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Feb 21 2011 05:23:49 GMT-0500 (Est)"...
Ligne trouvée: user_pref("ConduitEngine.initDone", true);
Ligne trouvée: user_pref("ConduitEngine.usagesFlag", 2);
Ligne trouvée: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&Sea...
-- Fichier Fermé --


Clé trouvée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Classes\CLSID\{537DDAEC-37C0-4214-BA65-310F3B2ECD6F}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537DDAEC-37C0-4214-BA65-310F3B2ECD6F}
Clé trouvée: HKLM\Software\Classes\Interface\{E5E0A023-3A5B-4F93-9705-2F302440D83C}
Clé trouvée: HKLM\Software\Classes\TypeLib\{39CAFD20-BAFF-454D-A94C-7115710AE6E3}
Clé trouvée: HKLM\Software\Classes\BHO.HelperObject
Clé trouvée: HKLM\Software\Classes\BHO.HelperObject.1
Clé trouvée: HKLM\Software\Classes\Conduit.Engine
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2535290
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2542115
Clé trouvée: HKLM\Software\Classes\AppID\BHO.dll
Clé trouvée: HKLM\Software\Classes\AppID\{59AEAD8A-6822-4794-AF2E-8CC27312E26E}
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\conduitEngine
Clé trouvée: HKCU\Software\Conduit
Clé trouvée: HKCU\Software\conduitEngine
Clé trouvée: HKCU\Software\PriceGong
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92B7FFC9-F28B-4790-B341-7BA672FF6D18}

Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.15 (fr)] ****

Plugins\npdjvu.dll (LizardTech)
HKLM_MozillaPlugins\@garmin.com/GpsControl (x)
Extensions - "info@finbu.com" (?)
Extensions\{d6a7220f-27cd-ac7b-b672-30020af63b5c} (z)
HKLM_Extensions|{BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\
HKLM_Extensions|{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\

-- C:\Documents and Settings\Alain\Application Data\Mozilla\FireFox\Profiles\wy4qi0e6.default --
Extensions\engine@conduit.com (Conduit Engine )
Extensions\{364d4e0c-543f-4b85-abe3-19551139da4f} (Softonic_France Toolbar)
Extensions\{437c4386-9237-441f-a940-009430030ee0} (Messenger Plus Live CA-EN Community Toolbar)
Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088} (?)
Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} (BlockSite)
Searchplugins\conduit.xml (hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&amp;SearchSource=3&amp;q={searchTerms} /)
Searchplugins\google-dictionary-english-french.xml (?)
Searchplugins\imdb.xml (?)
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&SearchSource=3&q={searchTerms}
Prefs.js - browser.search.selectedEngine, Wikipédia (fr)
Prefs.js - browser.startup.homepage, hxxp://www.google.ca/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.15

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Start Page - hxxp://search.conduit.com/?SearchSource=10&ctid=CT2535290
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_URLSearchHooks|{437c4386-9237-441f-a940-009430030ee0} - "Messenger Plus Live CA-EN Toolbar" (C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll)
HKCU_URLSearchHooks|{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\tbSof2.dll)
HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Messenger Plus Live CA-EN Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
HKCU_Toolbar|{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} (x)
HKCU_Toolbar\ShellBrowser|{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} (x)
HKCU_Toolbar\WebBrowser|{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} (x)
HKCU_Toolbar\WebBrowser|{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} (x)
HKCU_Toolbar\WebBrowser|{437C4386-9237-441F-A940-009430030EE0} (C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll)
HKCU_Toolbar\WebBrowser|{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} (C:\Program Files\Softonic_France\tbSof2.dll)
HKLM_Toolbar|{437c4386-9237-441f-a940-009430030ee0} (C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll)
HKLM_Toolbar|{4daac69c-cba7-45e2-9bc8-1044483d3352} (C:\Program Files\Softonic_France\tbSof2.dll)
HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\ConduitEngin0.dll)
HKCU_ElevationPolicy\{FF4E22ED-17D0-4D43-AD6F-E53D11FA3C61} - C:\Documents and Settings\Alain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (x)
HKLM_ElevationPolicy\3bf084db-f1a3-475c-a3da-ce1233070c09 - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper.exe (?)
HKLM_ElevationPolicy\5a636ff8-2220-42e1-ad19-36b9890b565d - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper.exe (?)
HKLM_ElevationPolicy\5e814d9c-99e1-45f6-a691-bbbe0972888e - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper.exe (?)
HKLM_ElevationPolicy\d92d02ad-2c9e-46e9-8767-9c7a68dd5a0b - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper.exe (?)
HKLM_ElevationPolicy\{6FA91961-65F0-438C-B5DD-F8B9B5AB3E00} - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper1.exe (Conduit Ltd.)
HKLM_ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6} - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (x)
HKLM_ElevationPolicy\{92B7FFC9-F28B-4790-B341-7BA672FF6D18} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (Conduit Ltd.)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine" (C:\Program Files\ConduitEngine\ConduitEngin0.dll)
BHO\{437c4386-9237-441f-a940-009430030ee0} - "Messenger Plus Live CA-EN Toolbar" (C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll)
BHO\{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\tbSof2.dll)
BHO\{51884eba-69c3-6492-ee43-918f6074797d} - "profitmuse" (C:\windows\system32\50c5f8b5.dll)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 2 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 08/03/2011 05:33:33 (13649 Octet(s))
C:\Ad-Report-SCAN[2].txt - 08/03/2011 05:37:16 (7905 Octet(s))

Fin à: 05:38:26, 08/03/2011

============== E.O.F ==============

merci

Fill
 Posté le 08/03/2011 à 11:46 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Salut,

1/

  • Double-clique sur Ad Remover pour exécuter l'outil (ou clic droit>Exécuter en tant qu'administrateur sous Vista et windows 7),
  • Lance le nettoyage et édite le rapport généré par l'outil dans ta prochaine réponse.

2/

  • Double-clique sur son icône pour le démarrer. Si tu es sous Vista ou 7, démarre par clic droit, exécuter en tant qu'administrateur. Assure toi d'avoir fermé le maximum de fenêtres ouvertes, avant ce qui suit.
  • Coche la case "Tous les utilisateurs",
  • Sous l'emplacement "Personnalisation", copie colle le contenu ce qui suit :

netsvcs
drivers32
%SYSTEMDRIVE%\*.exe
%APPDATA%\*.exe
/md5start
Magnify.exe
explorer.exe
winlogon.exe
wininit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

  • Clique ensuite sur le bouton "Analyse" puis patiente pour que l'outil analyse le pc. Cela peut durer quelques minutes, selon l'état du système.
  • A la fin de l'analyse, la fenêtre du bloc-note s'ouvre. Elle s'appelle OTL.txt
  • Copie-colle ce texte dans ta prochaine réponse. Si un message d'erreur apparait, c'est parce que le rapport est trop long. Il faut alors l'éditer en plusieurs messages sans rien oublier.
  • Pour sélectionner le texte : CTRL+A
  • Pour copier le texte sélectionné : CTRL+C,
  • Pour coller le texte dans ta prochaine réponse : CRTL+V

3/

  • Peux-tu tester ceci : C:\PhysicalMBR.bin
  • Clique sur ce lien.
  • Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
  • Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.
  • Tu peux t'aider de ce tuto pour cela.

Fill

wwwiiilll
 Posté le 08/03/2011 à 23:58 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

rapport ad-remover avant nettoyage

======= RAPPORT D'AD-REMOVER 2.0.0.2,F | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 01/03/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [5]) -> Lancé à 16:54:09 le 08/03/2011, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
Alain@DELL-DIM5150 ( )

============== RECHERCHE ==============





============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.15 (fr)] ****

Plugins\npdjvu.dll (LizardTech)
HKLM_MozillaPlugins\@garmin.com/GpsControl (x)
Extensions - "info@finbu.com" (?)
Extensions\{d6a7220f-27cd-ac7b-b672-30020af63b5c} (z)
HKLM_Extensions|{BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\
HKLM_Extensions|{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\

-- C:\Documents and Settings\Alain\Application Data\Mozilla\FireFox\Profiles\wy4qi0e6.default --
Extensions\{364d4e0c-543f-4b85-abe3-19551139da4f} (Softonic_France Toolbar)
Extensions\{437c4386-9237-441f-a940-009430030ee0} (Messenger Plus Live CA-EN Community Toolbar)
Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088} (?)
Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} (BlockSite)
Searchplugins\google-dictionary-english-french.xml (?)
Searchplugins\imdb.xml (?)
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.search.selectedEngine, Wikipédia (fr)
Prefs.js - browser.startup.homepage, hxxp://www.google.ca/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.15

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{437c4386-9237-441f-a940-009430030ee0} - "Messenger Plus Live CA-EN Toolbar" (C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll)
HKCU_URLSearchHooks|{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\tbSof2.dll)
HKCU_Toolbar|{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} (x)
HKCU_Toolbar\ShellBrowser|{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} (x)
HKCU_Toolbar\WebBrowser|{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} (x)
HKCU_Toolbar\WebBrowser|{437C4386-9237-441F-A940-009430030EE0} (C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll)
HKCU_Toolbar\WebBrowser|{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} (C:\Program Files\Softonic_France\tbSof2.dll)
HKLM_Toolbar|{437c4386-9237-441f-a940-009430030ee0} (C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll)
HKLM_Toolbar|{4daac69c-cba7-45e2-9bc8-1044483d3352} (C:\Program Files\Softonic_France\tbSof2.dll)
HKCU_ElevationPolicy\{FF4E22ED-17D0-4D43-AD6F-E53D11FA3C61} - C:\Documents and Settings\Alain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (x)
HKLM_ElevationPolicy\3bf084db-f1a3-475c-a3da-ce1233070c09 - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper.exe (?)
HKLM_ElevationPolicy\5a636ff8-2220-42e1-ad19-36b9890b565d - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper.exe (?)
HKLM_ElevationPolicy\5e814d9c-99e1-45f6-a691-bbbe0972888e - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper.exe (?)
HKLM_ElevationPolicy\d92d02ad-2c9e-46e9-8767-9c7a68dd5a0b - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper.exe (?)
HKLM_ElevationPolicy\{6FA91961-65F0-438C-B5DD-F8B9B5AB3E00} - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper1.exe (Conduit Ltd.)
HKLM_ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6} - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (x)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{437c4386-9237-441f-a940-009430030ee0} - "Messenger Plus Live CA-EN Toolbar" (C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll)
BHO\{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\tbSof2.dll)
BHO\{51884eba-69c3-6492-ee43-918f6074797d} - "profitmuse" (C:\windows\system32\50c5f8b5.dll)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 305 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 19 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 08/03/2011 06:02:40 (13270 Octet(s))
C:\Ad-Report-SCAN[1].txt - 08/03/2011 05:33:33 (13649 Octet(s))
C:\Ad-Report-SCAN[2].txt - 08/03/2011 05:37:16 (13714 Octet(s))
C:\Ad-Report-SCAN[3].txt - 08/03/2011 05:52:12 (13781 Octet(s))
C:\Ad-Report-SCAN[4].txt - 08/03/2011 16:50:17 (432 Octet(s))
C:\Ad-Report-SCAN[5].txt - 08/03/2011 16:54:14 (5135 Octet(s))

Fin à: 16:55:25, 08/03/2011

============== E.O.F ==============

wwwiiilll
 Posté le 09/03/2011 à 00:01 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien


rapport ad-remover apres nettoyage

======= RAPPORT D'AD-REMOVER 2.0.0.2,F | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 01/03/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Lancé à 16:56:24 le 08/03/2011, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
Alain@DELL-DIM5150 ( )

============== ACTION(S) ==============



(!) -- Fichiers temporaires supprimés.




============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.15 (fr)] ****

Plugins\npdjvu.dll (LizardTech)
HKLM_MozillaPlugins\@garmin.com/GpsControl (x)
Extensions - "info@finbu.com" (?)
Extensions\{d6a7220f-27cd-ac7b-b672-30020af63b5c} (z)
HKLM_Extensions|{BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\
HKLM_Extensions|{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\

-- C:\Documents and Settings\Alain\Application Data\Mozilla\FireFox\Profiles\wy4qi0e6.default --
Extensions\{364d4e0c-543f-4b85-abe3-19551139da4f} (Softonic_France Toolbar)
Extensions\{437c4386-9237-441f-a940-009430030ee0} (Messenger Plus Live CA-EN Community Toolbar)
Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088} (?)
Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} (BlockSite)
Searchplugins\google-dictionary-english-french.xml (?)
Searchplugins\imdb.xml (?)
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.search.selectedEngine, Wikipédia (fr)
Prefs.js - browser.startup.homepage, hxxp://www.google.ca/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.15

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{437c4386-9237-441f-a940-009430030ee0} - "Messenger Plus Live CA-EN Toolbar" (C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll)
HKCU_URLSearchHooks|{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\tbSof2.dll)
HKCU_Toolbar|{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} (x)
HKCU_Toolbar\ShellBrowser|{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} (x)
HKCU_Toolbar\WebBrowser|{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} (x)
HKCU_Toolbar\WebBrowser|{437C4386-9237-441F-A940-009430030EE0} (C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll)
HKCU_Toolbar\WebBrowser|{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} (C:\Program Files\Softonic_France\tbSof2.dll)
HKLM_Toolbar|{437c4386-9237-441f-a940-009430030ee0} (C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll)
HKLM_Toolbar|{4daac69c-cba7-45e2-9bc8-1044483d3352} (C:\Program Files\Softonic_France\tbSof2.dll)
HKCU_ElevationPolicy\{FF4E22ED-17D0-4D43-AD6F-E53D11FA3C61} - C:\Documents and Settings\Alain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (x)
HKLM_ElevationPolicy\3bf084db-f1a3-475c-a3da-ce1233070c09 - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper.exe (?)
HKLM_ElevationPolicy\5a636ff8-2220-42e1-ad19-36b9890b565d - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper.exe (?)
HKLM_ElevationPolicy\5e814d9c-99e1-45f6-a691-bbbe0972888e - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper.exe (?)
HKLM_ElevationPolicy\d92d02ad-2c9e-46e9-8767-9c7a68dd5a0b - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper.exe (?)
HKLM_ElevationPolicy\{6FA91961-65F0-438C-B5DD-F8B9B5AB3E00} - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper1.exe (Conduit Ltd.)
HKLM_ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6} - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (x)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{437c4386-9237-441f-a940-009430030ee0} - "Messenger Plus Live CA-EN Toolbar" (C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll)
BHO\{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\tbSof2.dll)
BHO\{51884eba-69c3-6492-ee43-918f6074797d} - "profitmuse" (C:\windows\system32\50c5f8b5.dll)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 305 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 20 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 08/03/2011 06:02:40 (13270 Octet(s))
C:\Ad-Report-CLEAN[2].txt - 08/03/2011 16:56:28 (1596 Octet(s))
C:\Ad-Report-SCAN[1].txt - 08/03/2011 05:33:33 (13649 Octet(s))
C:\Ad-Report-SCAN[2].txt - 08/03/2011 05:37:16 (13714 Octet(s))
C:\Ad-Report-SCAN[3].txt - 08/03/2011 05:52:12 (13781 Octet(s))
C:\Ad-Report-SCAN[4].txt - 08/03/2011 16:50:17 (432 Octet(s))
C:\Ad-Report-SCAN[5].txt - 08/03/2011 16:54:14 (5711 Octet(s))

Fin à: 16:57:49, 08/03/2011

============== E.O.F ==============

wwwiiilll
 Posté le 09/03/2011 à 00:03 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

rapport otl 1 de 2

OTL logfile created on: 3/8/2011 17:11:00 - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Alain\Mes documents\Téléchargements
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 129.05 Gb Total Space | 53.20 Gb Free Space | 41.23% Space Free | Partition Type: NTFS
Drive E: | 232.86 Gb Total Space | 64.61 Gb Free Space | 27.75% Space Free | Partition Type: NTFS
Drive F: | 232.90 Gb Total Space | 56.40 Gb Free Space | 24.22% Space Free | Partition Type: NTFS
Drive I: | 7.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DELL-DIM5150 | User Name: Alain | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011/03/08 06:15:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alain\Mes documents\Téléchargements\OTL.exe
PRC - [2011/03/05 19:08:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/03 10:43:53 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe
PRC - [2011/02/18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/02/18 11:00:28 | 001,654,424 | ---- | M] (Xeric Design, Ltd.) -- C:\Program Files\XericDesign\EarthDesk\earthdesk.exe
PRC - [2011/02/01 21:11:28 | 000,391,120 | ---- | M] (Acronis) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
PRC - [2011/02/01 21:11:26 | 000,804,928 | ---- | M] (Acronis) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
PRC - [2011/02/01 21:10:58 | 005,582,392 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/11/16 04:19:56 | 002,570,080 | ---- | M] (Acronis) -- C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010/09/27 13:49:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/09/27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/05/31 10:31:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2010/01/22 11:42:06 | 000,462,336 | ---- | M] () -- C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
PRC - [2009/05/15 06:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/13 18:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/19 11:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2007/10/12 07:34:56 | 000,071,096 | ---- | M] () -- C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
PRC - [2005/01/05 14:45:36 | 001,015,808 | ---- | M] (Thomas Ascher) -- C:\Program Files\ATnotes\atnotes .exe
PRC - [2004/08/09 05:03:38 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011/03/08 06:15:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alain\Mes documents\Téléchargements\OTL.exe
MOD - [2010/09/20 14:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\asoehook.dll
MOD - [2010/08/23 11:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/11 23:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/11 23:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011/03/03 10:43:53 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/02/18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/02/01 21:11:26 | 000,804,928 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/09/27 13:49:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/09/27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/09/07 21:07:16 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/05/31 10:31:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/05/20 16:26:04 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2010/01/22 11:42:06 | 000,462,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe -- (mitsijm2011)
SRV - [2009/05/15 06:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/08/17 03:40:50 | 000,217,088 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2008/06/05 23:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2008/03/19 11:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\windows\System32\hasplms.exe -- (hasplms)
SRV - [2007/10/12 07:34:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/03/03 10:44:02 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2011/03/03 10:43:41 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2011/03/03 10:43:39 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011/03/03 10:43:03 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011/02/25 16:59:12 | 000,800,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20110225.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/12/16 17:22:06 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20110308.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/16 17:22:06 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20110308.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/08 19:50:31 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20110304.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/09/27 13:50:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/07/28 10:06:33 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/28 10:06:33 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/28 09:49:10 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/31 10:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/05/31 10:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/05/05 23:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\NIS\1108000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/05/05 23:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/05/05 23:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/11 02:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/12/18 17:36:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/10/14 15:17:34 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/09/26 23:20:13 | 000,009,887 | ---- | M] (Ken Kato) [Kernel | On_Demand | Stopped] -- F:\mitchell\Shared\Workstation\Virtual_Floppy_Driver-2\vfd.sys -- (VirtualFD)
DRV - [2009/07/16 23:56:53 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/10 15:25:07 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/06/11 15:33:40 | 000,104,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/01/08 17:00:54 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DsAudioDevice_282.sys -- (DsAudioDevice_282)
DRV - [2008/12/10 15:56:26 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/06/12 09:46:40 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2008/04/13 10:56:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/18 14:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/02/11 14:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007/12/31 15:19:50 | 000,461,056 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC230NC.SYS -- (SPC230NC)
DRV - [2007/11/01 17:53:20 | 000,042,880 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vacs2xkd.sys -- (EuMusDesignVirtualAudioCableWdm_s2x) Sound2x Audio Cable (WDM)
DRV - [2007/09/26 13:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV - [2007/01/24 13:45:28 | 000,067,584 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2006/09/22 13:06:10 | 000,092,160 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/03/24 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006/03/24 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2004/11/19 17:07:00 | 000,101,488 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys -- (LF30FS)
DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/defaultf.aspx?lang=fr-ca&OCID=iehp
IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ca
IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 F4 06 54 38 FF CA 01 [binary data]
IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\..\URLSearchHook: {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSof2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live CA-EN Customized Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Wikipédia (fr)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {437c4386-9237-441f-a940-009430030ee0}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {d6a7220f-27cd-ac7b-b672-30020af63b5c}:4.6.7.4
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2010/07/29 16:34:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\ [2010/07/28 09:49:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/07 08:13:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 19:08:27 | 000,000,000 | ---D | M]

[2010/04/05 09:46:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Extensions
[2009/07/07 15:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/08 16:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions
[2010/12/10 05:26:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/02 17:54:23 | 000,000,000 | ---D | M] (Softonic_France Toolbar) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{364d4e0c-543f-4b85-abe3-19551139da4f}
[2011/02/18 12:02:32 | 000,000,000 | ---D | M] (Messenger Plus Live CA-EN Community Toolbar) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{437c4386-9237-441f-a940-009430030ee0}
[2010/04/05 09:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2010/12/24 06:38:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/01 08:43:01 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/04/05 09:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\personas@christopher.beard
[2010/12/17 17:15:50 | 000,002,358 | ---- | M] () -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\searchplugins\google-dictionary-english-french.xml
[2011/01/07 05:47:19 | 000,012,703 | ---- | M] () -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\searchplugins\imdb.xml
[2011/03/08 16:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/25 22:19:19 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{d6a7220f-27cd-ac7b-b672-30020af63b5c}
[2010/07/29 13:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\info@finbu.com
[2010/07/28 09:49:33 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\COFFPLGN
[2010/07/29 16:34:45 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPLGN
[2010/03/21 20:32:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2007/02/04 22:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2011/03/05 19:08:22 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2011/03/05 19:08:22 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/03/05 19:08:22 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2011/03/05 19:08:22 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2011/03/05 19:08:22 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/04/13 21:12:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Messenger Plus Live CA-EN Toolbar) - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSof2.dll (Conduit Ltd.)
O2 - BHO: (profitmuse) - {51884eba-69c3-6492-ee43-918f6074797d} - C:\WINDOWS\system32\50c5f8b5.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live CA-EN Toolbar) - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-1060284298-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-1060284298-839522115-1003\..\Toolbar\WebBrowser: (Messenger Plus Live CA-EN Toolbar) - {437C4386-9237-441F-A940-009430030EE0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-823518204-1060284298-839522115-1003\..\Toolbar\WebBrowser: (Softonic_France Toolbar) - {4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - C:\Program Files\Softonic_France\tbSof2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-823518204-1060284298-839522115-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Service Scheduler2 Acronis] C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-823518204-1060284298-839522115-1003..\Run: [ATnotes.exe] C:\Program Files\ATnotes\atnotes .exe (Thomas Ascher)
O4 - HKU\.DEFAULT..\RunOnce: [Magnify] C:\windows\System32\magnify.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [Magnify] C:\windows\System32\magnify.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Alain\Menu Démarrer\Programmes\Démarrage\EarthDesk.lnk = C:\Program Files\XericDesign\EarthDesk\earthdesk.exe (Xeric Design, Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-1060284298-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-1060284298-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-823518204-1060284298-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-823518204-1060284298-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\windows\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Alain\Application Data\XericDesign\EarthDesk\5.0\EarthDeskWallpaper100B5388.BMP
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alain\Application Data\XericDesign\EarthDesk\5.0\EarthDeskWallpaper100B5388.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/31 20:52:28 | 000,000,000 | ---D | M] - F:\autocad -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.WMV3 - C:\windows\System32\wmv9vcm.dll (Microsoft Corporation)

Publicité
wwwiiilll
 Posté le 09/03/2011 à 00:05 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

rapport otl 2 de 2


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/03/08 06:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alain\Bureau\analyse
[2011/03/08 05:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2011/03/07 23:44:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/05 17:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\iTunes
[2011/03/03 10:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alain\Application Data\64F8BC8A-3C16-4DC0-BD9D-29D37923FC37
[2011/03/01 09:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CCleaner
[2011/02/24 18:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alain\Application Data\XericDesign
[2011/02/24 18:56:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\EarthDesk
[2011/02/24 18:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\XericDesign
[2011/02/22 17:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common~1
[2011/02/22 17:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Ford Motor Company
[2011/02/22 17:13:37 | 000,000,000 | ---D | C] -- C:\TSO
[2011/02/18 07:09:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Alain\Recent
[2009/12/30 06:58:28 | 000,718,232 | ---- | C] (Pelmorex Media Inc.) -- C:\Program Files\weathereye .exe
[2009/12/30 06:58:27 | 004,026,672 | ---- | C] (Pelmorex Media Inc.) -- C:\Program Files\WeatherEye.dll
[2009/07/14 20:37:38 | 000,122,880 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\Veui32.dll
[2009/07/14 20:37:38 | 000,110,592 | ---- | C] (Ulead Systems, Inc) -- C:\Program Files\wUfoComp.dll
[2009/07/14 20:37:38 | 000,032,768 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\Vepb40.dll
[2009/07/14 20:37:38 | 000,028,672 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\VFX32.dll
[2009/07/14 20:37:37 | 000,163,840 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\UssCvt.dll
[2009/07/14 20:37:37 | 000,045,056 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\USSGifsa.dll
[2009/07/14 20:37:37 | 000,036,864 | ---- | C] (Ulead Systems, Inc) -- C:\Program Files\uwUpdate.dll
[2009/07/14 20:37:36 | 000,135,168 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\uRender.dll
[2009/07/14 20:37:35 | 000,081,920 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\ucp1.ucp
[2009/07/14 20:37:35 | 000,028,672 | ---- | C] (Ulead Systems, Inc) -- C:\Program Files\ucsRWUFO.dll
[2009/07/14 20:37:34 | 000,802,816 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Prod.dll
[2009/07/14 20:37:34 | 000,180,224 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32video.dll
[2009/07/14 20:37:33 | 000,221,184 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Fido.dll
[2009/07/14 20:37:33 | 000,114,688 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32File.dll
[2009/07/14 20:37:33 | 000,110,592 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Comm.dll
[2009/07/14 20:37:33 | 000,032,768 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Misc.dll
[2009/07/14 20:37:32 | 000,348,160 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Cfg.dll
[2009/07/14 20:37:32 | 000,241,664 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Base.dll
[2009/07/14 20:37:32 | 000,135,168 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Clips.dll
[2009/07/14 20:37:32 | 000,045,056 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\u32Brows.dll
[2009/07/14 20:37:31 | 000,344,064 | ---- | C] (Ulead Systems) -- C:\Program Files\mpg_hvd.dll
[2009/07/14 20:37:31 | 000,077,824 | ---- | C] (Ulead Systems, Inc) -- C:\Program Files\OLREG.EXE
[2009/07/14 20:37:30 | 001,654,784 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\ga_main.exe
[2009/07/14 20:37:30 | 000,077,824 | ---- | C] (Ulead Systems, Inc.) -- C:\Program Files\anigen.exe
[2009/07/14 20:33:44 | 000,054,272 | R--- | C] (InstallShield Software Corporation) -- C:\Program Files\Setup_1.exe
[2009/07/05 09:00:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Alain\Application Data\pcouffin.sys

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/03/08 17:07:00 | 000,001,052 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/08 17:00:13 | 000,000,312 | ---- | M] () -- C:\windows\tasks\GlaryInitialize.job
[2011/03/08 17:00:04 | 000,001,048 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/08 16:59:40 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/03/08 12:14:26 | 000,000,402 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{2011F957-2727-45BA-97B4-FD75AF3DBA48}.job
[2011/03/08 06:06:28 | 002,525,000 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/03/08 05:32:53 | 000,001,560 | ---- | M] () -- C:\Documents and Settings\Alain\Bureau\AD-R.lnk
[2011/03/07 19:05:44 | 000,125,926 | ---- | M] () -- C:\windows\System32\f8b114cd.exe
[2011/03/07 17:29:55 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/03/07 16:17:02 | 000,012,598 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2011/03/07 05:41:58 | 000,000,390 | ---- | M] () -- C:\windows\tasks\GlaryOneClickOptimizer.job
[2011/03/06 07:34:49 | 000,000,570 | ---- | M] () -- C:\windows\tasks\Norton Internet Security - Alain - Analyse complète du système.job
[2011/03/05 23:47:22 | 000,213,504 | ---- | M] () -- C:\Documents and Settings\Alain\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/05 18:56:50 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Alain\Menu Démarrer\Programmes\Démarrage\EarthDesk.lnk
[2011/03/05 17:31:39 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2011/03/03 10:51:59 | 000,551,532 | ---- | M] () -- C:\windows\System32\perfh00C.dat
[2011/03/03 10:51:59 | 000,483,332 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/03/03 10:51:59 | 000,099,222 | ---- | M] () -- C:\windows\System32\perfc00C.dat
[2011/03/03 10:51:59 | 000,086,384 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/03/03 10:51:58 | 000,464,238 | ---- | M] () -- C:\windows\System32\perfh040.dat
[2011/03/03 10:51:58 | 000,063,140 | ---- | M] () -- C:\windows\System32\perfc040.dat
[2011/03/03 10:44:02 | 000,167,968 | ---- | M] (Acronis) -- C:\windows\System32\drivers\afcdp.sys
[2011/03/03 10:43:41 | 000,752,128 | ---- | M] (Acronis) -- C:\windows\System32\drivers\tdrpm273.sys
[2011/03/03 10:43:39 | 000,600,928 | ---- | M] (Acronis) -- C:\windows\System32\drivers\timntr.sys
[2011/03/03 10:43:03 | 000,170,528 | ---- | M] (Acronis) -- C:\windows\System32\drivers\snapman.sys
[2011/02/22 17:15:02 | 000,004,205 | ---- | M] () -- C:\windows\ODBCINST.INI
[2011/02/21 18:37:15 | 000,049,084 | ---- | M] () -- C:\windows\od5.ini
[2011/02/21 05:56:23 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Safari.lnk
[2011/02/21 05:56:23 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Alain\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/02/16 10:01:12 | 002,646,528 | ---- | M] () -- C:\windows\System32\50c5f8b5.dll
[2011/02/14 05:37:57 | 000,167,207 | ---- | M] () -- C:\Documents and Settings\Alain\Bureau\calendriertremplin2010-2011.pdf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/03/08 05:32:53 | 000,001,560 | ---- | C] () -- C:\Documents and Settings\Alain\Bureau\AD-R.lnk
[2011/03/07 16:28:57 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/03/05 18:56:50 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Alain\Menu Démarrer\Programmes\Démarrage\EarthDesk.lnk
[2011/03/05 17:31:38 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2011/02/25 22:19:20 | 000,125,926 | ---- | C] () -- C:\windows\System32\f8b114cd.exe
[2011/02/21 05:56:23 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Safari.lnk
[2011/02/16 10:01:12 | 002,646,528 | ---- | C] () -- C:\windows\System32\50c5f8b5.dll
[2011/02/14 05:37:57 | 000,167,207 | ---- | C] () -- C:\Documents and Settings\Alain\Bureau\calendriertremplin2010-2011.pdf
[2011/01/01 17:38:05 | 000,004,312 | ---- | C] () -- C:\windows\System32\RW_{D70944CE-6818-11DE-A8BE-001372DDBB75}.dat
[2010/11/11 05:24:51 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/11/11 05:19:34 | 000,593,920 | ---- | C] () -- C:\windows\System32\ati2sgag.exe
[2010/11/10 06:01:28 | 000,000,000 | ---- | C] () -- C:\windows\InvTXTStack.INI
[2010/08/18 05:06:24 | 000,484,352 | ---- | C] () -- C:\windows\System32\lame_enc.dll
[2010/08/17 19:49:20 | 000,020,992 | ---- | C] () -- C:\windows\jestertb.dll
[2010/07/21 12:42:09 | 000,129,024 | ---- | C] () -- C:\windows\System32\AVERM.dll
[2010/07/17 09:37:08 | 000,891,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/16 20:05:30 | 000,000,130 | -H-- | C] () -- C:\Documents and Settings\Alain\Application Data\lakerda1967.sys
[2010/05/12 21:08:24 | 018,499,623 | ---- | C] () -- C:\Program Files\vlc-1.0.5-win32.exe
[2010/05/01 05:40:04 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\inst.exe
[2010/04/28 19:39:13 | 000,003,840 | ---- | C] () -- C:\windows\System32\drivers\BANTExt.sys
[2010/04/28 16:29:57 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\docXConverter (3).ini
[2010/04/23 22:15:05 | 000,000,168 | ---- | C] () -- C:\windows\System32\RW_{4AEDA20A-6805-11DE-A8B7-806D6172696F}.dat
[2010/04/20 12:09:25 | 000,044,521 | ---- | C] () -- C:\Program Files\GUYLAINE 2009.u09
[2010/04/13 19:42:12 | 000,004,256 | ---- | C] () -- C:\windows\System32\RW_{4AEDA20B-6805-11DE-A8B7-806D6172696F}.dat
[2010/03/29 19:14:23 | 000,000,000 | ---- | C] () -- C:\windows\System32\cd.dat
[2010/03/20 21:50:32 | 000,000,476 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\default.rss
[2010/03/20 21:50:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\downloads.m3u
[2010/03/20 21:36:59 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2010/03/20 21:22:15 | 000,254,238 | ---- | C] () -- C:\windows\System32\RW_AppData.dat
[2010/03/20 21:22:15 | 000,094,480 | ---- | C] () -- C:\windows\System32\RW_FileType.dat
[2010/03/20 21:22:15 | 000,008,344 | ---- | C] () -- C:\windows\System32\RW_{E487744A-67C1-11DE-9F6A-806D6172696F}.dat
[2010/03/20 21:22:15 | 000,000,972 | ---- | C] () -- C:\windows\System32\RW_FileFlag.dat
[2010/03/20 21:15:08 | 000,004,767 | ---- | C] () -- C:\windows\Irremote.ini
[2010/02/10 23:12:00 | 003,107,788 | ---- | C] () -- C:\windows\System32\ativva5x.dat
[2010/02/10 23:12:00 | 000,887,724 | ---- | C] () -- C:\windows\System32\ativva6x.dat
[2010/02/08 05:46:37 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\wklnhst.dat
[2010/01/14 18:28:09 | 000,464,238 | ---- | C] () -- C:\windows\System32\perfh040.dat
[2010/01/14 18:28:09 | 000,063,140 | ---- | C] () -- C:\windows\System32\perfc040.dat
[2010/01/14 05:32:59 | 000,037,888 | ---- | C] () -- C:\windows\System32\setupnt.dll
[2009/12/30 18:56:33 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\Settings.cfg
[2009/12/30 06:58:28 | 000,005,403 | ---- | C] () -- C:\Program Files\WeatherEye.daz
[2009/11/27 22:03:01 | 000,087,924 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2009/11/05 06:01:41 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\xpy.ini
[2009/11/04 06:07:18 | 130,284,263 | ---- | C] () -- C:\Program Files\java_ee_sdk-5_01-windows.exe
[2009/10/25 14:58:19 | 012,802,048 | ---- | C] () -- C:\Program Files\GoogleEarthProWin.exe
[2009/10/14 15:33:36 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Alain\Local Settings\Application Data\fusioncache.dat
[2009/10/14 15:17:34 | 000,000,383 | ---- | C] () -- C:\windows\System32\haspdos.sys
[2009/10/08 17:39:42 | 000,000,009 | -H-- | C] () -- C:\windows\System32\wxmmin.dll
[2009/09/27 13:31:25 | 000,000,048 | ---- | C] () -- C:\windows\PickList.ini
[2009/09/27 13:30:42 | 000,049,084 | ---- | C] () -- C:\windows\od5.ini
[2009/09/09 06:42:00 | 000,000,221 | ---- | C] () -- C:\windows\NCLogConfig.ini
[2009/08/25 20:12:23 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2009/08/14 06:40:54 | 000,001,324 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2009/08/12 17:22:50 | 000,000,067 | ---- | C] () -- C:\windows\Easy Avi Divx Xvid to DVD Burner.INI
[2009/07/21 21:52:11 | 001,454,671 | ---- | C] () -- C:\Program Files\lockfldr.exe
[2009/07/16 14:48:35 | 000,000,905 | ---- | C] () -- C:\windows\my.ini
[2009/07/14 20:37:48 | 000,000,352 | ---- | C] () -- C:\windows\ULEAD32.INI
[2009/07/14 20:37:36 | 000,237,568 | ---- | C] () -- C:\Program Files\UpiCtrl.dll
[2009/07/14 20:37:36 | 000,053,248 | ---- | C] () -- C:\Program Files\UFCCOMM.dll
[2009/07/14 20:37:36 | 000,036,864 | ---- | C] () -- C:\Program Files\UFCCOLOR.dll
[2009/07/14 20:37:35 | 000,040,960 | ---- | C] () -- C:\Program Files\UAboutbox.dll
[2009/07/14 20:37:35 | 000,032,768 | ---- | C] () -- C:\Program Files\UFCBUF.dll
[2009/07/14 20:37:33 | 000,002,396 | -H-- | C] () -- C:\Program Files\U32FILE.CFG
[2009/07/14 20:37:31 | 000,167,936 | ---- | C] () -- C:\Program Files\sepa.dll
[2009/07/14 20:37:30 | 000,081,920 | ---- | C] () -- C:\Program Files\EXE.UXE
[2009/07/14 20:37:30 | 000,003,766 | ---- | C] () -- C:\Program Files\iearrowhead.dat
[2009/07/14 20:37:30 | 000,003,507 | ---- | C] () -- C:\Program Files\IEDEFORM.DAT
[2009/07/14 20:33:44 | 000,417,764 | R--- | C] () -- C:\Program Files\Setup.bmp
[2009/07/14 20:33:44 | 000,339,565 | R--- | C] () -- C:\Program Files\ikernel.ex_
[2009/07/14 20:33:44 | 000,175,704 | R--- | C] () -- C:\Program Files\setup.inx
[2009/07/14 20:33:44 | 000,000,455 | R--- | C] () -- C:\Program Files\layout.bin
[2009/07/14 20:33:44 | 000,000,094 | R--- | C] () -- C:\Program Files\Setup.ini
[2009/07/12 07:16:53 | 000,151,552 | ---- | C] () -- C:\windows\System32\SSCoInst.exe
[2009/07/12 07:16:53 | 000,135,168 | ---- | C] () -- C:\windows\System32\SVSetup.Exe
[2009/07/12 07:16:53 | 000,053,248 | ---- | C] () -- C:\windows\System32\SVSetup.dll
[2009/07/12 07:16:52 | 000,057,344 | ---- | C] () -- C:\windows\System32\SSCoInst.dll
[2009/07/12 07:16:48 | 000,020,594 | ---- | C] () -- C:\windows\System32\Dels3LMK.DLL
[2009/07/11 07:06:49 | 000,029,656 | ---- | C] () -- C:\windows\System32\Lanceur2.exe
[2009/07/11 07:06:47 | 000,053,248 | ---- | C] () -- C:\windows\System32\ArmAccess.dll
[2009/07/10 20:54:52 | 000,213,504 | ---- | C] () -- C:\Documents and Settings\Alain\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/08 20:56:37 | 000,129,318 | ---- | C] () -- C:\windows\hpoins11.dat
[2009/07/08 20:32:53 | 000,077,824 | ---- | C] () -- C:\windows\System32\HPZIDS01.dll
[2009/07/08 19:05:25 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2009/07/07 18:46:03 | 000,000,842 | ---- | C] () -- C:\windows\System32\SPC230NC.INI
[2009/07/06 20:42:18 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll
[2009/07/06 20:42:16 | 000,007,023 | ---- | C] () -- C:\windows\mgxoschk.ini
[2009/07/05 09:01:12 | 000,001,173 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\vso_ts_preview.xml
[2009/07/05 09:00:49 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\pcouffin.cat
[2009/07/05 09:00:48 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\pcouffin.inf
[2009/07/04 13:00:55 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2009/07/03 14:33:00 | 000,189,051 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/07/03 11:51:34 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/03 11:24:09 | 000,021,892 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2009/07/03 06:19:09 | 000,004,205 | ---- | C] () -- C:\windows\ODBCINST.INI
[2009/07/03 06:18:04 | 002,525,000 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2007/07/29 14:57:12 | 000,454,656 | ---- | C] () -- C:\windows\System32\PaintX.dll
[2006/05/05 05:20:40 | 000,011,634 | ---- | C] () -- C:\windows\hpomdl11.dat
[2006/03/24 07:00:00 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2006/03/24 07:00:00 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2006/03/24 07:00:00 | 000,551,532 | ---- | C] () -- C:\windows\System32\perfh00C.dat
[2006/03/24 07:00:00 | 000,483,332 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2006/03/24 07:00:00 | 000,322,810 | ---- | C] () -- C:\windows\System32\perfi00C.dat
[2006/03/24 07:00:00 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2006/03/24 07:00:00 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2006/03/24 07:00:00 | 000,099,222 | ---- | C] () -- C:\windows\System32\perfc00C.dat
[2006/03/24 07:00:00 | 000,086,384 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2006/03/24 07:00:00 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2006/03/24 07:00:00 | 000,034,108 | ---- | C] () -- C:\windows\System32\perfd00C.dat
[2006/03/24 07:00:00 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2006/03/24 07:00:00 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2006/03/24 07:00:00 | 000,004,461 | ---- | C] () -- C:\windows\System32\oembios.dat
[2006/03/24 07:00:00 | 000,001,804 | ---- | C] () -- C:\windows\System32\dcache.bin
[2006/03/24 07:00:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
[2005/03/20 20:25:52 | 028,476,483 | ---- | C] () -- C:\Program Files\Ulead Gif Animator 5 Full.exe
[2001/07/07 02:00:00 | 000,003,279 | ---- | C] () -- C:\windows\System32\HPTCPMON.INI
[1998/10/27 00:00:00 | 001,691,408 | ---- | C] () -- C:\windows\System32\MSO97V.DLL
[1998/10/27 00:00:00 | 000,022,016 | ---- | C] () -- C:\windows\System32\DOCOBJ.DLL
[1998/10/27 00:00:00 | 000,016,384 | ---- | C] () -- C:\windows\System32\MSORFS.DLL
[1998/10/27 00:00:00 | 000,012,288 | ---- | C] () -- C:\windows\System32\HLINKPRX.DLL
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\windows\System32\giveio.sys

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< %APPDATA%\*.exe >[/color]
[2010/07/17 14:46:22 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Alain\Application Data\inst.exe


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2006/03/24 07:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 18:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 18:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2006/03/24 07:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 18:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 18:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Alain\Mes documents\My Drivers\hdc\primary_ide_channel\atapi.sys
[2008/04/13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Alain\Mes documents\My Drivers\hdc\secondary_ide_channel\atapi.sys
[2008/04/13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/03/24 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2006/03/24 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 18:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2006/03/24 07:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 18:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 18:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/13 18:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[color=#A23BEC]< MD5 for: MAGNIFY.EXE >[/color]
[2009/11/11 16:26:20 | 000,735,088 | ---- | M] (Microsoft Corporation) MD5=991D8FEC45A8E90D1D7E07C9008BDB59 -- C:\Program Files\Microsoft IntelliPoint\Components\Commands\DPGMgy\magnify.exe
[2006/03/24 07:00:00 | 000,073,216 | ---- | M] (Microsoft Corporation) MD5=A76B6B35E664B314A28CA70A5E6DCB25 -- C:\WINDOWS\$NtServicePackUninstall$\magnify.exe
[2008/04/13 18:34:12 | 000,073,216 | ---- | M] (Microsoft Corporation) MD5=A9FC4E6AC1D1A2A35E01D76D399C1D3D -- C:\WINDOWS\ServicePackFiles\i386\magnify.exe
[2008/04/13 18:34:12 | 000,073,216 | ---- | M] (Microsoft Corporation) MD5=A9FC4E6AC1D1A2A35E01D76D399C1D3D -- C:\WINDOWS\system32\magnify.exe

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/13 18:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2006/03/24 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2008/04/13 18:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2006/03/24 07:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2006/03/24 07:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 18:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 18:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 18:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2010/02/10 23:46:14 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2008/04/13 18:33:22 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2010/03/10 01:16:48 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 88 bytes -> C:\windows\System32\f8b114cd.exe:SummaryInformation
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21

< End of report >

wwwiiilll
 Posté le 09/03/2011 à 00:08 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

rapport virustotal

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
PhysicalMBR.bin
Submission date:
2011-03-08 10:56:20 (UTC)
Current status:
finished
Result:
0 /43 (0.0%)
VT Community

not reviewed
Safety score: -
Antivirus Version Last Update Result
AhnLab-V3 2011.03.08.00 2011.03.08 -
AntiVir 7.11.4.118 2011.03.08 -
Antiy-AVL 2.0.3.7 2011.03.06 -
Avast 4.8.1351.0 2011.03.08 -
Avast5 5.0.677.0 2011.03.08 -
AVG 10.0.0.1190 2011.03.08 -
BitDefender 7.2 2011.03.08 -
CAT-QuickHeal 11.00 2011.03.08 -
ClamAV 0.96.4.0 2011.03.07 -
Commtouch 5.2.11.5 2011.03.08 -
Comodo 7914 2011.03.08 -
DrWeb 5.0.2.03300 2011.03.07 -
Emsisoft 5.1.0.2 2011.03.08 -
eSafe 7.0.17.0 2011.03.07 -
eTrust-Vet 36.1.8201 2011.03.08 -
F-Prot 4.6.2.117 2011.03.08 -
F-Secure 9.0.16440.0 2011.03.08 -
Fortinet 4.2.254.0 2011.03.08 -
GData 21 2011.03.08 -
Ikarus T3.1.1.97.0 2011.03.08 -
Jiangmin 13.0.900 2011.03.08 -
K7AntiVirus 9.92.4054 2011.03.08 -
Kaspersky 7.0.0.125 2011.03.08 -
McAfee 5.400.0.1158 2011.03.08 -
McAfee-GW-Edition 2010.1C 2011.03.08 -
Microsoft 1.6603 2011.03.08 -
NOD32 5935 2011.03.08 -
Norman 6.07.03 2011.03.08 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.03.07 -
PCTools 7.0.3.5 2011.03.08 -
Prevx 3.0 2011.03.08 -
Rising 23.48.01.06 2011.03.08 -
Sophos 4.63.0 2011.03.08 -
SUPERAntiSpyware 4.40.0.1006 2011.03.08 -
Symantec 20101.3.0.103 2011.03.08 -
TheHacker 6.7.0.1.145 2011.03.08 -
TrendMicro 9.200.0.1012 2011.03.08 -
TrendMicro-HouseCall 9.200.0.1012 2011.03.08 -
VBA32 3.12.14.3 2011.03.04 -
VIPRE 8634 2011.03.08 -
ViRobot 2011.3.8.4347 2011.03.08 -
VirusBuster 13.6.239.0 2011.03.07 -
wwwiiilll
 Posté le 09/03/2011 à 03:16 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

j ai trouver cette application que je trouve bizarre f8b114cd.exe dans WINDOWS/SYSTEM32.

LES NOUVELLE PAGE QUI S OUVRE FREQUAMENT DANS FIREFOX PROVIENNENT DE ADSERVED BY PROFIMUSE

quand pensez vous...

MERCI



Modifié par wwwiiilll le 09/03/2011 03:23
Fill
 Posté le 09/03/2011 à 11:25 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Salut,

Tu as récemment utilisé Combofix ? C'est le genre de programme qu'il faut éviter d'utiliser de sa propre initiative, si on ne sait pas précisément pourquoi on l'utilise.

1/ Evite d'appliquer plusieurs fois les programmes. En faisant cela, tu écrases les rapports précédents :

Tu as fait 5 analyses avec Adremover, 2 nettoyages :

C:\Ad-Report-CLEAN[1].txt - 08/03/2011 06:02:40 (13270 Octet(s))
C:\Ad-Report-CLEAN[2].txt - 08/03/2011 16:56:28 (1596 Octet(s))
C:\Ad-Report-SCAN[1].txt - 08/03/2011 05:33:33 (13649 Octet(s))
C:\Ad-Report-SCAN[2].txt - 08/03/2011 05:37:16 (13714 Octet(s))
C:\Ad-Report-SCAN[3].txt - 08/03/2011 05:52:12 (13781 Octet(s))
C:\Ad-Report-SCAN[4].txt - 08/03/2011 16:50:17 (432 Octet(s))
C:\Ad-Report-SCAN[5].txt - 08/03/2011 16:54:14 (5711 Octet(s))

Tu as exécuté 4 fois OTL.

Edite le rapport C:\Ad-Report-CLEAN[1].txt

2/

  • Relance OTL
  • Copie-colle ceci dans la fenêtre personnalisation :

Instructions :
:OTL
IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\..\URLSearchHook: {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-823518204-1060284298-839522115-1003\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSof2.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live CA-EN Customized Web Search"
[2010/08/02 17:54:23 | 000,000,000 | ---D | M] (Softonic_France Toolbar) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{364d4e0c-543f-4b85-abe3-19551139da4f}
[2011/02/18 12:02:32 | 000,000,000 | ---D | M] (Messenger Plus Live CA-EN Community Toolbar) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{437c4386-9237-441f-a940-009430030ee0}
O2 - BHO: (Messenger Plus Live CA-EN Toolbar) - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSof2.dll (Conduit Ltd.)
O2 - BHO: (profitmuse) - {51884eba-69c3-6492-ee43-918f6074797d} - C:\WINDOWS\system32\50c5f8b5.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live CA-EN Toolbar) - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-1060284298-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-1060284298-839522115-1003\..\Toolbar\WebBrowser: (Messenger Plus Live CA-EN Toolbar) - {437C4386-9237-441F-A940-009430030EE0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-823518204-1060284298-839522115-1003\..\Toolbar\WebBrowser: (Softonic_France Toolbar) - {4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - C:\Program Files\Softonic_France\tbSof2.dll (Conduit Ltd.)
[2011/03/07 19:05:44 | 000,125,926 | ---- | M] () -- C:\windows\System32\f8b114cd.exe
[2011/02/16 10:01:12 | 002,646,528 | ---- | M] () -- C:\windows\System32\50c5f8b5.dll
[2010/08/17 19:49:20 | 000,020,992 | ---- | C] () -- C:\windows\jestertb.dll
@Alternate Data Stream - 88 bytes -> C:\windows\System32\f8b114cd.exe:SummaryInformation
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21


:commands
[EmptyTemp]
[EmptyFlash]

  • Clique ensuite sur Correction et laisse l'outil travailler.
  • Poste le contenu du nouveau rapport (il s'agit d'un fichier "LOG" contenant les dates et heures du pc, sauvegardé dans le dossier %racine%\_OTL\MovedFiles) qui doit s'ouvrir avec le bloc-notes. Comme précédemment, tu peux utiliser les raccourcis clavier (CTRL+A, CTRL+C et CTRL+V)

3/ Fais une analyse avec malwarebyte's en suivant ce tuto et édite le rapport.

4/

  • Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
  • Cliquer sur outils>options des dossiers>affichage.
  • Sélectionner :
    • afficher les fichiers et dossiers cachés,
    • décocher "masquer les extensions des fichiers dont le type est connu",
    • décocher masquer les fichiers protégés du système d'exploitation (recommandé)".
  • "appliquer" et "ok"
  • Peux-tu tester ceci : C:\Documents and Settings\Alain\Application Data\lakerda1967.sys
  • Clique sur ce lien.
  • Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
  • Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.
  • Tu peux t'aider de ce tuto pour cela.
  • tu fais ensuite la démarche inverse pour cacher les fichiers.

Fill

wwwiiilll
 Posté le 09/03/2011 à 11:32 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

======= RAPPORT D'AD-REMOVER 2.0.0.2,F | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 01/03/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 06:02:36 le 08/03/2011, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
Alain@DELL-DIM5150 ( )

============== ACTION(S) ==============


Fichier supprimé: C:\windows\system32\ConduitEngine.tmp
Dossier supprimé: C:\Documents and Settings\Alain\Application Data\Mozilla\FireFox\Profiles\wy4qi0e6.default\conduit
Dossier supprimé: C:\Documents and Settings\Alain\Application Data\Mozilla\FireFox\Profiles\wy4qi0e6.default\ConduitEngine
Dossier supprimé: C:\Documents and Settings\Alain\Application Data\Mozilla\FireFox\Profiles\wy4qi0e6.default\extensions\engine@conduit.com
Fichier supprimé: C:\Documents and Settings\Alain\Application Data\Mozilla\FireFox\Profiles\wy4qi0e6.default\searchplugins\conduit.xml
Dossier supprimé: C:\Documents and Settings\Alain\Local Settings\Application Data\Conduit
Dossier supprimé: C:\Program Files\Conduit
Dossier supprimé: C:\Documents and Settings\Alain\Local Settings\Application Data\ConduitEngine
Dossier supprimé: C:\Program Files\ConduitEngine
Dossier supprimé: C:\Documents and Settings\Alain\Application Data\PriceGong
Dossier supprimé: C:\Documents and Settings\Alain\Application Data\VMNTOOLBAR
Dossier supprimé: C:\Program Files\VMNTOOLBAR

(!) -- Fichiers temporaires supprimés.


-- Fichier ouvert: C:\Documents and Settings\Alain\Application Data\Mozilla\FireFox\Profiles\wy4qi0e6.default\Prefs.js --
Ligne supprimée: user_pref("CT2535290.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Ligne supprimée: user_pref("CT2535290.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT253...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/CA", "\"0\"")...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20...
Ligne supprimée: user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Ligne supprimée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Ligne supprimée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...
Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList", "CT2535290,ConduitEngine");
Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList2", "CT2535290");
Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Mar 07 2011 16:00:15 GMT-0500 (Est)"...
Ligne supprimée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.alert.locale", "en");
Ligne supprimée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Mar 07 2011 16:00:15 GMT-0500 (Est)");
Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Ligne supprimée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Ligne supprimée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Ligne supprimée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Ligne supprimée: user_pref("CommunityToolbar.alert.userId", "9d19813f-acc0-4f57-a229-15f4370bf777");
Ligne supprimée: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2535290");
Ligne supprimée: user_pref("ConduitEngine.CTID", "ConduitEngine");
Ligne supprimée: user_pref("ConduitEngine.FirstServerDate", "02/18/2011 20");
Ligne supprimée: user_pref("ConduitEngine.FirstTime", true);
Ligne supprimée: user_pref("ConduitEngine.FirstTimeFF3", true);
Ligne supprimée: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Ligne supprimée: user_pref("ConduitEngine.Initialize", true);
Ligne supprimée: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Ligne supprimée: user_pref("ConduitEngine.InstalledDate", "Fri Feb 18 2011 12:03:11 GMT-0500 (Est)");
Ligne supprimée: user_pref("ConduitEngine.IsMulticommunity", false);
Ligne supprimée: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Ligne supprimée: user_pref("ConduitEngine.IsOpenUninstallPage", true);
Ligne supprimée: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Feb 21 2011 05:23:52 GMT-0500 (Est)");
Ligne supprimée: user_pref("ConduitEngine.LastLogin_3.2.3.3", "Mon Feb 21 2011 05:23:52 GMT-0500 (Est)");
Ligne supprimée: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Ligne supprimée: user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Feb 21 2011 05:23:49 GMT-0500 (Est)");
Ligne supprimée: user_pref("ConduitEngine.UserID", "UN40471428824310552");
Ligne supprimée: user_pref("ConduitEngine.componentAlertEnabled", true);
Ligne supprimée: user_pref("ConduitEngine.engineLocale", "fr");
Ligne supprimée: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Feb 21 2011 05:23:49 GMT-0500 (Est)"...
Ligne supprimée: user_pref("ConduitEngine.initDone", true);
Ligne supprimée: user_pref("ConduitEngine.usagesFlag", 2);
Ligne supprimée: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&Sea...
-- Fichier Fermé --


Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Classes\CLSID\{537DDAEC-37C0-4214-BA65-310F3B2ECD6F}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537DDAEC-37C0-4214-BA65-310F3B2ECD6F}
Clé supprimée: HKLM\Software\Classes\Interface\{E5E0A023-3A5B-4F93-9705-2F302440D83C}
Clé supprimée: HKLM\Software\Classes\TypeLib\{39CAFD20-BAFF-454D-A94C-7115710AE6E3}
Clé supprimée: HKLM\Software\Classes\BHO.HelperObject
Clé supprimée: HKLM\Software\Classes\BHO.HelperObject.1
Clé supprimée: HKLM\Software\Classes\Conduit.Engine
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2535290
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2542115
Clé supprimée: HKLM\Software\Classes\AppID\BHO.dll
Clé supprimée: HKLM\Software\Classes\AppID\{59AEAD8A-6822-4794-AF2E-8CC27312E26E}
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\conduitEngine
Clé supprimée: HKCU\Software\Conduit
Clé supprimée: HKCU\Software\conduitEngine
Clé supprimée: HKCU\Software\PriceGong
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92B7FFC9-F28B-4790-B341-7BA672FF6D18}

Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.15 (fr)] ****

Plugins\npdjvu.dll (LizardTech)
HKLM_MozillaPlugins\@garmin.com/GpsControl (x)
Extensions - "info@finbu.com" (?)
Extensions\{d6a7220f-27cd-ac7b-b672-30020af63b5c} (z)
HKLM_Extensions|{BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\
HKLM_Extensions|{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\

-- C:\Documents and Settings\Alain\Application Data\Mozilla\FireFox\Profiles\wy4qi0e6.default --
Extensions\{364d4e0c-543f-4b85-abe3-19551139da4f} (Softonic_France Toolbar)
Extensions\{437c4386-9237-441f-a940-009430030ee0} (Messenger Plus Live CA-EN Community Toolbar)
Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088} (?)
Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} (BlockSite)
Searchplugins\google-dictionary-english-french.xml (?)
Searchplugins\imdb.xml (?)
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.search.selectedEngine, Wikipédia (fr)
Prefs.js - browser.startup.homepage, hxxp://www.google.ca/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.15

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{437c4386-9237-441f-a940-009430030ee0} - "Messenger Plus Live CA-EN Toolbar" (C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll)
HKCU_URLSearchHooks|{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\tbSof2.dll)
HKCU_Toolbar|{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} (x)
HKCU_Toolbar\ShellBrowser|{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} (x)
HKCU_Toolbar\WebBrowser|{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} (x)
HKCU_Toolbar\WebBrowser|{437C4386-9237-441F-A940-009430030EE0} (C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll)
HKCU_Toolbar\WebBrowser|{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} (C:\Program Files\Softonic_France\tbSof2.dll)
HKLM_Toolbar|{437c4386-9237-441f-a940-009430030ee0} (C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll)
HKLM_Toolbar|{4daac69c-cba7-45e2-9bc8-1044483d3352} (C:\Program Files\Softonic_France\tbSof2.dll)
HKCU_ElevationPolicy\{FF4E22ED-17D0-4D43-AD6F-E53D11FA3C61} - C:\Documents and Settings\Alain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (x)
HKLM_ElevationPolicy\3bf084db-f1a3-475c-a3da-ce1233070c09 - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper.exe (?)
HKLM_ElevationPolicy\5a636ff8-2220-42e1-ad19-36b9890b565d - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper.exe (?)
HKLM_ElevationPolicy\5e814d9c-99e1-45f6-a691-bbbe0972888e - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper.exe (?)
HKLM_ElevationPolicy\d92d02ad-2c9e-46e9-8767-9c7a68dd5a0b - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper.exe (?)
HKLM_ElevationPolicy\{6FA91961-65F0-438C-B5DD-F8B9B5AB3E00} - C:\Program Files\Messenger_Plus_Live_CA-EN\Messenger_Plus_Live_CA-ENToolbarHelper1.exe (Conduit Ltd.)
HKLM_ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6} - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (x)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{437c4386-9237-441f-a940-009430030ee0} - "Messenger Plus Live CA-EN Toolbar" (C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll)
BHO\{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\tbSof2.dll)
BHO\{51884eba-69c3-6492-ee43-918f6074797d} - "profitmuse" (C:\windows\system32\50c5f8b5.dll)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 305 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 17 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 08/03/2011 06:02:40 (11917 Octet(s))
C:\Ad-Report-SCAN[1].txt - 08/03/2011 05:33:33 (13649 Octet(s))
C:\Ad-Report-SCAN[2].txt - 08/03/2011 05:37:16 (13714 Octet(s))
C:\Ad-Report-SCAN[3].txt - 08/03/2011 05:52:12 (13781 Octet(s))

Fin à: 06:04:13, 08/03/2011

============== E.O.F ==============

wwwiiilll
 Posté le 09/03/2011 à 11:50 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

All processes killed
Error: Unable to interpret <Instructions :> in the current context!
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-823518204-1060284298-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{437c4386-9237-441f-a940-009430030ee0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{437c4386-9237-441f-a940-009430030ee0}\ deleted successfully.
C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-823518204-1060284298-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4daac69c-cba7-45e2-9bc8-1044483d3352} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ deleted successfully.
C:\Program Files\Softonic_France\tbSof2.dll moved successfully.
Prefs.js: "Messenger Plus Live CA-EN Customized Web Search" removed from browser.search.defaultthis.engineName
C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{364d4e0c-543f-4b85-abe3-19551139da4f}\searchplugin folder moved successfully.
C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{364d4e0c-543f-4b85-abe3-19551139da4f}\META-INF folder moved successfully.
C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{364d4e0c-543f-4b85-abe3-19551139da4f}\lib folder moved successfully.
C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{364d4e0c-543f-4b85-abe3-19551139da4f}\defaults folder moved successfully.
C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{364d4e0c-543f-4b85-abe3-19551139da4f}\components folder moved successfully.
C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{364d4e0c-543f-4b85-abe3-19551139da4f}\chrome folder moved successfully.
C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{364d4e0c-543f-4b85-abe3-19551139da4f} folder moved successfully.
C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{437c4386-9237-441f-a940-009430030ee0}\searchplugin folder moved successfully.
C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{437c4386-9237-441f-a940-009430030ee0}\META-INF folder moved successfully.
C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{437c4386-9237-441f-a940-009430030ee0}\lib folder moved successfully.
C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{437c4386-9237-441f-a940-009430030ee0}\defaults folder moved successfully.
C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{437c4386-9237-441f-a940-009430030ee0}\components folder moved successfully.
C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{437c4386-9237-441f-a940-009430030ee0}\chrome folder moved successfully.
C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\wy4qi0e6.default\extensions\{437c4386-9237-441f-a940-009430030ee0} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{437c4386-9237-441f-a940-009430030ee0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{437c4386-9237-441f-a940-009430030ee0}\ not found.
File C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ not found.
File C:\Program Files\Softonic_France\tbSof2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51884eba-69c3-6492-ee43-918f6074797d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51884eba-69c3-6492-ee43-918f6074797d}\ deleted successfully.
C:\WINDOWS\system32\50c5f8b5.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{437c4386-9237-441f-a940-009430030ee0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{437c4386-9237-441f-a940-009430030ee0}\ not found.
File EN\tbMes1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4daac69c-cba7-45e2-9bc8-1044483d3352} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}\ not found.
File C:\Program Files\Softonic_France\tbSof2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-823518204-1060284298-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_USERS\S-1-5-21-823518204-1060284298-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{437C4386-9237-441F-A940-009430030EE0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{437C4386-9237-441F-A940-009430030EE0}\ not found.
File EN\tbMes1.dll not found.
Registry value HKEY_USERS\S-1-5-21-823518204-1060284298-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}\ not found.
File C:\Program Files\Softonic_France\tbSof2.dll not found.
C:\WINDOWS\system32\f8b114cd.exe moved successfully.
File C:\windows\System32\50c5f8b5.dll not found.
C:\WINDOWS\jestertb.dll moved successfully.
Unable to delete ADS C:\windows\System32\f8b114cd.exe:SummaryInformation .
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alain
->Temp folder emptied: 434886970 bytes
->Temporary Internet Files folder emptied: 510917 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 78920956 bytes
->Google Chrome cache emptied: 856432 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 12021 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 13689508 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 13689508 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4878292 bytes
->Java cache emptied: 779 bytes
->Flash cache emptied: 2099 bytes

User: NetworkService
->Temp folder emptied: 268830 bytes
->Temporary Internet Files folder emptied: 14101070 bytes
->Flash cache emptied: 4027 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8694184 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 743033794 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 17239749 bytes

Total Files Cleaned = 1,269.00 mb


[EMPTYFLASH]

User: Alain
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: HelpAssistant

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03092011_053555

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_d54.dat not found!
File move failed. C:\windows\temp\hlktmp scheduled to be moved on reboot.
File\Folder C:\windows\temp\Perflib_Perfdata_bd8.dat not found!

Registry entries deleted on Reboot...

wwwiiilll
 Posté le 09/03/2011 à 12:00 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
lakerda1967.sys
Submission date:
2011-03-09 10:59:09 (UTC)
Current status:

VT Community

not reviewed
Safety score: -
Antivirus Version Last Update Result
AhnLab-V3 2011.03.09.01 2011.03.09 -
AntiVir 7.11.4.132 2011.03.09 -
Antiy-AVL 2.0.3.7 2011.03.09 -
Avast 4.8.1351.0 2011.03.09 -
Avast5 5.0.677.0 2011.03.09 -
AVG 10.0.0.1190 2011.03.09 -
BitDefender 7.2 2011.03.09 -
CAT-QuickHeal 11.00 2011.03.09 -
ClamAV 0.96.4.0 2011.03.08 -
Commtouch 5.2.11.5 2011.03.09 -
Comodo 7925 2011.03.09 -
DrWeb 5.0.2.03300 2011.03.09 -
eSafe 7.0.17.0 2011.03.07 -
eTrust-Vet 36.1.8205 2011.03.09 -
F-Prot 4.6.2.117 2011.03.08 -
F-Secure 9.0.16440.0 2011.03.09 -
Fortinet 4.2.254.0 2011.03.09 -
GData 21 2011.03.09 -
Ikarus T3.1.1.97.0 2011.03.09 -
Jiangmin 13.0.900 2011.03.09 -
K7AntiVirus 9.92.4057 2011.03.08 -
McAfee 5.400.0.1158 2011.03.09 -
McAfee-GW-Edition 2010.1C 2011.03.09 -
Microsoft 1.6603 2011.03.09 -
NOD32 5938 2011.03.09 -
Norman 6.07.03 2011.03.08 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.03.09 -
PCTools 7.0.3.5 2011.03.09 -
Prevx 3.0 2011.03.09 -
Rising 23.48.02.03 2011.03.09 -
Sophos 4.63.0 2011.03.09 -
SUPERAntiSpyware 4.40.0.1006 2011.03.09 -
Symantec 20101.3.0.103 2011.03.09 -
TheHacker 6.7.0.1.146 2011.03.08 -
TrendMicro 9.200.0.1012 2011.03.09 -
TrendMicro-HouseCall 9.200.0.1012 2011.03.09 -
VBA32 3.12.14.3 2011.03.09 -
VIPRE 8644 2011.03.09 -
ViRobot 2011.3.9.4349 2011.03.09 -
VirusBuster 13.6.241.0 2011.03.08
wwwiiilll
 Posté le 09/03/2011 à 12:12 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5983

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/9/2011 6:02:09
mbam-log-2011-03-09 (06-02-08).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 183011
Temps écoulé: 9 minute(s), 12 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

merci pour ton aides

Fill
 Posté le 09/03/2011 à 12:22 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re,

Ca devrait déjà aller beaucoup mieux.

1/

  • Désactive temporairement ton antivirus,
  • Zippe le contenu de ce dossier : C:\_OTL en ajoutant ce mot de passe à l'archive : infecte
  • Pour cela, ouvre le poste de travail>C:
  • Fais un clic droit sur _OTL puis choisis ton archiveur habituel en utilisant les options avancées afin d'ajouter un mot de passe à l'archive (7zip, winrar, winzip par exemple...).
  • Crée une archive protégée par mot de passe du dossier C:\_OTL,
  • Fais-moi parvenir l'archive C:\_OTL.zip à cette adresse Email : fred.foster-coufu0rn@yopmail.com
  • Supprime l'archive créée et vide ta corbeille,
  • Réactive ton antivirus.

2/ Fais une analyse en ligne en suivant ce tuto et édite le rapport.

Fill



Modifié par Fill le 09/03/2011 12:23
Publicité
Pages : [1] 2 ... Fin
Page 1 sur 2 [Fin]

Vous devez être connecté pour participer à la discussion.
Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !
Recevoir PC Astuces par e-mail


La Lettre quotidienne +226 000 inscrits
Avec l'actu, des logiciels, des applis, des astuces, des bons plans, ...

Les bonnes affaires
Une fois par semaine, un récap des meilleurs offres.

Les fonds d'écran
De jolies photos pour personnaliser votre bureau. Une fois par semaine.

Les nouveaux Bons Plans
Des notifications pour ne pas rater les bons plans publiés sur le site.

Les bons plans du moment PC Astuces

Tous les Bons Plans
179,99 €Tablette Lenovo TAB M10 Plus X606 (FullHD, 8 coeurs, 4 Go RAM, 64 Go stockage, Android 9) à 179,99 €
Valable jusqu'au 06 Mai

Amazon fait une promotion sur la tablette Lenovo M10 Plus qui passe à 179,99 € livrée gratuitement alors qu'on la trouve ailleurs autour de 210 €. Cette tablette possède un écran FullHD de 10,3 pouces IPS (1920x1200), un processeur octo-core MediaTek Helio P22T, 4 Go de mémoire vive, ainsi que 64 Go de stockage interne extensible par MicroSD. La tablette dispose d'une grande batterie de 7 000 mAh et d'un port USB-C, du Bluetooth 5.0 et du WiFi AC. Le tout tourne sous Android 9.0.


> Voir l'offre
13,79 €Barre de son PC ELEGIANT USB / jack 3.5 mm 2x3W avec contrôle de volume à 13,79 € (via coupon)
Valable jusqu'au 07 Mai

Amazon fait une vente flash sur la barre de son PC ELEGIANT USB 2x3W avec contrôle de volume à 13,79 €. Pensez à cocher la case Utiliser le coupon de 10% pour baisser encore le prix de la vente flash. Alimentation via USB et audio par la prise jack 3.5 mm.


> Voir l'offre
102,18 €Disque dur externe USB 3.0 Seagate 6 To à 102,18 € livré
Valable jusqu'au 08 Mai

Amazon Allemagne propose actuellement le disque dur Seagate Expansion Desktop Drive 6 To à 95,80 € (avec la TVA ajustée). Comptez 6,38 € pour la livraison en France soit un total de 102,18 € livré alors qu'on le trouve ailleurs à partir de 120 €. Le disque est non soudé et vous pourrez le récupérer pour l'utiliser dans un ordinateur, un NAS, etc. 

Vous pouvez utiliser votre compte Amazon France sur Amazon Allemagne et il n'y a pas de douane. 


> Voir l'offre

Sujets relatifs
infection par adware et PUP
Ultra Adware Killer
comment supprimer l'adware "ad by name"
infection par PUP optionnal et Adware.Boxore
pc infecté par adware boxore
Lenovo et adware VisualDiscovery / VisualSearch
Écran déformé après la désinstallation de Maps Galaxy (nul, adware)
Google supprime un adware dangereux
adWare WIndapp
Adware.SmileyBar
Plus de sujets relatifs à Adware Primawega
 > Tous les forums > Forum Sécurité