Des fenêtres internet explorer souvrent toutes seules quand je les ferme pc plan
Dernière réponse : dans Sécurité
je suis un vieux débutant et mon problème commence à me donner des maux de tête. Voilà lorsque j'allume mon pc, sur mon bureau s'affiche " c:\Program files\logitech\.. windows ne parvient pas à accéder au périphérique etc.. puis une fenêtre internet explorer s'ouvre sans aucune demande de ma part et lorsque je la ferme mon pc plante. je pense bien sûr à un virus mais mister Mc Afee ne détecte rien. Merci de me donner un coup de main! j'ajoute que lorsque je déconnecte internet aucune fenêtre ne s'ouvre.
Autres pages sur : fenetres internet explorer souvrent seules ferme plan
Lassé par la pub ? Créez un compte
Salut, on va voir ça ensemble si tu veux bien ![;)]( ";)")
![]()
Pour le bon déroulement de la désinfection :[/#ff] ![]()
Utilise le moins possible ton PC pendant la procédure, afin de faciliter la désinfection.
Suis les procédures données, mais ne tente rien par toi-même : si il y a un souci pendant une procédure, fais-m'en part plutôt que de cliquer au hasard et provoquer une panne sur ton système.
Si tu suis déjà une procédure sur un autre forum, merci de le signaler, il est important de ne suivre qu'une seule désinfection à la fois.
Même si les symptômes de l'infection ont disparu, le PC n'est pas forcément clean : attends bien que l'on t'ait dit que le PC est désinfecté avant de l'utiliser à nouveau.
Même si les désinfections sont faites par des personnes ayant des connaissances approfondies dans la désinfection, il est toujours possible que ton PC plante. Pense à bien sauvegarder tes données ![;)]( ";)")
Pour finir, sache que je suis actuellement en formation, ce qui signifie que mes réponses doivent être validées par un helper confirmé avant de les poster, le temps entre mes réponses pourrait donc être allongé.
Si tu es prêt(e), allons-y :
Ensuite :
![]()
[#ff9000]Diagnostic :
Télécharge ![]()
OTL (de [#ff9000]OldTimer[/#ff]) sur ton Bureau.
Si tu es sous XP, double-clique dessus pour le lancer, si tu es sous Vista/7, fais un clic droit dessus et fais Exécuter en tant qu'administrateur pour le lancer.
Une fenêtre apparaît.
Coche la case : Tous les utilisateurs
Coche les cases correspondant à la Recherche LOP et à la Recherche Purity (En bleu vers le bas de la fenêtre).
Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.
Enfin, clique sur le bouton Analyse. Pendant la durée du scanne, ne touche à rien. Le scan prendra quelques temps.
A la fin du scan, deux rapports s'ouvriront : OTL.Txt et Extras.Txt. Copie/colle ici l'ensemble des rapports.
Pour les rapports, qui ont tendance à être trop longs pour le forum, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
__________________
Pour le bon déroulement de la désinfection :[/#ff] __________________
Si tu es prêt(e), allons-y :
Ensuite :
[#ff9000]Diagnostic :netsvcs
msconfig
drivers32
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.dll /lockedfiles
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
iexplore.exe
/md5stop
CREATERESTOREPOINT
msconfig
drivers32
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.dll /lockedfiles
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
iexplore.exe
/md5stop
CREATERESTOREPOINT
Pour les rapports, qui ont tendance à être trop longs pour le forum, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
tout d'abord merci pour l'aide, le travail se fait sur mon pc pendant que je te réponds sur le portable de mon gars. nous les anciens, tout nous épate!
pendant que OTL fait le boulot mc afee a détecté un programme qui tente d'entrer "rx2.exe" qui tente d'accepter des connexions entrantes. que fais-je? je bloque, j'autorise? OTL bosse toujours
pendant que OTL fait le boulot mc afee a détecté un programme qui tente d'entrer "rx2.exe" qui tente d'accepter des connexions entrantes. que fais-je? je bloque, j'autorise? OTL bosse toujours
j'ai ça!
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.dll /lockedfiles
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
iexplore.exe
/md5stop
est-ce que cela convient?
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.dll /lockedfiles
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
iexplore.exe
/md5stop
est-ce que cela convient?
Salut, rx2.exe est un virus, donc bloque-le avec MCAfee le temps qu'on le supprime.
Non, le rapport que tu m'as affiché n'est pas le bon![;)]( ";)")
Si les rapports ne s'affichent pas, dans ce cas tu peux les afficher manuellement, ils se trouvent dans le dossier dans lequel tu as mis OTL.exe (dans tes téléchargements par exemple), ils s'appellent OTL.txt et Extras.txt.
![:hello:]( ":hello:")
Non, le rapport que tu m'as affiché n'est pas le bon
Si les rapports ne s'affichent pas, dans ce cas tu peux les afficher manuellement, ils se trouvent dans le dossier dans lequel tu as mis OTL.exe (dans tes téléchargements par exemple), ils s'appellent OTL.txt et Extras.txt.
ça y est!! j'ai trouvé!!
OTL logfile created on: 21/05/2011 11:03:15 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\philippe\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,15 Gb Total Space | 19,24 Gb Free Space | 13,83% Space Free | Partition Type: NTFS
Drive F: | 142,94 Gb Total Space | 84,06 Gb Free Space | 58,81% Space Free | Partition Type: NTFS
Computer Name: PC-DE-PHILIPPE | User Name: philippe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/21 11:00:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
PRC - [2011/05/19 21:43:20 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/05/19 21:34:36 | 000,148,480 | ---- | M] () -- C:\Windows\Temp\Rx2.exe
PRC - [2011/05/19 21:34:32 | 000,152,576 | ---- | M] () -- C:\Windows\Temp\Rx0.exe
PRC - [2011/05/19 17:34:19 | 000,033,280 | ---- | M] (Yhkgmurv Software) -- C:\Windows\Temp\egio\setup.exe
PRC - [2011/05/10 09:38:19 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/03/21 23:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/09 14:30:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/03/09 14:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/28 18:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2010/08/19 14:27:36 | 001,281,696 | ---- | M] (Freecompressor) -- C:\Program Files\FreeCompressor\spointer\freecompressor_air.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/23 18:52:06 | 000,206,112 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/25 13:31:40 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008/04/25 13:31:24 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2008/04/25 13:30:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/04 23:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/01/29 12:25:10 | 000,598,016 | ---- | M] () -- C:\Program Files\bin32\nSvcAppFlt.exe
PRC - [2008/01/29 12:24:46 | 000,163,840 | ---- | M] () -- C:\Program Files\bin32\nSvcIp.exe
PRC - [2006/11/13 14:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
PRC - [2005/01/18 17:37:30 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
========== Modules (SafeList) ==========
MOD - [2011/05/21 11:00:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2008/07/23 18:52:10 | 000,012,576 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\saHook.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/05/19 17:34:19 | 000,033,280 | ---- | M] (Yhkgmurv Software) [Auto | Start_Pending] -- C:\Windows\TEMP\egio\setup.exe -- (AMService)
SRV - [2011/05/19 15:34:26 | 000,795,648 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\tafwyfiw.dll -- (ouvhtwgy)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/03/09 14:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/10/07 22:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/07/23 18:52:06 | 000,206,112 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/04/25 13:30:26 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/29 12:25:10 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/01/29 12:24:46 | 000,163,840 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2006/11/13 14:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)
========== Driver Services (SafeList) ==========
DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/03 14:19:39 | 000,864,384 | ---- | M] (ITE Technologies ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF9035HB.sys -- (AF9035HB)
DRV - [2009/09/08 10:40:14 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2009/04/30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/09/29 18:12:04 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/04/22 02:49:00 | 007,451,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/04/22 02:49:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/01/29 07:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/25 14:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/09/25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/06/29 16:32:08 | 000,611,584 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2006/12/07 15:55:40 | 000,017,024 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005/01/31 10:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 10:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=v...
IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/03 02:04:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\freecompressor@spointer.com: C:\Program Files\FreeCompressor\spointer\extensions\freecompressor@spointer.com [2010/10/16 19:23:05 | 000,000,000 | ---D | M]
[2010/08/06 14:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions
[2010/08/06 14:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/07/15 19:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions\MediaCoder
[2010/07/14 08:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions\MediaCoder-MCEX
Hosts file not found
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll ()
O2 - BHO: () - {341A541E-0313-E4B7-0D8E-95E65828470D} - C:\Windows\System32\tafwyfiw.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110515031129.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Interest recogniser for Freecompressor (powered by Spointer)) - {a83c3565-302c-4bf8-b000-6b6f1811d892} - C:\Program Files\FreeCompressor\spointer\extensions\freecompressor_air_ie.dll (Freecompressor)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] File not found
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Metropolis] C:\Windows\TEMP\sshnas21.dll (Simon Tatham)
O4 - HKU\.DEFAULT..\Run: [SNJQ66R8MU] C:\Windows\Temp\Rx1.exe ()
O4 - HKU\S-1-5-18..\Run: [Metropolis] C:\Windows\TEMP\sshnas21.dll (Simon Tatham)
O4 - HKU\S-1-5-18..\Run: [SNJQ66R8MU] C:\Windows\Temp\Rx1.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [EPSON Stylus DX4000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [Lpizokesiko] C:\Users\philippe\AppData\Local\ncoral.dll (Acronis)
O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\..Trusted Domains: localhost ([]http in Computer)
O15 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\..Trusted Ranges: GD ([http] in Computer)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\uximert: DllName - C:\Windows\system32\config\systemprofile\AppData\Local\uximert.dll - C:\Windows\System32\config\systemprofile\AppData\Local\uximert.dll ()
O24 - Desktop WallPaper: C:\Users\philippe\Pictures\voyage de noce\guadeloupe\guadeloupe\DSCF1191.JPG
O24 - Desktop BackupWallPaper: C:\Users\philippe\Pictures\voyage de noce\guadeloupe\guadeloupe\DSCF1191.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{70d092e9-b928-11de-9a0f-001d72b264bd}\Shell - "" = AutoRun
O33 - MountPoints2\{70d092e9-b928-11de-9a0f-001d72b264bd}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{9e067bf7-3d6d-11de-8d6c-001d72b264bd}\Shell - "" = AutoRun
O33 - MountPoints2\{9e067bf7-3d6d-11de-8d6c-001d72b264bd}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ouvhtwgy - C:\Windows\System32\tafwyfiw.dll ()
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: MAGIXautostart - hkey= - key= - File not found
MsConfig - StartUpReg: MediaDICO4Ut - hkey= - key= - C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe (L'Aventure Multimedia)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - State: "startup" - 2
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/05/21 11:00:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
[2011/05/21 10:58:02 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{15E587AC-9B11-4BD2-9E18-430105445A64}
[2011/05/20 18:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/05/20 16:33:04 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{4022702F-652C-4143-B756-72D3CF208649}
[2011/05/20 15:03:53 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{F3FEA8F1-0795-48E8-9F54-36B592E7255F}
[2011/05/19 23:34:09 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/05/18 10:21:44 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{DC64B650-7AD5-4940-908F-90067B28DC03}
[2011/05/15 12:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/05/15 09:16:47 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{09FFEFD3-EA6E-452F-BF5A-89506ED6AB3F}
[2011/05/14 11:37:04 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{9B8F0C3B-1BE0-4DD9-9468-84D4BD0FC591}
[2011/05/10 09:38:12 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{248325FA-D235-469D-B0D3-648FF63C16D1}
[2011/04/30 03:55:47 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{B4DA6ABC-A04E-4292-BB13-6BC8715676F7}
[2011/04/29 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{9BF4B707-EACC-4C0F-A78F-C73C3BF3F43C}
[2011/04/27 11:07:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 11:07:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 11:07:26 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/08/07 23:23:03 | 000,095,744 | ---- | C] (Acronis) -- C:\Users\philippe\AppData\Local\ncoral.dll
[2008/10/05 11:33:00 | 002,741,248 | ---- | C] (Antonio Da Cruz) -- C:\Program Files\PhotoFiltre.exe
[2008/07/22 10:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
========== Files - Modified Within 30 Days ==========
[2011/05/21 11:01:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/21 11:00:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
[2011/05/21 11:00:44 | 000,094,208 | ---- | M] () -- C:\Users\philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/21 10:57:02 | 000,000,256 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/05/21 10:38:02 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/05/21 10:09:01 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/21 10:09:01 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/21 04:01:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/20 18:14:21 | 000,678,804 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/05/20 18:14:21 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/20 18:14:21 | 000,126,420 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/05/20 18:14:21 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/20 18:11:53 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/05/20 18:08:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/20 14:34:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/05/19 23:34:00 | 307,961,004 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/19 15:34:26 | 000,795,648 | ---- | M] () -- C:\Windows\System32\tafwyfiw.dll
[2011/05/17 16:25:37 | 001,708,730 | ---- | M] () -- C:\Users\philippe\Desktop\marie madeleine phil-said.mp3
[2011/05/15 19:15:55 | 002,596,379 | ---- | M] () -- C:\Users\philippe\Documents\celineadrien.odp
[2011/05/15 12:40:16 | 000,005,033 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2011/05/15 12:37:44 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/05/12 13:32:54 | 005,425,215 | ---- | M] () -- C:\Users\philippe\Documents\Catalogue FC IFEN 2012.pdf
[2011/05/12 13:31:16 | 000,064,441 | ---- | M] () -- C:\Users\philippe\Documents\BT276.pdf
[2011/05/07 13:19:07 | 000,000,196 | ---- | M] () -- C:\Users\philippe\Desktop\Messenger.url
[2011/05/07 06:21:31 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2011/05/06 11:49:14 | 000,266,833 | ---- | M] () -- C:\Users\philippe\Documents\CV THIBAULT.pdf
[2011/05/03 16:32:48 | 000,385,493 | ---- | M] () -- C:\Users\philippe\Documents\dictons_cons.pdf
========== Files Created - No Company Name ==========
[2011/05/19 23:48:09 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/05/19 23:34:00 | 307,961,004 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/19 21:34:39 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/05/19 21:34:35 | 000,000,256 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/05/19 15:34:26 | 000,795,648 | ---- | C] () -- C:\Windows\System32\tafwyfiw.dll
[2011/05/17 16:25:22 | 001,708,730 | ---- | C] () -- C:\Users\philippe\Desktop\marie madeleine phil-said.mp3
[2011/05/15 19:15:49 | 002,596,379 | ---- | C] () -- C:\Users\philippe\Documents\celineadrien.odp
[2011/05/15 12:37:44 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/05/12 13:32:53 | 005,425,215 | ---- | C] () -- C:\Users\philippe\Documents\Catalogue FC IFEN 2012.pdf
[2011/05/12 13:31:16 | 000,064,441 | ---- | C] () -- C:\Users\philippe\Documents\BT276.pdf
[2011/05/06 11:49:13 | 000,266,833 | ---- | C] () -- C:\Users\philippe\Documents\CV THIBAULT.pdf
[2011/05/03 16:32:48 | 000,385,493 | ---- | C] () -- C:\Users\philippe\Documents\dictons_cons.pdf
[2010/10/15 18:55:02 | 000,000,680 | ---- | C] () -- C:\Users\philippe\AppData\Local\d3d9caps.dat
[2010/09/03 18:50:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/08 17:37:56 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/07/08 17:37:48 | 000,094,208 | ---- | C] () -- C:\Users\philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/08 17:16:28 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2010/05/14 17:08:23 | 000,001,000 | ---- | C] () -- C:\Windows\posteriza.INI
[2010/05/13 03:06:57 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/05/10 11:06:35 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/04/30 16:41:37 | 000,031,007 | ---- | C] () -- C:\Users\philippe\AppData\Roaming\UserTile.png
[2010/04/14 16:26:37 | 002,322,096 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
[2010/04/14 16:26:37 | 000,030,208 | ---- | C] () -- C:\Windows\System32\iolobtdfg.exe
[2010/04/14 16:26:37 | 000,012,288 | ---- | C] () -- C:\Windows\System32\smrgdf.exe
[2010/04/14 16:23:55 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2010/03/10 20:16:08 | 000,000,059 | ---- | C] () -- C:\Windows\RUNAWAY.INI
[2009/12/31 12:10:23 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll
[2009/12/02 13:45:19 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009/12/01 20:31:43 | 000,000,118 | ---- | C] () -- C:\Users\philippe\AppData\Roaming\wklnhst.dat
[2009/10/20 16:41:34 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.68-8876480L.exe
[2009/10/02 19:06:45 | 000,000,056 | ---- | C] () -- C:\Windows\iltwain.ini
[2009/09/25 15:33:08 | 000,000,000 | ---- | C] () -- C:\Windows\ka.ini
[2009/08/07 23:23:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/07 23:23:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/18 16:52:06 | 000,001,972 | ---- | C] () -- C:\Windows\Media4Ut.ini
[2009/06/05 15:37:11 | 000,000,040 | ---- | C] () -- C:\Windows\NAVIGMA.INI
[2009/06/02 18:08:36 | 000,000,571 | ---- | C] () -- C:\Windows\eReg.dat
[2009/05/26 17:04:22 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/05/26 17:03:28 | 000,000,073 | ---- | C] () -- C:\Windows\magix.ini
[2009/05/19 16:42:44 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2009/05/19 16:24:17 | 000,000,032 | ---- | C] () -- C:\Windows\CDMKR32.INI
[2009/05/17 18:18:13 | 000,000,050 | ---- | C] () -- C:\Windows\Sierra.ini
[2009/05/08 17:28:21 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/05/08 17:28:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/05/08 17:28:16 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/08 17:28:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/08 17:28:14 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/04/10 08:57:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/09 23:30:27 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/04/09 23:30:26 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/04/09 23:30:26 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/04/09 23:30:26 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/04/09 23:30:26 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/04/09 23:30:26 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/04/09 23:30:26 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/04/09 23:30:26 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/04/09 23:30:26 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/04/09 23:30:26 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/04/09 23:30:26 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/04/09 23:30:26 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/04/09 23:30:26 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/04/09 23:30:26 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/04/09 23:30:26 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/04/09 23:30:26 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/04/09 23:30:26 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/04/09 23:30:26 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/04/09 23:30:26 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/04/09 23:18:18 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4000EFDG.ini
[2008/05/09 04:32:23 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/05/09 04:32:23 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/05/09 03:53:15 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/05/09 03:43:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/05/09 03:43:57 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/05/09 03:32:41 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/01/21 10:40:50 | 000,678,804 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2008/01/21 10:40:50 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2008/01/21 10:40:50 | 000,126,420 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2008/01/21 10:40:50 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2008/01/21 04:23:50 | 000,151,296 | ---- | C] () -- C:\Windows\System32\ztbbpbpj.dat
[2008/01/21 04:23:50 | 000,135,936 | ---- | C] () -- C:\Windows\System32\ofeppxyi.dat
[2008/01/21 04:23:50 | 000,034,560 | ---- | C] () -- C:\Windows\System32\amformoe.dat
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 000,376,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/11 00:32:18 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2006/10/11 00:32:18 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2005/08/29 10:43:34 | 000,008,073 | ---- | C] () -- C:\Program Files\PhotoMasque.htm
[2005/08/18 10:21:52 | 000,033,369 | ---- | C] () -- C:\Program Files\PhotoFiltre.htm
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
========== LOP Check ==========
[2008/05/09 04:04:50 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008/05/09 04:04:50 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2009/12/07 14:50:47 | 000,000,000 | -HSD | M] -- C:\Users\philippe\AppData\Roaming\.#
[2008/05/09 04:04:50 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Acer GameZone Console
[2009/12/09 15:42:35 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Amazon
[2009/12/31 11:56:17 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Apowersoft
[2010/07/13 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Broad Intelligence
[2010/01/21 22:56:48 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\CoSoSys
[2010/09/09 01:09:39 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\CVitae
[2009/05/27 15:55:57 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\EPSON
[2009/05/02 15:34:00 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\eSobi
[2009/04/12 12:09:53 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\FloodLightGames
[2010/05/10 11:06:38 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\FreeAudioPack
[2010/10/16 19:23:34 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\freeCompressor
[2011/05/18 10:49:33 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\FreeVideoConverter
[2009/05/11 22:30:15 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Gaijin Ent
[2009/04/23 17:43:10 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Gamelab
[2011/01/04 16:29:25 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\GlarySoft
[2009/04/23 13:17:24 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Home Sweet Home
[2009/06/22 16:28:26 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Home Sweet Home 2
[2010/04/14 16:50:38 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\iolo
[2009/05/09 19:17:48 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\iWin
[2009/11/03 14:38:37 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Leadertech
[2009/05/11 22:00:33 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\OpenOffice.org
[2010/04/30 16:41:37 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\PeerNetworking
[2010/12/15 16:36:37 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\PhotoFiltre
[2010/08/30 17:24:20 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\PhotoScape
[2009/06/26 12:21:01 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\PlayFirst
[2009/05/06 15:40:36 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Sony
[2009/12/01 20:31:59 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Template
[2010/08/06 14:37:21 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\TomTom
[2010/05/22 13:20:33 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\VampireSaga
[2010/11/09 17:38:39 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\VirginMega.DownloadManager.v3.4AE6D9B37411D7D7A2C457954142B8FA4EE6E198.1
[2011/02/18 19:41:52 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Windows Live Writer
[2011/05/20 16:03:52 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/21 10:57:02 | 000,000,256 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/05/21 10:38:02 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
========== Purity Check ==========
========== Custom Scans ==========
< %APPDATA%\*. >
[2009/12/07 14:50:47 | 000,000,000 | -HSD | M] -- C:\Users\philippe\AppData\Roaming\.#
[2008/05/09 04:04:50 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Acer GameZone Console
[2011/05/19 15:19:52 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Adobe
[2009/12/09 15:42:35 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Amazon
[2009/12/31 11:56:17 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Apowersoft
[2010/04/17 11:48:08 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Apple Computer
[2010/09/12 20:29:26 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\ArcSoft
[2010/07/13 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Broad Intelligence
[2010/01/21 22:56:48 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\CoSoSys
[2010/09/09 01:09:39 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\CVitae
[2011/03/03 14:39:52 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\CyberLink
[2010/09/11 17:09:09 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\DivX
[2011/05/17 15:17:25 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\dvdcss
[2009/05/27 15:55:57 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\EPSON
[2009/05/02 15:34:00 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\eSobi
[2009/04/12 12:09:53 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\FloodLightGames
[2010/05/10 11:06:38 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\FreeAudioPack
[2010/10/16 19:23:34 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\freeCompressor
[2011/05/18 10:49:33 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\FreeVideoConverter
[2009/05/11 22:30:15 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Gaijin Ent
[2009/04/23 17:43:10 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Gamelab
[2011/01/04 16:29:25 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\GlarySoft
[2009/04/10 08:56:48 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Google
[2010/09/18 16:17:04 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Help
[2009/04/23 13:17:24 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Home Sweet Home
[2009/06/22 16:28:26 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Home Sweet Home 2
[2009/04/09 22:27:44 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Identities
[2009/05/06 15:19:59 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\InstallShield
[2010/04/14 16:50:38 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\iolo
[2009/05/09 19:17:48 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\iWin
[2009/11/03 14:38:37 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Leadertech
[2009/04/09 22:28:08 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Macromedia
[2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Media Center Programs
[2010/11/16 15:00:08 | 000,000,000 | --SD | M] -- C:\Users\philippe\AppData\Roaming\Microsoft
[2010/07/14 08:38:18 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Mozilla
[2009/05/11 22:00:33 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\OpenOffice.org
[2010/04/30 16:41:37 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\PeerNetworking
[2010/12/15 16:36:37 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\PhotoFiltre
[2010/08/30 17:24:20 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\PhotoScape
[2009/06/26 12:21:01 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\PlayFirst
[2011/05/20 18:09:40 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Skype
[2011/03/28 16:07:50 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\skypePM
[2009/05/06 15:40:36 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Sony
[2009/12/01 20:31:59 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Template
[2010/08/06 14:37:21 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\TomTom
[2010/11/08 13:08:11 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\U3
[2010/05/22 13:20:33 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\VampireSaga
[2010/11/09 17:38:39 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\VirginMega.DownloadManager.v3.4AE6D9B37411D7D7A2C457954142B8FA4EE6E198.1
[2011/04/20 14:03:47 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\vlc
[2011/02/18 19:41:52 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\Windows Live Writer
[2009/07/03 21:16:21 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2010/11/09 17:37:38 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\philippe\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010/02/27 16:11:28 | 000,010,134 | R--- | M] () -- C:\Users\philippe\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2008/05/04 17:02:26 | 004,603,904 | ---- | M] () -- C:\Users\philippe\AppData\Roaming\U3\26056216AEC319E8\LaunchPad.exe
[2007/10/23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\philippe\AppData\Roaming\U3\temp\cleanup.exe
[2008/05/02 11:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\philippe\AppData\Roaming\U3\temp\Launchpad Removal.exe
< %SYSTEMDRIVE%\*.* >
[2006/09/18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/05/08 21:20:09 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/04/24 07:39:33 | 000,000,051 | ---- | M] () -- C:\EventLOG.txt
[2009/05/08 17:42:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/20 16:41:43 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log
[2009/05/08 17:42:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/20 18:08:51 | 3265,060,864 | -HS- | M] () -- C:\pagefile.sys
[2008/05/09 03:44:29 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2008/01/21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\*.dll /lockedfiles >
[2011/02/15 15:34:36 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2011/02/15 15:34:36 | 000,223,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2011/02/15 15:34:37 | 000,117,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
< MD5 for: EXPLORER.EXE >
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: IEXPLORE.EXE >
[2009/01/15 06:14:36 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=0844F5B9CB3BB85A917D347EF1565B6C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[2008/02/22 04:44:11 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=182CAF7403705ACCB51211A761080B8F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
[2009/11/21 08:42:38 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=1B6362BB14FCEB9E76BCF9A953B04788 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
[2009/03/03 06:18:52 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=1DD66A2851DACDEC32EAE8F9A8865ABD -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
[2009/04/24 18:25:27 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1F44940EF1D07D0BDAF80E55853DFBD0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
[2010/02/23 17:06:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=25DB705A7DC85C208B3CF2D20F118AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
[2009/04/11 08:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[2009/08/27 07:23:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=2E48756F12C21F46895036AC089AAD97 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
[2010/01/02 16:58:26 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=3D8DA00B028DEA9517066F1CECBFC4A2 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
[2010/05/04 08:32:18 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=48A6109E8DF0365195298CC527B7426A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
[2010/09/08 08:26:34 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4A719476A6393B1DCACFEB4F3AC6599C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_129abb204913e7b2\iexplore.exe
[2009/07/22 08:04:09 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4B5AEA50CE77FBA4C2D169622DC9B489 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe
[2008/01/21 04:23:50 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[2010/05/04 08:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5C9B1062EA7A44E8F6BFDE994B68C7AA -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
[2010/06/26 08:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7420BE0E7D3D1320054F7ACA0594953D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
[2009/08/27 15:31:08 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=7DD482E4A2E3CBB0A72F718C342F5B75 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
[2010/01/02 08:40:20 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=88BD42DAE7CFFEB256CA7145A15E4843 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
[2009/03/03 06:32:44 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=8BA2B7A05F88BE0D45237A0994AD8366 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
[2008/02/21 06:43:03 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9437CA21CD48C9B6BFD6F5AC0143D251 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
[2009/03/03 06:40:22 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=9E6C1527D9A2C64BFD780AA23075380F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
[2010/02/23 08:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9F52FBE99C749E3F32C75124F09F1B03 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
[2009/03/08 23:09:24 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
[2011/02/15 15:34:38 | 000,745,784 | ---- | M] (Microsoft Corporation) MD5=BA4F0F6D114A44F51893C5206DD5A4CA -- C:\Program Files\Internet Explorer\iexplore.exe
[2011/02/15 15:34:38 | 000,745,784 | ---- | M] (Microsoft Corporation) MD5=BA4F0F6D114A44F51893C5206DD5A4CA -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8080.16413_none_8158bf363a0cd3f3\iexplore.exe
[2009/07/21 23:53:43 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=C33BD196A0301F9B23D9A003D30ED8B0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe
[2009/04/24 18:03:18 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D5271AC4A06AD9D1E2EA0151B79B2657 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
[2010/09/08 08:02:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=D5A730DFDEAE005373E62BC2A866E3BB -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_120477992ffffb10\iexplore.exe
[2009/04/24 18:01:36 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D6157423C117F24D24695866A1D0A93F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
[2009/11/21 17:05:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=E7F8DF50E483D165BB01F367D3519AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
[2009/03/03 06:22:10 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=EA4BE33726155F89D89A3FE7142878E0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
[2010/06/26 08:52:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=F05B3A2C6CB319DD1377AD566CF5ECE5 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
[2009/01/15 06:18:47 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=F0B1CA517977BA2FF6DA33F1B966C488 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
[2009/04/24 18:08:04 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=F294D8EEB05C835EC44A12CE0A1DFE7A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe
< MD5 for: SVCHOST.EXE >
[2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.180
Salut, le rapport n'est pas complet ![;)]( ";)")
Et il me manque extras.txt![;)]( ";)")
IMPORTANT :
Pour les rapports, qui ont tendance à être trop longs pour le forum, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
Et il me manque extras.txt
IMPORTANT :
Pour les rapports, qui ont tendance à être trop longs pour le forum, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
voilà lasuite,extra txt ici:
http://www.cijoint.fr/cjlink.php?file=cj201105/cijdlB8e...
merci encore
http://www.cijoint.fr/cjlink.php?file=cj201105/cijdlB8e...
merci encore
Yop,
La suite![:)]( ":)")
tu es infecté par pas mal de choses, dont une backdoor spigot et searchsettings.
1)
![]()
Scan Ad-Remover
Télécharge ![]()
Ad-Remover (de C_XX[/#ff]) sur ton Bureau.
![]()
[#ff0000]Déconnecte-toi et ferme toutes applications en cours[/#ff] ![]()
Double-clique sur AD-R présent sur ton bureau. (Clic droit -> "Exécuter en tant qu'administrateur" pour VISTA/7)
Patiente jusqu'à l'apparition du menu principal. A partir de là, clique sur Scanner. On te demandera de confirmer, clique sur Oui et patiente jusqu'à la fin du scan.
![]()
[#ff0000]Laisse travailler l'outil [/#ff] ![]()
Une fenêtre contenant le rapport va s'ouvrir, poste-moi le rapport dans ta prochaine réponse.
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
Ensuite clique sur Quitter pour fermer Ad-Remover.
Note : Le rapport que Ad-Remover viens de générer se trouve ici : C:\Ad-Report-SCAN
[#ff9d00]Pour t'aider : ![]()
Tuto sur AD-R
2)
![]()
Fix OTL :[/#ff]
Relance OTL.exe.
Copie exactement le texte ci-dessous :
Colle-le dans le cadre Personnalisation en bas à gauche.
Clique sur le bouton [#ff9000]Correction[/#ff] en haut à gauche.
Si le pc te demande de redémarrer, confirme l'opération.
Un rapport après le redémarrage va apparaître, copie/colle-le dans ta prochaine réponse.
3)
![]()
[#ff9000]Analyse et suppression des logiciels malveillants
Télécharge ![]()
Malwarebytes' Anti-Malware (MBAM) (de Marcin Kleczynski et Bruce Harriss).
Installe-le, puis mets bien à jour le programme à la fin de l'installation.
Une fois l'opération terminée, MBAM se lance. Vérifie que la case Examen rapide est bien cochée, puis appuye sur Rechercher (encadré en rouge dans l'image ci-dessous )
![]()
A la fin de l'analyse, un message va s'afficher :
Clique sur OK pour continuer. Si MBAM n'a rien trouvé, fais-le moi savoir et quitte le programme.
Si il a trouvé des malwares (donc si tu obtiens le message "Afficher les résultats' pour afficher tous les objets trouvés"), continue :
![]()
Ferme toutes les applications en cours (à part MBAM) [/#ff] ![]()
Clique sur Afficher les résultats.
Coche toutes les cases et clique sur Supprimer la sélection. Ainsi, les malwares vont être mis en quarantaine.
Un rapport va s'afficher. Colle ce rapport dans ta prochaine réponse stp ![;)]( ";)")
[#ffb200]Pour t'aider : ![]()
Tuto sur MBAM
4)
Va sur le site Virustotal , un site qui analyse des fichiers avec tous les antivirus présents sur le marché.
Clique sur Choisissez un fichier .
Dans la fenêtre qui s'ouvre alors, en bas, il est marqué Nom du fichier . Mets alors
Appuie sur Ouvrir , puis clique sur Envoyer le fichier .
Attends quelques secondes. Si c'est marqué que le fichier a déjà été analysé, clique sur Reanalyser le fichier maintenant .
Ton fichier est alors analysé. Attends bien que ce soit marqué Situation actuelle : terminé .
Sélectionne le tableau (avec les anti-virus, la version, la dernière mise à jour, le résultat), et Colle-le dans ta prochaine réponse stp .
Fais de même avec
La suite
tu es infecté par pas mal de choses, dont une backdoor spigot et searchsettings.
1)
Scan Ad-Remover
Ad-Remover (de C_XX[/#ff]) sur ton Bureau. [#ff0000]Déconnecte-toi et ferme toutes applications en cours[/#ff] [#ff0000]Laisse travailler l'outil [/#ff] ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
Ensuite clique sur Quitter pour fermer Ad-Remover.
Note : Le rapport que Ad-Remover viens de générer se trouve ici : C:\Ad-Report-SCAN
[#ff9d00]Pour t'aider :
Tuto sur AD-R 2)
Fix OTL :[/#ff] :OTL
SRV - [2011/05/19 17:34:19 | 000,033,280 | ---- | M] (Yhkgmurv Software) [Auto | Start_Pending] -- C:\Windows\TEMP\egio\setup.exe -- (AMService)
SRV - [2011/05/19 15:34:26 | 000,795,648 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\tafwyfiw.dll -- (ouvhtwgy)
SRV - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: () - {341A541E-0313-E4B7-0D8E-95E65828470D} - C:\Windows\System32\tafwyfiw.dll ()
O2 - BHO: (Interest recogniser for Freecompressor (powered by Spointer)) - {a83c3565-302c-4bf8-b000-6b6f1811d892} - C:\Program Files\FreeCompressor\spointer\extensions\freecompressor_air_ie.dll (Freecompressor)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\.DEFAULT..\Run: [Metropolis] C:\Windows\TEMP\sshnas21.dll (Simon Tatham)
O4 - HKU\.DEFAULT..\Run: [SNJQ66R8MU] C:\Windows\Temp\Rx1.exe ()
O4 - HKU\S-1-5-18..\Run: [Metropolis] C:\Windows\TEMP\sshnas21.dll (Simon Tatham)
O4 - HKU\S-1-5-18..\Run: [SNJQ66R8MU] C:\Windows\Temp\Rx1.exe ()
O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [Lpizokesiko] C:\Users\philippe\AppData\Local\ncoral.dll (Acronis)
O20 - Winlogon\Notify\uximert: DllName - C:\Windows\system32\config\systemprofile\AppData\Local\uximert.dll - C:\Windows\System32\config\systemprofile\AppData\Local\uximert.dll ()
NetSvcs: ouvhtwgy - C:\Windows\System32\tafwyfiw.dll ()
[2010/05/13 03:06:57 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:DA3C6C07
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:700CD00E
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:204BEE0F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:EB603FE4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:F50F1555
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:567AC0A6
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:18AE7C5A
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:87FA5E8A
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:37CE0F2E
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:30376ACC
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:FF818E2B
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5D10517E
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:8173A019
:Files
C:\Windows\System32\tafwyfiw.dll
C:\Users\philippe\AppData\Roaming\.#
C:\Windows\Temp\Rx2.exe
C:\Windows\Temp\Rx0.exe
C:\Program Files\Common Files\Spigot
C:\Program Files\Application Updater
C:\Windows\Temp\egio\setup.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[createrestorepoint]
SRV - [2011/05/19 17:34:19 | 000,033,280 | ---- | M] (Yhkgmurv Software) [Auto | Start_Pending] -- C:\Windows\TEMP\egio\setup.exe -- (AMService)
SRV - [2011/05/19 15:34:26 | 000,795,648 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\tafwyfiw.dll -- (ouvhtwgy)
SRV - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: () - {341A541E-0313-E4B7-0D8E-95E65828470D} - C:\Windows\System32\tafwyfiw.dll ()
O2 - BHO: (Interest recogniser for Freecompressor (powered by Spointer)) - {a83c3565-302c-4bf8-b000-6b6f1811d892} - C:\Program Files\FreeCompressor\spointer\extensions\freecompressor_air_ie.dll (Freecompressor)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\.DEFAULT..\Run: [Metropolis] C:\Windows\TEMP\sshnas21.dll (Simon Tatham)
O4 - HKU\.DEFAULT..\Run: [SNJQ66R8MU] C:\Windows\Temp\Rx1.exe ()
O4 - HKU\S-1-5-18..\Run: [Metropolis] C:\Windows\TEMP\sshnas21.dll (Simon Tatham)
O4 - HKU\S-1-5-18..\Run: [SNJQ66R8MU] C:\Windows\Temp\Rx1.exe ()
O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [Lpizokesiko] C:\Users\philippe\AppData\Local\ncoral.dll (Acronis)
O20 - Winlogon\Notify\uximert: DllName - C:\Windows\system32\config\systemprofile\AppData\Local\uximert.dll - C:\Windows\System32\config\systemprofile\AppData\Local\uximert.dll ()
NetSvcs: ouvhtwgy - C:\Windows\System32\tafwyfiw.dll ()
[2010/05/13 03:06:57 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:DA3C6C07
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:700CD00E
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:204BEE0F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:EB603FE4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:F50F1555
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:567AC0A6
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:18AE7C5A
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:87FA5E8A
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:37CE0F2E
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:30376ACC
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:FF818E2B
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5D10517E
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:8173A019
:Files
C:\Windows\System32\tafwyfiw.dll
C:\Users\philippe\AppData\Roaming\.#
C:\Windows\Temp\Rx2.exe
C:\Windows\Temp\Rx0.exe
C:\Program Files\Common Files\Spigot
C:\Program Files\Application Updater
C:\Windows\Temp\egio\setup.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[createrestorepoint]
3)
[#ff9000]Analyse et suppression des logiciels malveillants
Malwarebytes' Anti-Malware (MBAM) (de Marcin Kleczynski et Bruce Harriss).
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
ou bien : L'examen s'est terminé normalement. Aucun élément nuisible n'a été détecté.
Ferme toutes les applications en cours (à part MBAM) [/#ff] [#ffb200]Pour t'aider
Tuto sur MBAM 4)
C:\Users\philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
(copie et colle avec Ctrl+V)C:\Windows\avisplitter.ini
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 14:12:39 le 25/05/2011, Mode normal
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86)
philippe@PC-DE-PHILIPPE (Acer Aspire X3200)
============== RECHERCHE ==============
Service: "Application Updater" Présent
Dossier trouvé: C:\Program Files\Dealio Toolbar
Dossier trouvé: C:\Program Files\Application Updater
Dossier trouvé: C:\Program Files\GamesBar
Dossier trouvé: C:\Users\philippe\AppData\LocalLow\Search Settings
Dossier trouvé: C:\Program Files\Common Files\Spigot
Dossier trouvé: C:\Program Files\FreeCompressor
Clé trouvée: HKLM\Software\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Clé trouvée: HKLM\Software\Classes\CLSID\{20FE21D0-8895-4F5F-A5D2-709170290006}
Clé trouvée: HKLM\Software\Classes\Interface\{20FE21D0-8895-4F5F-A5D2-709170290006}
Clé trouvée: HKLM\Software\Classes\CLSID\{6ad30cb8-7064-4664-8039-d9bb95cba878}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6ad30cb8-7064-4664-8039-d9bb95cba878}
Clé trouvée: HKLM\Software\Classes\CLSID\{85fe1096-281b-4cb9-82b6-d8eba5830035}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85fe1096-281b-4cb9-82b6-d8eba5830035}
Clé trouvée: HKLM\Software\Classes\CLSID\{a83c3565-302c-4bf8-b000-6b6f1811d892}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a83c3565-302c-4bf8-b000-6b6f1811d892}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a83c3565-302c-4bf8-b000-6b6f1811d892}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a83c3565-302c-4bf8-b000-6b6f1811d892}
Clé trouvée: HKLM\Software\Classes\CLSID\{E9E9C4BC-BD4D-4486-9092-C43FDF8F911B}
Clé trouvée: HKLM\Software\Classes\Interface\{E9E9C4BC-BD4D-4486-9092-C43FDF8F911B}
Clé trouvée: HKLM\Software\Classes\CLSID\{f011f437-ee07-463c-8217-97c0522117ab}
Clé trouvée: HKLM\Software\Classes\Interface\{6BB301AC-528E-4545-B03E-9B8EE56382BC}
Clé trouvée: HKLM\Software\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Clé trouvée: HKLM\Software\Classes\Interface\{7713A018-8482-48FA-8BD3-46A9D319693F}
Clé trouvée: HKLM\Software\Classes\Interface\{7894081D-0CF3-4663-B371-79DB59C32FC3}
Clé trouvée: HKLM\Software\Classes\Interface\{9D2F73EA-AA92-4C9C-9FA5-666B725E8E75}
Clé trouvée: HKLM\Software\Classes\Interface\{C382B99A-E317-4842-8448-70ADDAC750CA}
Clé trouvée: HKLM\Software\Classes\Interface\{E6E1D9F5-DC91-458F-89B8-FACFBD132A91}
Clé trouvée: HKLM\Software\Classes\TypeLib\{11109EB1-7D52-4512-88AD-9D837AEED46F}
Clé trouvée: HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Clé trouvée: HKLM\Software\Classes\TypeLib\{DD68F52E-1436-4C5C-8191-A1FA6AE566D4}
Clé trouvée: HKLM\Software\Classes\TypeLib\{ED846B6D-C294-4DFF-9AF6-44BDA49C0ED1}
Clé trouvée: HKLM\Software\Application Updater
Clé trouvée: HKLM\Software\Dealio
Clé trouvée: HKLM\Software\freeCompressor
Clé trouvée: HKLM\Software\GamesBarSetup
Clé trouvée: HKLM\Software\Search Settings
Clé trouvée: HKCU\Software\freeCompressor
Clé trouvée: HKCU\Software\Spointer
Clé trouvée: HKCU\Software\AppDataLow\Software\Dealio
Clé trouvée: HKCU\Software\AppDataLow\Software\Search Settings
Clé trouvée: HKU\.DEFAULT\Software\Spointer
Clé trouvée: HKU\S-1-5-18\Software\Spointer
Clé trouvée: HKLM\Software\Classes\Installer\Products\59B0DDD9E3F1E354F921AEBCD06D6BFC
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\59B0DDD9E3F1E354F921AEBCD06D6BFC
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b13e6377-ec0a-4c07-ac89-dcd48b57203d}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C878CD69-85DB-426B-81A3-E71175AAEB91}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}
Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|freecompressor@spointer.com
Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
============== SCAN ADDITIONNEL ==============
**** Internet Explorer Version [9.0.8080.16413] ****
HKCU_Main|Default_Page_URL - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=vp32&d=1006&m=aspire_x3200
HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU_Main|Start Page - hxxp://www.google.com/
HKLM_Main|Default_Page_URL - hxxp://fr.fr.acer.yahoo.com
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://fr.fr.acer.yahoo.com
HKCU_URLSearchHooks|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - "Dealio Toolbar" (C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll)
HKCU_SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} - "Google Desktop" (hxxp://127.0.0.1:4664/search&s=3NjQCGAbRt33gftix1SohZIhP7E?q={searchTerms})
HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
HKLM_Toolbar|{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} (c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll)
HKLM_Toolbar|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} ("C:\Program Files\Microsoft\BingBar\BingExt.dll") (x)
HKLM_ElevationPolicy\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\WidgiHelper.exe (Spigot, Inc.)
HKLM_ElevationPolicy\{1239CC52-59EF-4DFA-8C61-90FFA846DF7F} - C:\Program Files\Musicnotes\Player\musnotes.exe (Musicnotes, Inc.)
HKLM_ElevationPolicy\{1239CC52-59EF-4DFA-8C61-90FFA846DF80}} - C:\Program Files\Musicnotes\GuitarGuru\mnguitar.exe (Musicnotes, Inc.)
HKLM_ElevationPolicy\{1FCCD250-A453-4348-86C1-E5EA9B76FADB} - C:\Program Files\McAfee\VirusScan\mcvsmap.exe (McAfee, Inc.)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{74351F14-5437-4d87-805B-04D409B09976} - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)
HKLM_ElevationPolicy\{A8F94DF3-F6C6-422a-8BFC-7EE0F60A8609} - C:\Program Files\McAfee\VirusScan\mcvsshld.exe (McAfee, Inc.)
HKLM_ElevationPolicy\{aa851425-0109-43f3-9ed2-7b7090125861} - C:\Program Files\Microsoft\BingBar\BingBar.exe (Microsoft Corporation.)
HKLM_ElevationPolicy\{b13e6377-ec0a-4c07-ac89-dcd48b57203d} - C:\Program Files\FreeCompressor\spointer\freecompressor_air.exe (Freecompressor)
HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
HKLM_ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC5F} - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (?)
BHO\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - "Dealio Toolbar" (C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll)
BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)
BHO\{27B4851A-3207-45A2-B947-BE8AFE6163AB} - "McAfee Phishing Filter" (c:\progra~1\mcafee\msk\mskapbho.dll)
BHO\{341A541E-0313-E4B7-0D8E-95E65828470D} - "?" (c:\windows\system32\tafwyfiw.dll)
BHO\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - "scriptproxy" (C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110515031129.dll)
BHO\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - "ShowBarObj Class" (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll)
BHO\{a83c3565-302c-4bf8-b000-6b6f1811d892} - "Interest recogniser for Freecompressor (powered by Spointer)" (C:\Program Files\FreeCompressor\spointer\extensions\freecompressor_air_ie.dll)
BHO\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} - "McAfee SiteAdvisor BHO" (c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll)
BHO\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "Bing Bar Helper" ("C:\Program Files\Microsoft\BingBar\BingExt.dll") (x)
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)
C:\Ad-Report-SCAN[1].txt - 25/05/2011 14:14:07 (9546 Octet(s))
Fin à: 14:16:26, 25/05/2011
============== E.O.F ==============
voila le rapport all remover
Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 14:12:39 le 25/05/2011, Mode normal
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86)
philippe@PC-DE-PHILIPPE (Acer Aspire X3200)
============== RECHERCHE ==============
Service: "Application Updater" Présent
Dossier trouvé: C:\Program Files\Dealio Toolbar
Dossier trouvé: C:\Program Files\Application Updater
Dossier trouvé: C:\Program Files\GamesBar
Dossier trouvé: C:\Users\philippe\AppData\LocalLow\Search Settings
Dossier trouvé: C:\Program Files\Common Files\Spigot
Dossier trouvé: C:\Program Files\FreeCompressor
Clé trouvée: HKLM\Software\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Clé trouvée: HKLM\Software\Classes\CLSID\{20FE21D0-8895-4F5F-A5D2-709170290006}
Clé trouvée: HKLM\Software\Classes\Interface\{20FE21D0-8895-4F5F-A5D2-709170290006}
Clé trouvée: HKLM\Software\Classes\CLSID\{6ad30cb8-7064-4664-8039-d9bb95cba878}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6ad30cb8-7064-4664-8039-d9bb95cba878}
Clé trouvée: HKLM\Software\Classes\CLSID\{85fe1096-281b-4cb9-82b6-d8eba5830035}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85fe1096-281b-4cb9-82b6-d8eba5830035}
Clé trouvée: HKLM\Software\Classes\CLSID\{a83c3565-302c-4bf8-b000-6b6f1811d892}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a83c3565-302c-4bf8-b000-6b6f1811d892}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a83c3565-302c-4bf8-b000-6b6f1811d892}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a83c3565-302c-4bf8-b000-6b6f1811d892}
Clé trouvée: HKLM\Software\Classes\CLSID\{E9E9C4BC-BD4D-4486-9092-C43FDF8F911B}
Clé trouvée: HKLM\Software\Classes\Interface\{E9E9C4BC-BD4D-4486-9092-C43FDF8F911B}
Clé trouvée: HKLM\Software\Classes\CLSID\{f011f437-ee07-463c-8217-97c0522117ab}
Clé trouvée: HKLM\Software\Classes\Interface\{6BB301AC-528E-4545-B03E-9B8EE56382BC}
Clé trouvée: HKLM\Software\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Clé trouvée: HKLM\Software\Classes\Interface\{7713A018-8482-48FA-8BD3-46A9D319693F}
Clé trouvée: HKLM\Software\Classes\Interface\{7894081D-0CF3-4663-B371-79DB59C32FC3}
Clé trouvée: HKLM\Software\Classes\Interface\{9D2F73EA-AA92-4C9C-9FA5-666B725E8E75}
Clé trouvée: HKLM\Software\Classes\Interface\{C382B99A-E317-4842-8448-70ADDAC750CA}
Clé trouvée: HKLM\Software\Classes\Interface\{E6E1D9F5-DC91-458F-89B8-FACFBD132A91}
Clé trouvée: HKLM\Software\Classes\TypeLib\{11109EB1-7D52-4512-88AD-9D837AEED46F}
Clé trouvée: HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Clé trouvée: HKLM\Software\Classes\TypeLib\{DD68F52E-1436-4C5C-8191-A1FA6AE566D4}
Clé trouvée: HKLM\Software\Classes\TypeLib\{ED846B6D-C294-4DFF-9AF6-44BDA49C0ED1}
Clé trouvée: HKLM\Software\Application Updater
Clé trouvée: HKLM\Software\Dealio
Clé trouvée: HKLM\Software\freeCompressor
Clé trouvée: HKLM\Software\GamesBarSetup
Clé trouvée: HKLM\Software\Search Settings
Clé trouvée: HKCU\Software\freeCompressor
Clé trouvée: HKCU\Software\Spointer
Clé trouvée: HKCU\Software\AppDataLow\Software\Dealio
Clé trouvée: HKCU\Software\AppDataLow\Software\Search Settings
Clé trouvée: HKU\.DEFAULT\Software\Spointer
Clé trouvée: HKU\S-1-5-18\Software\Spointer
Clé trouvée: HKLM\Software\Classes\Installer\Products\59B0DDD9E3F1E354F921AEBCD06D6BFC
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\59B0DDD9E3F1E354F921AEBCD06D6BFC
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b13e6377-ec0a-4c07-ac89-dcd48b57203d}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C878CD69-85DB-426B-81A3-E71175AAEB91}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}
Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|freecompressor@spointer.com
Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
============== SCAN ADDITIONNEL ==============
**** Internet Explorer Version [9.0.8080.16413] ****
HKCU_Main|Default_Page_URL - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=vp32&d=1006&m=aspire_x3200
HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU_Main|Start Page - hxxp://www.google.com/
HKLM_Main|Default_Page_URL - hxxp://fr.fr.acer.yahoo.com
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://fr.fr.acer.yahoo.com
HKCU_URLSearchHooks|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - "Dealio Toolbar" (C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll)
HKCU_SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} - "Google Desktop" (hxxp://127.0.0.1:4664/search&s=3NjQCGAbRt33gftix1SohZIhP7E?q={searchTerms})
HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
HKLM_Toolbar|{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} (c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll)
HKLM_Toolbar|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} ("C:\Program Files\Microsoft\BingBar\BingExt.dll") (x)
HKLM_ElevationPolicy\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\WidgiHelper.exe (Spigot, Inc.)
HKLM_ElevationPolicy\{1239CC52-59EF-4DFA-8C61-90FFA846DF7F} - C:\Program Files\Musicnotes\Player\musnotes.exe (Musicnotes, Inc.)
HKLM_ElevationPolicy\{1239CC52-59EF-4DFA-8C61-90FFA846DF80}} - C:\Program Files\Musicnotes\GuitarGuru\mnguitar.exe (Musicnotes, Inc.)
HKLM_ElevationPolicy\{1FCCD250-A453-4348-86C1-E5EA9B76FADB} - C:\Program Files\McAfee\VirusScan\mcvsmap.exe (McAfee, Inc.)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{74351F14-5437-4d87-805B-04D409B09976} - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)
HKLM_ElevationPolicy\{A8F94DF3-F6C6-422a-8BFC-7EE0F60A8609} - C:\Program Files\McAfee\VirusScan\mcvsshld.exe (McAfee, Inc.)
HKLM_ElevationPolicy\{aa851425-0109-43f3-9ed2-7b7090125861} - C:\Program Files\Microsoft\BingBar\BingBar.exe (Microsoft Corporation.)
HKLM_ElevationPolicy\{b13e6377-ec0a-4c07-ac89-dcd48b57203d} - C:\Program Files\FreeCompressor\spointer\freecompressor_air.exe (Freecompressor)
HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
HKLM_ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC5F} - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (?)
BHO\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - "Dealio Toolbar" (C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll)
BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)
BHO\{27B4851A-3207-45A2-B947-BE8AFE6163AB} - "McAfee Phishing Filter" (c:\progra~1\mcafee\msk\mskapbho.dll)
BHO\{341A541E-0313-E4B7-0D8E-95E65828470D} - "?" (c:\windows\system32\tafwyfiw.dll)
BHO\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - "scriptproxy" (C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110515031129.dll)
BHO\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - "ShowBarObj Class" (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll)
BHO\{a83c3565-302c-4bf8-b000-6b6f1811d892} - "Interest recogniser for Freecompressor (powered by Spointer)" (C:\Program Files\FreeCompressor\spointer\extensions\freecompressor_air_ie.dll)
BHO\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} - "McAfee SiteAdvisor BHO" (c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll)
BHO\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "Bing Bar Helper" ("C:\Program Files\Microsoft\BingBar\BingExt.dll") (x)
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)
C:\Ad-Report-SCAN[1].txt - 25/05/2011 14:14:07 (9546 Octet(s))
Fin à: 14:16:26, 25/05/2011
============== E.O.F ==============
voila le rapport all remover
avec malwarebytes:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Version de la base de données: 6674
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8080.16413
25/05/2011 16:34:52
mbam-log-2011-05-25 (16-34-52).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 159550
Temps écoulé: 9 minute(s), 29 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\OO1310T0QS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OO1310T0QS (Trojan.FakeAlert.SA) -> Value: OO1310T0QS -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Version de la base de données: 6674
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8080.16413
25/05/2011 16:34:52
mbam-log-2011-05-25 (16-34-52).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 159550
Temps écoulé: 9 minute(s), 29 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\OO1310T0QS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OO1310T0QS (Trojan.FakeAlert.SA) -> Value: OO1310T0QS -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Antivirus
Version
Dernière mise à jour
Résultat
AhnLab-V3
2011.05.25.01
2011.05.25
-
AntiVir
7.11.8.135
2011.05.25
-
Antiy-AVL
2.0.3.7
2011.05.25
-
Avast
4.8.1351.0
2011.05.25
-
Avast5
5.0.677.0
2011.05.25
-
AVG
10.0.0.1190
2011.05.25
-
BitDefender
7.2
2011.05.25
-
CAT-QuickHeal
11.00
2011.05.25
-
ClamAV
0.97.0.0
2011.05.25
-
Commtouch
5.3.2.6
2011.05.25
-
Comodo
8829
2011.05.25
-
DrWeb
5.0.2.03300
2011.05.25
-
Emsisoft
5.1.0.5
2011.05.25
-
eSafe
7.0.17.0
2011.05.24
-
eTrust-Vet
36.1.8347
2011.05.25
-
F-Prot
4.6.2.117
2011.05.24
-
F-Secure
9.0.16440.0
2011.05.25
-
Fortinet
4.2.257.0
2011.05.25
-
GData
22
2011.05.25
-
Ikarus
T3.1.1.104.0
2011.05.25
-
Jiangmin
13.0.900
2011.05.25
-
K7AntiVirus
9.103.4713
2011.05.24
-
Kaspersky
9.0.0.837
2011.05.25
-
McAfee
5.400.0.1158
2011.05.25
-
McAfee-GW-Edition
2010.1D
2011.05.25
-
Microsoft
1.6903
2011.05.25
-
NOD32
6151
2011.05.25
-
Norman
6.07.07
2011.05.25
-
nProtect
2011-05-25.03
2011.05.25
-
Panda
10.0.3.5
2011.05.25
-
PCTools
7.0.3.5
2011.05.19
-
Prevx
3.0
2011.05.25
-
Rising
23.59.02.05
2011.05.25
-
Sophos
4.65.0
2011.05.25
-
SUPERAntiSpyware
4.40.0.1006
2011.05.25
-
Symantec
20111.1.0.186
2011.05.25
-
TheHacker
6.7.0.1.207
2011.05.25
-
TrendMicro
9.200.0.1012
2011.05.25
-
TrendMicro-HouseCall
9.200.0.1012
2011.05.25
-
VBA32
3.12.16.0
2011.05.25
-
VIPRE
9384
2011.05.25
-
ViRobot
2011.5.25.4478
2011.05.25
-
VirusBuster
13.6.370.1
2011.05.24
-
Informations complémentaires
Afficher tous
MD5 : 4026fd6e3139187bc7dde672927daa33
SHA1 : 03cc77b78a98d192a9389e141441f3be932788d6
SHA256: c7d4b44bd6f7eb9f6a2b51645b99fcd6f8365f52fb45592be3d6573085b1ec54
VT Communauté
Ce fichier n'a jamais été examiné par un membre de la Communauté VT. Soyez le premier à commenter!
VirusTotal équipe
AhnLab-V3
2011.05.25.01
2011.05.25
AntiVir
7.11.8.135
2011.05.25
Antiy-AVL
2.0.3.7
2011.05.25
Avast
4.8.1351.0
2011.05.25
Avast5
5.0.677.0
2011.05.25
AVG
10.0.0.1190
2011.05.25
BitDefender
7.2
2011.05.25
CAT-QuickHeal
11.00
2011.05.25
ClamAV
0.97.0.0
2011.05.25
Commtouch
5.3.2.6
2011.05.25
Comodo
8829
2011.05.25
DrWeb
5.0.2.03300
2011.05.25
eSafe
7.0.17.0
2011.05.24
eTrust-Vet
36.1.8347
2011.05.25
F-Prot
4.6.2.117
2011.05.24
F-Secure
9.0.16440.0
2011.05.25
Fortinet
4.2.257.0
2011.05.25
GData
22
2011.05.25
Ikarus
T3.1.1.104.0
2011.05.25
Jiangmin
13.0.900
2011.05.25
K7AntiVirus
9.103.4713
2011.05.24
Kaspersky
9.0.0.837
2011.05.25
McAfee
5.400.0.1158
2011.05.25
McAfee-GW-Edition
2010.1D
2011.05.25
Microsoft
1.6903
2011.05.25
NOD32
6151
2011.05.25
Norman
6.07.07
2011.05.25
nProtect
2011-05-25.03 2011.05.25
Panda
10.0.3.5 2011.05.25
PCTools
7.0.3.5 2011.05.19
Prevx
3.0 2011.05.25
Rising
23.59.02.05 2011.05.25
Sophos
4.65.0 2011.05.25
SUPERAntiSpyware
4.40.0.1006 2011.05.25
Symantec
20111.1.0.186 2011.05.25
TheHacker
6.7.0.1.207 2011.05.25
TrendMicro
9.200.0.1012 2011.05.25
TrendMicro-HouseCall
9.200.0.1012 2011.05.25
VBA32
3.12.16.0 2011.05.25
VIPRE
9384 2011.05.25
ViRobot
2011.5.25.4478 2011.05.25
VirusBuster
13.6.370.1 2011.05.24
Informations complémentaires
Afficher tous
MD5 : 8b138ed363128bff2c2e1e7fea9793b4
SHA1 : a1070566438d9dc25ee031be9b42d96a197df7c8
SHA256: 4146ba434249edf36f06f39178fc82da6137b3d5ff58d3f3ba9281d188380bdb
VT Communauté
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Lancé à 01:57:08 le 26/05/2011, Mode normal
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86)
philippe@PC-DE-PHILIPPE (Acer Aspire X3200)
============== ACTION(S) ==============
(!) -- Fichiers temporaires supprimés.
============== SCAN ADDITIONNEL ==============
**** Internet Explorer Version [9.0.8080.16413] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} - "Google Desktop" (hxxp://127.0.0.1:4664/search&s=3NjQCGAbRt33gftix1SohZIhP7E?q={searchTerms})
HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
HKLM_Toolbar|{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} (c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} ("C:\Program Files\Microsoft\BingBar\BingExt.dll") (x)
HKLM_ElevationPolicy\{1239CC52-59EF-4DFA-8C61-90FFA846DF7F} - C:\Program Files\Musicnotes\Player\musnotes.exe (Musicnotes, Inc.)
HKLM_ElevationPolicy\{1239CC52-59EF-4DFA-8C61-90FFA846DF80}} - C:\Program Files\Musicnotes\GuitarGuru\mnguitar.exe (Musicnotes, Inc.)
HKLM_ElevationPolicy\{1FCCD250-A453-4348-86C1-E5EA9B76FADB} - C:\Program Files\McAfee\VirusScan\mcvsmap.exe (McAfee, Inc.)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{74351F14-5437-4d87-805B-04D409B09976} - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)
HKLM_ElevationPolicy\{A8F94DF3-F6C6-422a-8BFC-7EE0F60A8609} - C:\Program Files\McAfee\VirusScan\mcvsshld.exe (McAfee, Inc.)
HKLM_ElevationPolicy\{aa851425-0109-43f3-9ed2-7b7090125861} - C:\Program Files\Microsoft\BingBar\BingBar.exe (Microsoft Corporation.)
HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
HKLM_ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC5F} - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (?)
BHO\{27B4851A-3207-45A2-B947-BE8AFE6163AB} - "McAfee Phishing Filter" (c:\progra~1\mcafee\msk\mskapbho.dll)
BHO\{341A541E-0313-E4B7-0D8E-95E65828470D} - "?" (c:\windows\system32\tafwyfiw.dll) (x)
BHO\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - "scriptproxy" (C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110515031129.dll)
BHO\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - "ShowBarObj Class" (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll)
BHO\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} - "McAfee SiteAdvisor BHO" (c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll)
BHO\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "Bing Bar Helper" ("C:\Program Files\Microsoft\BingBar\BingExt.dll") (x)
========================================
C:\Program Files\Ad-Remover\Quarantine: 68 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 17 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 26/05/2011 01:44:38 (7802 Octet(s))
C:\Ad-Report-CLEAN[2].txt - 26/05/2011 01:57:13 (4146 Octet(s))
C:\Ad-Report-SCAN[1].txt - 25/05/2011 14:14:07 (9684 Octet(s))
Fin à: 01:58:24, 26/05/2011
============== E.O.F ==============
OTL logfile created on: 26/05/2011 02:01:23 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\philippe\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,15 Gb Total Space | 26,57 Gb Free Space | 19,09% Space Free | Partition Type: NTFS
Drive F: | 142,94 Gb Total Space | 84,06 Gb Free Space | 58,81% Space Free | Partition Type: NTFS
Computer Name: PC-DE-PHILIPPE | User Name: philippe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/21 11:00:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
PRC - [2011/05/19 21:43:20 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/05/10 09:38:19 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/03/09 14:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/23 18:52:06 | 000,206,112 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/25 13:31:40 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008/04/25 13:31:24 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2008/04/25 13:30:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/04 23:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/01/29 12:25:10 | 000,598,016 | ---- | M] () -- C:\Program Files\bin32\nSvcAppFlt.exe
PRC - [2008/01/29 12:24:46 | 000,163,840 | ---- | M] () -- C:\Program Files\bin32\nSvcIp.exe
PRC - [2006/11/13 14:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
========== Modules (SafeList) ==========
MOD - [2011/05/21 11:00:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2008/07/23 18:52:10 | 000,012,576 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\saHook.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (ouvhtwgy)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/03/09 14:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/07 22:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/07/23 18:52:06 | 000,206,112 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/04/25 13:30:26 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/29 12:25:10 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/01/29 12:24:46 | 000,163,840 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2006/11/13 14:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)
========== Driver Services (SafeList) ==========
DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/03 14:19:39 | 000,864,384 | ---- | M] (ITE Technologies ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF9035HB.sys -- (AF9035HB)
DRV - [2009/09/08 10:40:14 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2009/04/30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/09/29 18:12:04 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/04/22 02:49:00 | 007,451,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/04/22 02:49:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/01/29 07:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/25 14:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/09/25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/06/29 16:32:08 | 000,611,584 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2006/12/07 15:55:40 | 000,017,024 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005/01/31 10:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 10:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/03 02:04:49 | 000,000,000 | ---D | M]
[2010/08/06 14:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions
[2010/08/06 14:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/07/15 19:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions\MediaCoder
[2010/07/14 08:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions\MediaCoder-MCEX
Hosts file not found
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll ()
O2 - BHO: () - {341A541E-0313-E4B7-0D8E-95E65828470D} - File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110515031129.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\philippe\Pictures\voyage de noce\guadeloupe\guadeloupe\DSCF1191.JPG
O24 - Desktop BackupWallPaper: C:\Users\philippe\Pictures\voyage de noce\guadeloupe\guadeloupe\DSCF1191.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{70d092e9-b928-11de-9a0f-001d72b264bd}\Shell - "" = AutoRun
O33 - MountPoints2\{70d092e9-b928-11de-9a0f-001d72b264bd}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{9e067bf7-3d6d-11de-8d6c-001d72b264bd}\Shell - "" = AutoRun
O33 - MountPoints2\{9e067bf7-3d6d-11de-8d6c-001d72b264bd}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: fastuserswitchingcompatibility - File not found
NetSvcs: ias - File not found
NetSvcs: nla - File not found
NetSvcs: ntmssvc - File not found
NetSvcs: nwcworkstation - File not found
NetSvcs: nwsapagent - File not found
NetSvcs: srservice - File not found
NetSvcs: wmdmpmsp - File not found
NetSvcs: ouvhtwgy - File not found
NetSvcs: logonhours - File not found
NetSvcs: pcaudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/05/26 01:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/05/25 17:38:48 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{D1580BC6-9097-4F06-B3BA-96B04C8C1576}
[2011/05/25 16:18:16 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Roaming\Malwarebytes
[2011/05/25 16:18:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/25 16:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/25 16:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/25 16:18:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/25 16:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/25 15:57:52 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{F7F65056-47F4-4EB6-853F-1302483D859A}
[2011/05/25 14:20:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/25 14:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2011/05/25 09:17:34 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{45A3AEC0-8270-4228-BCB3-692EB97631E4}
[2011/05/24 09:34:16 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{2E3E7802-01DC-410E-BCF6-48E96490AC07}
[2011/05/23 10:12:03 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{2D96F98F-36F8-4F45-8DE4-59B36C2D87FD}
[2011/05/22 11:35:25 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{AA9648D8-C33D-4320-859B-5FFE6F5861F8}
[2011/05/22 11:29:57 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{33FFDF43-8455-46CC-8A99-13BD47E0C497}
[2011/05/21 11:00:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
[2011/05/21 10:58:02 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{15E587AC-9B11-4BD2-9E18-430105445A64}
[2011/05/20 16:33:04 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{4022702F-652C-4143-B756-72D3CF208649}
[2011/05/20 15:03:53 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{F3FEA8F1-0795-48E8-9F54-36B592E7255F}
[2011/05/19 23:34:09 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/05/18 10:21:44 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{DC64B650-7AD5-4940-908F-90067B28DC03}
[2011/05/15 12:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/05/15 09:16:47 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{09FFEFD3-EA6E-452F-BF5A-89506ED6AB3F}
[2011/05/14 11:37:04 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{9B8F0C3B-1BE0-4DD9-9468-84D4BD0FC591}
[2011/05/10 09:38:12 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{248325FA-D235-469D-B0D3-648FF63C16D1}
[2011/04/30 03:55:47 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{B4DA6ABC-A04E-4292-BB13-6BC8715676F7}
[2011/04/29 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{9BF4B707-EACC-4C0F-A78F-C73C3BF3F43C}
[2011/04/27 11:07:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 11:07:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 11:07:26 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2008/10/05 11:33:00 | 002,741,248 | ---- | C] (Antonio Da Cruz) -- C:\Program Files\PhotoFiltre.exe
[2008/07/22 10:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
========== Files - Modified Within 30 Days ==========
[2011/05/26 02:01:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/26 01:51:48 | 000,678,804 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/05/26 01:51:48 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/26 01:51:48 | 000,126,420 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/05/26 01:51:48 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/26 01:47:30 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/05/26 01:47:16 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 01:47:16 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 01:47:15 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/26 01:47:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/25 16:18:09 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/25 14:12:38 | 000,001,680 | ---- | M] () -- C:\Users\philippe\Desktop\AD-R.lnk
[2011/05/25 11:17:06 | 000,014,406 | ---- | M] () -- C:\Users\philippe\Desktop\texte montage.odt
[2011/05/23 16:50:09 | 000,013,062 | ---- | M] () -- C:\Users\philippe\Desktop\je veux.odt
[2011/05/23 16:44:20 | 004,179,008 | ---- | M] () -- C:\Users\philippe\Desktop\Jean-Louis_Aubert_Demain_sera_parfait_(Instrumental)_93094 (1).mp3
[2011/05/21 11:00:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
[2011/05/21 11:00:44 | 000,094,208 | ---- | M] () -- C:\Users\philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/20 14:34:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/05/19 23:34:00 | 307,961,004 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/17 16:25:37 | 001,708,730 | ---- | M] () -- C:\Users\philippe\Desktop\marie madeleine phil-said.mp3
[2011/05/15 19:15:55 | 002,596,379 | ---- | M] () -- C:\Users\philippe\Documents\celineadrien.odp
[2011/05/15 12:40:16 | 000,005,033 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2011/05/15 12:37:44 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/05/12 13:32:54 | 005,425,215 | ---- | M] () -- C:\Users\philippe\Documents\Catalogue FC IFEN 2012.pdf
[2011/05/12 13:31:16 | 000,064,441 | ---- | M] () -- C:\Users\philippe\Documents\BT276.pdf
[2011/05/07 13:19:07 | 000,000,196 | ---- | M] () -- C:\Users\philippe\Desktop\Messenger.url
[2011/05/07 06:21:31 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2011/05/06 11:49:14 | 000,266,833 | ---- | M] () -- C:\Users\philippe\Documents\CV THIBAULT.pdf
[2011/05/03 16:32:48 | 000,385,493 | ---- | M] () -- C:\Users\philippe\Documents\dictons_cons.pdf
========== Files Created - No Company Name ==========
[2011/05/25 16:18:09 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/25 14:12:38 | 000,001,680 | ---- | C] () -- C:\Users\philippe\Desktop\AD-R.lnk
[2011/05/25 11:35:38 | 000,014,406 | ---- | C] () -- C:\Users\philippe\Desktop\texte montage.odt
[2011/05/23 16:45:31 | 004,179,008 | ---- | C] () -- C:\Users\philippe\Desktop\Jean-Louis_Aubert_Demain_sera_parfait_(Instrumental)_93094 (1).mp3
[2011/05/23 16:45:25 | 000,013,062 | ---- | C] () -- C:\Users\philippe\Desktop\je veux.odt
[2011/05/19 23:48:09 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/05/19 23:34:00 | 307,961,004 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/17 16:25:22 | 001,708,730 | ---- | C] () -- C:\Users\philippe\Desktop\marie madeleine phil-said.mp3
[2011/05/15 19:15:49 | 002,596,379 | ---- | C] () -- C:\Users\philippe\Documents\celineadrien.odp
[2011/05/15 12:37:44 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/05/12 13:32:53 | 005,425,215 | ---- | C] () -- C:\Users\philippe\Documents\Catalogue FC IFEN 2012.pdf
[2011/05/12 13:31:16 | 000,064,441 | ---- | C] () -- C:\Users\philippe\Documents\BT276.pdf
[2011/05/06 11:49:13 | 000,266,833 | ---- | C] () -- C:\Users\philippe\Documents\CV THIBAULT.pdf
[2011/05/03 16:32:48 | 000,385,493 | ---- | C] () -- C:\Users\philippe\Documents\dictons_cons.pdf
[2010/10/15 18:55:02 | 000,000,680 | ---- | C] () -- C:\Users\philippe\AppData\Local\d3d9caps.dat
[2010/09/03 18:50:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/08 17:37:56 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/07/08 17:37:48 | 000,094,208 | ---- | C] () -- C:\Users\philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/08 17:16:28 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2010/05/14 17:08:23 | 000,001,000 | ---- | C] () -- C:\Windows\posteriza.INI
[2010/05/10 11:06:35 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/04/30 16:41:37 | 000,031,007 | ---- | C] () -- C:\Users\philippe\AppData\Roaming\UserTile.png
[2010/04/14 16:26:37 | 002,322,096 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
[2010/04/14 16:26:37 | 000,030,208 | ---- | C] () -- C:\Windows\System32\iolobtdfg.exe
[2010/04/14 16:26:37 | 000,012,288 | ---- | C] () -- C:\Windows\System32\smrgdf.exe
[2010/04/14 16:23:55 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2009/12/31 12:10:23 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll
[2009/12/02 13:45:19 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009/12/01 20:31:43 | 000,000,118 | ---- | C] () -- C:\Users\philippe\AppData\Roaming\wklnhst.dat
[2009/10/20 16:41:34 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.68-8876480L.exe
[2009/10/02 19:06:45 | 000,000,056 | ---- | C] () -- C:\Windows\iltwain.ini
[2009/09/25 15:33:08 | 000,000,000 | ---- | C] () -- C:\Windows\ka.ini
[2009/08/07 23:23:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/07 23:23:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/18 16:52:06 | 000,001,972 | ---- | C] () -- C:\Windows\Media4Ut.ini
[2009/06/05 15:37:11 | 000,000,040 | ---- | C] () -- C:\Windows\NAVIGMA.INI
[2009/06/02 18:08:36 | 000,000,571 | ---- | C] () -- C:\Windows\eReg.dat
[2009/05/26 17:04:22 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/05/26 17:03:28 | 000,000,073 | ---- | C] () -- C:\Windows\magix.ini
[2009/05/19 16:42:44 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2009/05/19 16:24:17 | 000,000,032 | ---- | C] () -- C:\Windows\CDMKR32.INI
[2009/05/17 18:18:13 | 000,000,050 | ---- | C] () -- C:\Windows\Sierra.ini
[2009/05/08 17:28:21 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/05/08 17:28:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/05/08 17:28:16 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/08 17:28:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/08 17:28:14 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/04/10 08:57:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/09 23:30:27 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/04/09 23:30:26 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/04/09 23:30:26 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/04/09 23:30:26 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/04/09 23:30:26 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/04/09 23:30:26 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/04/09 23:30:26 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/04/09 23:30:26 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/04/09 23:30:26 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/04/09 23:30:26 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/04/09 23:30:26 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/04/09 23:30:26 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/04/09 23:30:26 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/04/09 23:30:26 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/04/09 23:30:26 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/04/09 23:30:26 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/04/09 23:30:26 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/04/09 23:30:26 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/04/09 23:30:26 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/04/09 23:18:18 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4000EFDG.ini
[2008/05/09 04:32:23 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/05/09 04:32:23 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/05/09 03:53:15 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/05/09 03:43:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/05/09 03:43:57 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/05/09 03:32:41 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/01/21 10:40:50 | 000,678,804 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2008/01/21 10:40:50 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2008/01/21 10:40:50 | 000,126,420 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2008/01/21 10:40:50 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2008/01/21 04:23:50 | 000,151,296 | ---- | C] () -- C:\Windows\System32\ztbbpbpj.dat
[2008/01/21 04:23:50 | 000,135,936 | ---- | C] () -- C:\Windows\System32\ofeppxyi.dat
[2008/01/21 04:23:50 | 000,034,560 | ---- | C] () -- C:\Windows\System32\amformoe.dat
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 000,376,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/11 00:32:18 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2006/10/11 00:32:18 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2005/08/29 10:43:34 | 000,008,073 | ---- | C] () -- C:\Program Files\PhotoMasque.htm
[2005/08/18 10:21:52 | 000,033,369 | ---- | C] () -- C:\Program Files\PhotoFiltre.htm
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
========== Custom Scans ==========
<![:o]( ":o")
TL >
< SRV - [2011/05/19 17:34:19 | 000,033,280 | ---- | M] (Yhkgmurv Software) [Auto | Start_Pending] -- C:\Windows\TEMP\egio\setup.exe -- (AMService) >
Invalid Switch: 19 17:34:19 | 000,033,280 | ---- | M] (Yhkgmurv Software) [Auto | Start_Pending] -- C:\Windows\TEMP\egio\setup.exe -- (AMService)
< SRV - [2011/05/19 15:34:26 | 000,795,648 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\tafwyfiw.dll -- (ouvhtwgy) >
Invalid Switch: 19 15:34:26 | 000,795,648 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\tafwyfiw.dll -- (ouvhtwgy)
< SRV - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) >
Invalid Switch: 28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
< IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.) >
< O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.) >
< O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. >
< O2 - BHO: () - {341A541E-0313-E4B7-0D8E-95E65828470D} - C:\Windows\System32\tafwyfiw.dll () >
< O2 - BHO: (Interest recogniser for Freecompressor (powered by Spointer)) - {a83c3565-302c-4bf8-b000-6b6f1811d892} - C:\Program Files\FreeCompressor\spointer\extensions\freecompressor_air_ie.dll (Freecompressor) >
< O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.) >
< O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) >
< O4 - HKU\.DEFAULT..\Run: [Metropolis] C:\Windows\TEMP\sshnas21.dll (Simon Tatham) >
< O4 - HKU\.DEFAULT..\Run: [SNJQ66R8MU] C:\Windows\Temp\Rx1.exe () >
< O4 - HKU\S-1-5-18..\Run: [Metropolis] C:\Windows\TEMP\sshnas21.dll (Simon Tatham) >
< O4 - HKU\S-1-5-18..\Run: [SNJQ66R8MU] C:\Windows\Temp\Rx1.exe () >
< O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.) >
< O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [Lpizokesiko] C:\Users\philippe\AppData\Local\ncoral.dll (Acronis) >
< O20 - Winlogon\Notify\uximert: DllName - C:\Windows\system32\config\systemprofile\AppData\Local\uximert.dll - C:\Windows\System32\config\systemprofile\AppData\Local\uximert.dll () >
< [2010/05/13 03:06:57 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI >
Invalid Switch: 13 03:06:57 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
< @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP![:D]( ":D")
A3C6C07 >
< @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:700CD00E >
< @Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:8AB6C1D7 >
< @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:204BEE0F >
< @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:EB603FE4 >
< @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:F50F1555 >
< @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:793F316E >
< @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FC420CE6 >
< @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C95B63DA >
< @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:131C0EE9 >
< @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:567AC0A6 >
< @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:18AE7C5A >
< @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:87FA5E8A >
< @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E1982A23 >
< @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:37CE0F2E >
< @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:580E04D8 >
< @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:30376ACC >
< @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:FF818E2B >
< @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5D10517E >
< @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:8173A019 >
< >
< :Files >
< C:\Windows\System32\tafwyfiw.dll >
< C:\Users\philippe\AppData\Roaming\.# >
< C:\Windows\Temp\Rx2.exe >
< C:\Windows\Temp\Rx0.exe >
< C:\Program Files\Common Files\Spigot >
< C:\Program Files\Application Updater >
< C:\Windows\Temp\egio\setup.exe >
< >
< :Commands >
< [purity] >
< [emptytemp] >
< [emptyflash] >
========== Alternate Data Streams ==========
@Alternate Data Stream - 809 bytes -> C:\Users\philippe\Documents\Cédric Charbonnier.eml![:o]( ":o")
ECustomProperty
< End of report >
la il y a les 2 rapports Ad-remover et OTL
Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Lancé à 01:57:08 le 26/05/2011, Mode normal
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86)
philippe@PC-DE-PHILIPPE (Acer Aspire X3200)
============== ACTION(S) ==============
(!) -- Fichiers temporaires supprimés.
============== SCAN ADDITIONNEL ==============
**** Internet Explorer Version [9.0.8080.16413] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} - "Google Desktop" (hxxp://127.0.0.1:4664/search&s=3NjQCGAbRt33gftix1SohZIhP7E?q={searchTerms})
HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
HKLM_Toolbar|{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} (c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} ("C:\Program Files\Microsoft\BingBar\BingExt.dll") (x)
HKLM_ElevationPolicy\{1239CC52-59EF-4DFA-8C61-90FFA846DF7F} - C:\Program Files\Musicnotes\Player\musnotes.exe (Musicnotes, Inc.)
HKLM_ElevationPolicy\{1239CC52-59EF-4DFA-8C61-90FFA846DF80}} - C:\Program Files\Musicnotes\GuitarGuru\mnguitar.exe (Musicnotes, Inc.)
HKLM_ElevationPolicy\{1FCCD250-A453-4348-86C1-E5EA9B76FADB} - C:\Program Files\McAfee\VirusScan\mcvsmap.exe (McAfee, Inc.)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{74351F14-5437-4d87-805B-04D409B09976} - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)
HKLM_ElevationPolicy\{A8F94DF3-F6C6-422a-8BFC-7EE0F60A8609} - C:\Program Files\McAfee\VirusScan\mcvsshld.exe (McAfee, Inc.)
HKLM_ElevationPolicy\{aa851425-0109-43f3-9ed2-7b7090125861} - C:\Program Files\Microsoft\BingBar\BingBar.exe (Microsoft Corporation.)
HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
HKLM_ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC5F} - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (?)
BHO\{27B4851A-3207-45A2-B947-BE8AFE6163AB} - "McAfee Phishing Filter" (c:\progra~1\mcafee\msk\mskapbho.dll)
BHO\{341A541E-0313-E4B7-0D8E-95E65828470D} - "?" (c:\windows\system32\tafwyfiw.dll) (x)
BHO\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - "scriptproxy" (C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110515031129.dll)
BHO\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - "ShowBarObj Class" (C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll)
BHO\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} - "McAfee SiteAdvisor BHO" (c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll)
BHO\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "Bing Bar Helper" ("C:\Program Files\Microsoft\BingBar\BingExt.dll") (x)
========================================
C:\Program Files\Ad-Remover\Quarantine: 68 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 17 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 26/05/2011 01:44:38 (7802 Octet(s))
C:\Ad-Report-CLEAN[2].txt - 26/05/2011 01:57:13 (4146 Octet(s))
C:\Ad-Report-SCAN[1].txt - 25/05/2011 14:14:07 (9684 Octet(s))
Fin à: 01:58:24, 26/05/2011
============== E.O.F ==============
OTL logfile created on: 26/05/2011 02:01:23 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\philippe\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,15 Gb Total Space | 26,57 Gb Free Space | 19,09% Space Free | Partition Type: NTFS
Drive F: | 142,94 Gb Total Space | 84,06 Gb Free Space | 58,81% Space Free | Partition Type: NTFS
Computer Name: PC-DE-PHILIPPE | User Name: philippe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/21 11:00:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
PRC - [2011/05/19 21:43:20 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/05/10 09:38:19 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/03/09 14:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/23 18:52:06 | 000,206,112 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/25 13:31:40 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008/04/25 13:31:24 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2008/04/25 13:30:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/04 23:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/01/29 12:25:10 | 000,598,016 | ---- | M] () -- C:\Program Files\bin32\nSvcAppFlt.exe
PRC - [2008/01/29 12:24:46 | 000,163,840 | ---- | M] () -- C:\Program Files\bin32\nSvcIp.exe
PRC - [2006/11/13 14:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
========== Modules (SafeList) ==========
MOD - [2011/05/21 11:00:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2008/07/23 18:52:10 | 000,012,576 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\saHook.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (ouvhtwgy)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/03/09 14:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/07 22:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/07/23 18:52:06 | 000,206,112 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/04/25 13:30:26 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/29 12:25:10 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/01/29 12:24:46 | 000,163,840 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2006/11/13 14:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)
========== Driver Services (SafeList) ==========
DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/03 14:19:39 | 000,864,384 | ---- | M] (ITE Technologies ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF9035HB.sys -- (AF9035HB)
DRV - [2009/09/08 10:40:14 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2009/04/30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/09/29 18:12:04 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/04/22 02:49:00 | 007,451,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/04/22 02:49:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/01/29 07:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/25 14:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/09/25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/06/29 16:32:08 | 000,611,584 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2006/12/07 15:55:40 | 000,017,024 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005/01/31 10:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 10:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/03 02:04:49 | 000,000,000 | ---D | M]
[2010/08/06 14:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions
[2010/08/06 14:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/07/15 19:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions\MediaCoder
[2010/07/14 08:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions\MediaCoder-MCEX
Hosts file not found
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll ()
O2 - BHO: () - {341A541E-0313-E4B7-0D8E-95E65828470D} - File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110515031129.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\philippe\Pictures\voyage de noce\guadeloupe\guadeloupe\DSCF1191.JPG
O24 - Desktop BackupWallPaper: C:\Users\philippe\Pictures\voyage de noce\guadeloupe\guadeloupe\DSCF1191.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{70d092e9-b928-11de-9a0f-001d72b264bd}\Shell - "" = AutoRun
O33 - MountPoints2\{70d092e9-b928-11de-9a0f-001d72b264bd}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{9e067bf7-3d6d-11de-8d6c-001d72b264bd}\Shell - "" = AutoRun
O33 - MountPoints2\{9e067bf7-3d6d-11de-8d6c-001d72b264bd}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: fastuserswitchingcompatibility - File not found
NetSvcs: ias - File not found
NetSvcs: nla - File not found
NetSvcs: ntmssvc - File not found
NetSvcs: nwcworkstation - File not found
NetSvcs: nwsapagent - File not found
NetSvcs: srservice - File not found
NetSvcs: wmdmpmsp - File not found
NetSvcs: ouvhtwgy - File not found
NetSvcs: logonhours - File not found
NetSvcs: pcaudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/05/26 01:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/05/25 17:38:48 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{D1580BC6-9097-4F06-B3BA-96B04C8C1576}
[2011/05/25 16:18:16 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Roaming\Malwarebytes
[2011/05/25 16:18:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/25 16:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/25 16:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/25 16:18:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/25 16:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/25 15:57:52 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{F7F65056-47F4-4EB6-853F-1302483D859A}
[2011/05/25 14:20:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/25 14:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2011/05/25 09:17:34 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{45A3AEC0-8270-4228-BCB3-692EB97631E4}
[2011/05/24 09:34:16 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{2E3E7802-01DC-410E-BCF6-48E96490AC07}
[2011/05/23 10:12:03 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{2D96F98F-36F8-4F45-8DE4-59B36C2D87FD}
[2011/05/22 11:35:25 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{AA9648D8-C33D-4320-859B-5FFE6F5861F8}
[2011/05/22 11:29:57 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{33FFDF43-8455-46CC-8A99-13BD47E0C497}
[2011/05/21 11:00:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
[2011/05/21 10:58:02 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{15E587AC-9B11-4BD2-9E18-430105445A64}
[2011/05/20 16:33:04 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{4022702F-652C-4143-B756-72D3CF208649}
[2011/05/20 15:03:53 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{F3FEA8F1-0795-48E8-9F54-36B592E7255F}
[2011/05/19 23:34:09 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/05/18 10:21:44 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{DC64B650-7AD5-4940-908F-90067B28DC03}
[2011/05/15 12:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/05/15 09:16:47 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{09FFEFD3-EA6E-452F-BF5A-89506ED6AB3F}
[2011/05/14 11:37:04 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{9B8F0C3B-1BE0-4DD9-9468-84D4BD0FC591}
[2011/05/10 09:38:12 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{248325FA-D235-469D-B0D3-648FF63C16D1}
[2011/04/30 03:55:47 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{B4DA6ABC-A04E-4292-BB13-6BC8715676F7}
[2011/04/29 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\{9BF4B707-EACC-4C0F-A78F-C73C3BF3F43C}
[2011/04/27 11:07:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 11:07:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 11:07:26 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2008/10/05 11:33:00 | 002,741,248 | ---- | C] (Antonio Da Cruz) -- C:\Program Files\PhotoFiltre.exe
[2008/07/22 10:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
========== Files - Modified Within 30 Days ==========
[2011/05/26 02:01:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/26 01:51:48 | 000,678,804 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/05/26 01:51:48 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/26 01:51:48 | 000,126,420 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/05/26 01:51:48 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/26 01:47:30 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/05/26 01:47:16 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 01:47:16 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 01:47:15 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/26 01:47:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/25 16:18:09 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/25 14:12:38 | 000,001,680 | ---- | M] () -- C:\Users\philippe\Desktop\AD-R.lnk
[2011/05/25 11:17:06 | 000,014,406 | ---- | M] () -- C:\Users\philippe\Desktop\texte montage.odt
[2011/05/23 16:50:09 | 000,013,062 | ---- | M] () -- C:\Users\philippe\Desktop\je veux.odt
[2011/05/23 16:44:20 | 004,179,008 | ---- | M] () -- C:\Users\philippe\Desktop\Jean-Louis_Aubert_Demain_sera_parfait_(Instrumental)_93094 (1).mp3
[2011/05/21 11:00:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
[2011/05/21 11:00:44 | 000,094,208 | ---- | M] () -- C:\Users\philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/20 14:34:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/05/19 23:34:00 | 307,961,004 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/17 16:25:37 | 001,708,730 | ---- | M] () -- C:\Users\philippe\Desktop\marie madeleine phil-said.mp3
[2011/05/15 19:15:55 | 002,596,379 | ---- | M] () -- C:\Users\philippe\Documents\celineadrien.odp
[2011/05/15 12:40:16 | 000,005,033 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2011/05/15 12:37:44 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/05/12 13:32:54 | 005,425,215 | ---- | M] () -- C:\Users\philippe\Documents\Catalogue FC IFEN 2012.pdf
[2011/05/12 13:31:16 | 000,064,441 | ---- | M] () -- C:\Users\philippe\Documents\BT276.pdf
[2011/05/07 13:19:07 | 000,000,196 | ---- | M] () -- C:\Users\philippe\Desktop\Messenger.url
[2011/05/07 06:21:31 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2011/05/06 11:49:14 | 000,266,833 | ---- | M] () -- C:\Users\philippe\Documents\CV THIBAULT.pdf
[2011/05/03 16:32:48 | 000,385,493 | ---- | M] () -- C:\Users\philippe\Documents\dictons_cons.pdf
========== Files Created - No Company Name ==========
[2011/05/25 16:18:09 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/25 14:12:38 | 000,001,680 | ---- | C] () -- C:\Users\philippe\Desktop\AD-R.lnk
[2011/05/25 11:35:38 | 000,014,406 | ---- | C] () -- C:\Users\philippe\Desktop\texte montage.odt
[2011/05/23 16:45:31 | 004,179,008 | ---- | C] () -- C:\Users\philippe\Desktop\Jean-Louis_Aubert_Demain_sera_parfait_(Instrumental)_93094 (1).mp3
[2011/05/23 16:45:25 | 000,013,062 | ---- | C] () -- C:\Users\philippe\Desktop\je veux.odt
[2011/05/19 23:48:09 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/05/19 23:34:00 | 307,961,004 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/17 16:25:22 | 001,708,730 | ---- | C] () -- C:\Users\philippe\Desktop\marie madeleine phil-said.mp3
[2011/05/15 19:15:49 | 002,596,379 | ---- | C] () -- C:\Users\philippe\Documents\celineadrien.odp
[2011/05/15 12:37:44 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/05/12 13:32:53 | 005,425,215 | ---- | C] () -- C:\Users\philippe\Documents\Catalogue FC IFEN 2012.pdf
[2011/05/12 13:31:16 | 000,064,441 | ---- | C] () -- C:\Users\philippe\Documents\BT276.pdf
[2011/05/06 11:49:13 | 000,266,833 | ---- | C] () -- C:\Users\philippe\Documents\CV THIBAULT.pdf
[2011/05/03 16:32:48 | 000,385,493 | ---- | C] () -- C:\Users\philippe\Documents\dictons_cons.pdf
[2010/10/15 18:55:02 | 000,000,680 | ---- | C] () -- C:\Users\philippe\AppData\Local\d3d9caps.dat
[2010/09/03 18:50:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/08 17:37:56 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/07/08 17:37:48 | 000,094,208 | ---- | C] () -- C:\Users\philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/08 17:16:28 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2010/05/14 17:08:23 | 000,001,000 | ---- | C] () -- C:\Windows\posteriza.INI
[2010/05/10 11:06:35 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/04/30 16:41:37 | 000,031,007 | ---- | C] () -- C:\Users\philippe\AppData\Roaming\UserTile.png
[2010/04/14 16:26:37 | 002,322,096 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
[2010/04/14 16:26:37 | 000,030,208 | ---- | C] () -- C:\Windows\System32\iolobtdfg.exe
[2010/04/14 16:26:37 | 000,012,288 | ---- | C] () -- C:\Windows\System32\smrgdf.exe
[2010/04/14 16:23:55 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2009/12/31 12:10:23 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll
[2009/12/02 13:45:19 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009/12/01 20:31:43 | 000,000,118 | ---- | C] () -- C:\Users\philippe\AppData\Roaming\wklnhst.dat
[2009/10/20 16:41:34 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.68-8876480L.exe
[2009/10/02 19:06:45 | 000,000,056 | ---- | C] () -- C:\Windows\iltwain.ini
[2009/09/25 15:33:08 | 000,000,000 | ---- | C] () -- C:\Windows\ka.ini
[2009/08/07 23:23:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/07 23:23:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/18 16:52:06 | 000,001,972 | ---- | C] () -- C:\Windows\Media4Ut.ini
[2009/06/05 15:37:11 | 000,000,040 | ---- | C] () -- C:\Windows\NAVIGMA.INI
[2009/06/02 18:08:36 | 000,000,571 | ---- | C] () -- C:\Windows\eReg.dat
[2009/05/26 17:04:22 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/05/26 17:03:28 | 000,000,073 | ---- | C] () -- C:\Windows\magix.ini
[2009/05/19 16:42:44 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2009/05/19 16:24:17 | 000,000,032 | ---- | C] () -- C:\Windows\CDMKR32.INI
[2009/05/17 18:18:13 | 000,000,050 | ---- | C] () -- C:\Windows\Sierra.ini
[2009/05/08 17:28:21 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/05/08 17:28:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/05/08 17:28:16 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/08 17:28:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/08 17:28:14 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/04/10 08:57:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/09 23:30:27 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/04/09 23:30:26 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/04/09 23:30:26 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/04/09 23:30:26 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/04/09 23:30:26 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/04/09 23:30:26 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/04/09 23:30:26 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/04/09 23:30:26 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/04/09 23:30:26 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/04/09 23:30:26 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/04/09 23:30:26 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/04/09 23:30:26 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/04/09 23:30:26 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/04/09 23:30:26 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/04/09 23:30:26 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/04/09 23:30:26 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/04/09 23:30:26 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/04/09 23:30:26 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/04/09 23:30:26 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/04/09 23:18:18 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4000EFDG.ini
[2008/05/09 04:32:23 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/05/09 04:32:23 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/05/09 03:53:15 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/05/09 03:43:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/05/09 03:43:57 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/05/09 03:32:41 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/01/21 10:40:50 | 000,678,804 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2008/01/21 10:40:50 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2008/01/21 10:40:50 | 000,126,420 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2008/01/21 10:40:50 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2008/01/21 04:23:50 | 000,151,296 | ---- | C] () -- C:\Windows\System32\ztbbpbpj.dat
[2008/01/21 04:23:50 | 000,135,936 | ---- | C] () -- C:\Windows\System32\ofeppxyi.dat
[2008/01/21 04:23:50 | 000,034,560 | ---- | C] () -- C:\Windows\System32\amformoe.dat
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 000,376,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/11 00:32:18 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2006/10/11 00:32:18 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2005/08/29 10:43:34 | 000,008,073 | ---- | C] () -- C:\Program Files\PhotoMasque.htm
[2005/08/18 10:21:52 | 000,033,369 | ---- | C] () -- C:\Program Files\PhotoFiltre.htm
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
========== Custom Scans ==========
<
TL >< SRV - [2011/05/19 17:34:19 | 000,033,280 | ---- | M] (Yhkgmurv Software) [Auto | Start_Pending] -- C:\Windows\TEMP\egio\setup.exe -- (AMService) >
Invalid Switch: 19 17:34:19 | 000,033,280 | ---- | M] (Yhkgmurv Software) [Auto | Start_Pending] -- C:\Windows\TEMP\egio\setup.exe -- (AMService)
< SRV - [2011/05/19 15:34:26 | 000,795,648 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\tafwyfiw.dll -- (ouvhtwgy) >
Invalid Switch: 19 15:34:26 | 000,795,648 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\tafwyfiw.dll -- (ouvhtwgy)
< SRV - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) >
Invalid Switch: 28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
< IE - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.) >
< O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.) >
< O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. >
< O2 - BHO: () - {341A541E-0313-E4B7-0D8E-95E65828470D} - C:\Windows\System32\tafwyfiw.dll () >
< O2 - BHO: (Interest recogniser for Freecompressor (powered by Spointer)) - {a83c3565-302c-4bf8-b000-6b6f1811d892} - C:\Program Files\FreeCompressor\spointer\extensions\freecompressor_air_ie.dll (Freecompressor) >
< O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.) >
< O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) >
< O4 - HKU\.DEFAULT..\Run: [Metropolis] C:\Windows\TEMP\sshnas21.dll (Simon Tatham) >
< O4 - HKU\.DEFAULT..\Run: [SNJQ66R8MU] C:\Windows\Temp\Rx1.exe () >
< O4 - HKU\S-1-5-18..\Run: [Metropolis] C:\Windows\TEMP\sshnas21.dll (Simon Tatham) >
< O4 - HKU\S-1-5-18..\Run: [SNJQ66R8MU] C:\Windows\Temp\Rx1.exe () >
< O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.) >
< O4 - HKU\S-1-5-21-3946775130-2078676673-2178499442-1000..\Run: [Lpizokesiko] C:\Users\philippe\AppData\Local\ncoral.dll (Acronis) >
< O20 - Winlogon\Notify\uximert: DllName - C:\Windows\system32\config\systemprofile\AppData\Local\uximert.dll - C:\Windows\System32\config\systemprofile\AppData\Local\uximert.dll () >
< [2010/05/13 03:06:57 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI >
Invalid Switch: 13 03:06:57 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
< @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP
A3C6C07 >< @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:700CD00E >
< @Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:8AB6C1D7 >
< @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:204BEE0F >
< @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:EB603FE4 >
< @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:F50F1555 >
< @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:793F316E >
< @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FC420CE6 >
< @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C95B63DA >
< @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:131C0EE9 >
< @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:567AC0A6 >
< @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:18AE7C5A >
< @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:87FA5E8A >
< @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E1982A23 >
< @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:37CE0F2E >
< @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:580E04D8 >
< @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:30376ACC >
< @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:FF818E2B >
< @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5D10517E >
< @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:8173A019 >
< >
< :Files >
< C:\Windows\System32\tafwyfiw.dll >
< C:\Users\philippe\AppData\Roaming\.# >
< C:\Windows\Temp\Rx2.exe >
< C:\Windows\Temp\Rx0.exe >
< C:\Program Files\Common Files\Spigot >
< C:\Program Files\Application Updater >
< C:\Windows\Temp\egio\setup.exe >
< >
< :Commands >
< [purity] >
< [emptytemp] >
< [emptyflash] >
========== Alternate Data Streams ==========
@Alternate Data Stream - 809 bytes -> C:\Users\philippe\Documents\Cédric Charbonnier.eml
ECustomProperty< End of report >
la il y a les 2 rapports Ad-remover et OTL
Yop,
Oula, les rapports sont tout mélangés dans ton post !
Peux-tu s'il te plaît dans un premier temps copier-coller le rapport de suppression d'AD-Remover, puis dans un deuxième temps poste le rapport OTL que tu viens de faire. Par contre, pour le rapport OTL, pense bien à cela :
Pour les rapports, qui ont tendance à être trop longs pour le forum, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
![;)]( ";)")
Oula, les rapports sont tout mélangés dans ton post !
Peux-tu s'il te plaît dans un premier temps copier-coller le rapport de suppression d'AD-Remover, puis dans un deuxième temps poste le rapport OTL que tu viens de faire. Par contre, pour le rapport OTL, pense bien à cela :
Pour les rapports, qui ont tendance à être trop longs pour le forum, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
hello!!
désolé pour les erreurs voilà le rapport ad-remover
http://www.cijoint.fr/cjlink.php?file=cj201105/cij1AeUB...
désolé pour les erreurs voilà le rapport ad-remover
http://www.cijoint.fr/cjlink.php?file=cj201105/cij1AeUB...
guigui0001 a dit :
Yop, Comment se comporte le PC ? Du mieux ? Toujours des pubs intempestives ?
pour le moment, ca à l'ar de le faire! plus de bug, plus de fenêtre intempestive! encore une fois merci pour le dépannage! si un jour tu as besoin d'un groupe gospel c'est toutes mes compétences! merci et A+
Re,
Oki, bon ben on termine :
1)
![]()
Important : purge de la restauration du système[/#ff] ![]()
--> Il y a toujours des virus dans tes points de restauration. Suis ce tuto pour la purger.
N'oublie pas de créer un nouveau point de restauration une fois l'opération effectuée (en appuyant sur le bouton créer)
2)
Les menaces diverses sur Internet étant de plus en plus nombreuses, je te conseille vivement de consulter ces liens, afin de mieux te protéger sur le Net :
![]()
Les dangers du P2P (comme emule, limewire...) : http://forum.zebulon.fr/index.php?showtopic=85544
Pour télécharger gratuitement et légalement, je te conseille Beezik , qui a pour avantages :
Une meilleure qualité de son
Pas de virus !
![]()
Les dangers des cracks, des keygens : http://forum.malekal.com/danger-des-cracks-t893.html
![]()
Rappels sur les OS piratés : http://redirectingat.com/?id=1402X522807&xs=1&url=http%...
********************************
Logiciels de sécurité conseillés :
![]()
Anti-virus : Avast 6.0
![]()
Pour scanner tes fichiers : MBAM
********************************
![]()
Attention, contrairement aux idées reçues :
Ne jamais avoir deux anti-virus avec la protection en temps réelle activée, c'est la meilleure façon de créer des conflits. Plusieurs anti-virus actifs peuvent s'entraver, et, au final, le PC que l'on croyait plus sécurisé devient une vraie passoire...
Les anti-spywares ne servent à rien !!
Je te conseille fortement de ne pas installer des packs de "transformation', qui donnent par exemple l'allure de Windows Vista à un Windows XP. Ce genre de programmes posent beaucoup de problèmes !!!
Enfin, n'oublie pas que la meilleure manière de protéger ton ordinateur c'est toi !
3)
Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre de ton sujet :
Clique, dans ton premier message, sur le bouton Editer ![]()
.
Ajoute [Résolu] devant le titre.
Clique ensuite sur Valider votre message.
Sois plus vigilant(e) sur Internet !![;)]( ";)")
A+ sur Tom's Guide![:hello:]( ":hello:")
PS :
Tu es choriste ? Sympa![:)]( ":)")
Oki, bon ben on termine :
1)
Important : purge de la restauration du système[/#ff] --> Il y a toujours des virus dans tes points de restauration. Suis ce tuto pour la purger.
N'oublie pas de créer un nouveau point de restauration une fois l'opération effectuée (en appuyant sur le bouton créer)
2)
[#0033ff]
![]()
Prévention ![]()
Prévention Les menaces diverses sur Internet étant de plus en plus nombreuses, je te conseille vivement de consulter ces liens, afin de mieux te protéger sur le Net :
Les dangers du P2P (comme emule, limewire...) : http://forum.zebulon.fr/index.php?showtopic=85544 Pour télécharger gratuitement et légalement, je te conseille Beezik , qui a pour avantages :
Les dangers des cracks, des keygens : http://forum.malekal.com/danger-des-cracks-t893.html Rappels sur les OS piratés : http://redirectingat.com/?id=1402X522807&xs=1&url=http%...********************************
Logiciels de sécurité conseillés :
Anti-virus : Avast 6.0 Pour scanner tes fichiers : MBAM ********************************
Attention, contrairement aux idées reçues : Enfin, n'oublie pas que la meilleure manière de protéger ton ordinateur c'est toi !
3)
Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre de ton sujet :
.Sois plus vigilant(e) sur Internet !
A+ sur Tom's Guide
PS :
Citation :
si un jour tu as besoin d'un groupe gospel c'est toutes mes compétences!Tu es choriste ? Sympa
Lassé par la pub ? Créez un compte
- Contenus similaires :
