[résolu] virus live security
Dernière réponse : dans Sécurité
Bonjour,
J'ai moi aussi le virus live security sur mon PC, j'ai téléchargé le logiciel OTL et j'ai les 2 rapports qui se sont ouverts mais je ne sais pas ce que je dois faire avec?
Merci par avance pour votre aide!!
J'ai moi aussi le virus live security sur mon PC, j'ai téléchargé le logiciel OTL et j'ai les 2 rapports qui se sont ouverts mais je ne sais pas ce que je dois faire avec?
Merci par avance pour votre aide!!
Autres pages sur : resolu virus live security
- adial a édité ce message
Lassé par la pub ? Créez un compte
Bonjour,
http://www.bleepingcomputer.com/combofix/fr/comment-uti...
- Utilise ComboFix et poste le rapport :
http://www.bleepingcomputer.com/combofix/fr/comment-uti...
- | Alerter
Destrio5 a dit :
Bonjour,- Utilise ComboFix et poste le rapport :
http://www.bleepingcomputer.com/combofix/fr/comment-uti...
J'ai déjà utilisé OTL et j'ai deux rapports, ne pourriez vous pas m'aider grâce à ces derniers?
- | Alerter
- | Alerter
Contenus similaires
- virus live security platinum /résolu - Forum
- [Résolu] Virus live security platinium - Forum
- virus live security platinum - Forum
- Virus Live Security Platinum - Forum
- | Alerter
- | Alerter
- | Alerter
- | Alerter
- | Alerter
Essaie MBAM et poste le rapport.
http://www.malekal.com/2010/11/12/tutorial-malwarebyte-...
Tu peux poster les rapports d'OTL.
http://www.malekal.com/2010/11/12/tutorial-malwarebyte-...
Tu peux poster les rapports d'OTL.
- | Alerter
- | Alerter
J'ai fait le sacn avec mbam et il a trouvé 19 fichiers que j'ai supprimé avant de redémarrer le PC comme demandé. Voici les rapports:
http://cjoint.com/?BHevnvynmto
http://cjoint.com/?BHevpLpFJwg
http://cjoint.com/?BHevqxa4mBf
Par contre une fois le PC redémarré, le logiciel Malwarebytes me signale qu'un site malveillant tente de se connecter et qu'il faut le mettre en quarantaine, ce que j'ai fait.
Est ce que cela signifie que le PC n'est pas complètement nettoyé?
http://cjoint.com/?BHevnvynmto
http://cjoint.com/?BHevpLpFJwg
http://cjoint.com/?BHevqxa4mBf
Par contre une fois le PC redémarré, le logiciel Malwarebytes me signale qu'un site malveillant tente de se connecter et qu'il faut le mettre en quarantaine, ce que j'ai fait.
Est ce que cela signifie que le PC n'est pas complètement nettoyé?
- | Alerter
- | Alerter
Oui j'ai pu télécharger combofix et j'ai exécuté le programme. Voici le rapport
http://cjoint.com/?BHewPKkNrsQ
Que dois je faire maintenant?
Merci d'avance!
http://cjoint.com/?BHewPKkNrsQ
Que dois je faire maintenant?
Merci d'avance!
- | Alerter
Ça devient bon.
Le PC fonctionne mieux ?
/!\ Seul adial peut suivre cette procédure /!\
Le PC fonctionne mieux ?
/!\ Seul adial peut suivre cette procédure /!\
- Désactive toute protection résidente (Antivirus...) !
- Cela va relancer Combofix : au message qui apparaît, accepte.
- Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
- Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
- Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :
KillAll::
File::
c:\program files\Vuze_Remote\tbVuze.dll
Folder::
c:\programdata\6F638BC80283EF2ABC0B18906C44B161
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=-
File::
c:\program files\Vuze_Remote\tbVuze.dll
Folder::
c:\programdata\6F638BC80283EF2ABC0B18906C44B161
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=-
---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.
- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers.
- Clique sur Enregistrer.
- Quitte le Bloc-notes.
---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
- | Alerter
J ai relance combofix comme decrit ci dessus il y a plus d une heure et je crains que la procedure ne donctionne pas parce que depuis tout ce temps il y a cette fenetre bleu ou est ecrit ce message: recherche de fichiers infectes ceci ne prend generalement que 10min mais ce temps peut doubler.
Est ce normal? Aucun autre message ne s affiche....
Est ce normal? Aucun autre message ne s affiche....
- | Alerter
Je ne crois pas.
Essaie de faire la manip' en mode sans échec :
http://www.commentcamarche.net/faq/5004-windows-demarra...
Essaie de faire la manip' en mode sans échec :
http://www.commentcamarche.net/faq/5004-windows-demarra...
- | Alerter
Ok merci, c'est ce que j'ai fait et il semble que ça ait fonctionné. Voici donc le rapport:
ComboFix 12-08-05.02 - Audrey 05/08/2012 17:12:03.2.1 - x86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2037.1464 [GMT 2:00]
Lancé depuis: c:\users\Audrey\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Audrey\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
FILE ::
"c:\program files\Vuze_Remote\tbVuze.dll"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Vuze_Remote\tbVuze.dll
c:\programdata\6F638BC80283EF2ABC0B18906C44B161
c:\programdata\6F638BC80283EF2ABC0B18906C44B161\6F638BC80283EF2ABC0B18906C44B161
c:\programdata\6F638BC80283EF2ABC0B18906C44B161\6F638BC80283EF2ABC0B18906C44B161.ico
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-07-05 au 2012-08-05 ))))))))))))))))))))))))))))))))))))
.
.
2012-08-05 15:19 . 2012-08-05 15:20 -------- d-----w- c:\users\Audrey\AppData\Local\temp
2012-08-05 15:19 . 2012-08-05 15:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 17:58 . 2012-08-04 17:58 -------- d-----w- c:\users\Audrey\AppData\Roaming\Malwarebytes
2012-08-04 17:58 . 2012-08-04 17:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-04 17:58 . 2012-08-04 17:58 -------- d-----w- c:\programdata\Malwarebytes
2012-08-04 17:58 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-03 09:00 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{504E1263-53AE-4304-A507-D5D3422E9312}\mpengine.dll
2012-08-03 08:55 . 2012-08-03 08:55 -------- d-----w- c:\users\Audrey\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 10:25 . 2010-03-21 19:38 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-19 19:16 . 2012-05-02 18:19 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"KiesTrayAgent"="c:\program files\Samsung\Kies\/\KiesTrayAgent.exe" [2010-01-28 3404600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-30 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2012-08-04 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-06 09:47]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-06 09:47]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3244362998-3445812476-3492851113-1000Core.job
- c:\users\Audrey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02 17:40]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3244362998-3445812476-3492851113-1000UA.job
- c:\users\Audrey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02 17:40]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\ynkw33p0.default\
FF - prefs.js: browser.startup.homepage - place:sort=8&redirectsMode=2&maxResults=10
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-05 17:21
Windows 6.0.6001 Service Pack 1 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dgdersvc.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\Epson Software\Event Manager\EEventManager.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2012-08-05 17:27:02 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-08-05 15:26
ComboFix2.txt 2012-08-04 20:36
.
Avant-CF: 22 150 795 264 octets libres
Après-CF: 20 139 565 056 octets libres
.
- - End Of File - - D09DE32219D483027293DEA808FE2A87
ComboFix 12-08-05.02 - Audrey 05/08/2012 17:12:03.2.1 - x86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2037.1464 [GMT 2:00]
Lancé depuis: c:\users\Audrey\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Audrey\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
FILE ::
"c:\program files\Vuze_Remote\tbVuze.dll"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Vuze_Remote\tbVuze.dll
c:\programdata\6F638BC80283EF2ABC0B18906C44B161
c:\programdata\6F638BC80283EF2ABC0B18906C44B161\6F638BC80283EF2ABC0B18906C44B161
c:\programdata\6F638BC80283EF2ABC0B18906C44B161\6F638BC80283EF2ABC0B18906C44B161.ico
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-07-05 au 2012-08-05 ))))))))))))))))))))))))))))))))))))
.
.
2012-08-05 15:19 . 2012-08-05 15:20 -------- d-----w- c:\users\Audrey\AppData\Local\temp
2012-08-05 15:19 . 2012-08-05 15:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 17:58 . 2012-08-04 17:58 -------- d-----w- c:\users\Audrey\AppData\Roaming\Malwarebytes
2012-08-04 17:58 . 2012-08-04 17:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-04 17:58 . 2012-08-04 17:58 -------- d-----w- c:\programdata\Malwarebytes
2012-08-04 17:58 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-03 09:00 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{504E1263-53AE-4304-A507-D5D3422E9312}\mpengine.dll
2012-08-03 08:55 . 2012-08-03 08:55 -------- d-----w- c:\users\Audrey\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 10:25 . 2010-03-21 19:38 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-19 19:16 . 2012-05-02 18:19 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"KiesTrayAgent"="c:\program files\Samsung\Kies\/\KiesTrayAgent.exe" [2010-01-28 3404600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-30 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2012-08-04 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-06 09:47]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-06 09:47]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3244362998-3445812476-3492851113-1000Core.job
- c:\users\Audrey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02 17:40]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3244362998-3445812476-3492851113-1000UA.job
- c:\users\Audrey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02 17:40]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\ynkw33p0.default\
FF - prefs.js: browser.startup.homepage - place:sort=8&redirectsMode=2&maxResults=10
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-05 17:21
Windows 6.0.6001 Service Pack 1 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dgdersvc.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\Epson Software\Event Manager\EEventManager.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2012-08-05 17:27:02 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-08-05 15:26
ComboFix2.txt 2012-08-04 20:36
.
Avant-CF: 22 150 795 264 octets libres
Après-CF: 20 139 565 056 octets libres
.
- - End Of File - - D09DE32219D483027293DEA808FE2A87
- | Alerter
Oui, ça a fonctionné.
- Télécharge et lance AdwCleaner (d'Xplode), choisis l'option "Suppression" et poste le rapport.
- | Alerter
Ok! Voilà:
# AdwCleaner v1.800 - Rapport créé le 06/08/2012 à 11:13:03
# Mis à jour le 01/08/2012 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Basic Service Pack 1 (32 bits)
# Nom d'utilisateur : Audrey - PC-DE-AUDREY
# Exécuté depuis : C:\Users\Audrey\Desktop\adwcleaner.exe
# Option [Suppression]
***** [Services] *****
***** [Fichiers / Dossiers] *****
Dossier Supprimé : C:\Users\Audrey\AppData\LocalLow\Conduit
Dossier Supprimé : C:\Users\Audrey\AppData\LocalLow\Vuze_Remote
Dossier Supprimé : C:\Users\Audrey\AppData\Roaming\CrazyLoader
Dossier Supprimé : C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\ynkw33p0.default\CT2504091
Dossier Supprimé : C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\ynkw33p0.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Dossier Supprimé : C:\ProgramData\Viewpoint
Dossier Supprimé : C:\Program Files\Conduit
Dossier Supprimé : C:\Program Files\Viewpoint
Dossier Supprimé : C:\Program Files\Vuze_Remote
Fichier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Fichier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk
***** [Registre] *****
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKCU\Software\AppDataLow\Toolbar
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\JavaSoft\Prefs\crazyloader
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Clé Supprimée : HKCU\Software\Spointer
Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Clé Supprimée : HKLM\SOFTWARE\Conduit
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Clé Supprimée : HKLM\SOFTWARE\MetaStream
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Clé Supprimée : HKLM\SOFTWARE\Viewpoint
Clé Supprimée : HKLM\SOFTWARE\Vuze_Remote
***** [Registre - GUID] *****
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{60362EE7-0CB0-4388-94E5-4BF025525888}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1037263F-330A-4685-A7E8-4A20BDBA67B4}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1037263F-330A-4685-A7E8-4A20BDBA67B4}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
***** [Navigateurs] *****
-\\ Internet Explorer v7.0.6001.18000
[OK] Le registre ne contient aucune entrée illégitime.
-\\ Mozilla Firefox v14.0.1 (fr)
Nom du profil : default
Fichier : C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\ynkw33p0.default\prefs.js
Supprimée : user_pref("CT2504091..clientLogIsEnabled", false);
Supprimée : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Supprimée : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Supprimée : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Supprimée : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Supprimée : user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);
Supprimée : user_pref("CT2504091.CTID", "CT2504091");
Supprimée : user_pref("CT2504091.CurrentServerDate", "6-8-2012");
Supprimée : user_pref("CT2504091.DialogsAlignMode", "LTR");
Supprimée : user_pref("CT2504091.DialogsGetterLastCheckTime", "Fri Aug 03 2012 12:29:57 GMT+0200");
Supprimée : user_pref("CT2504091.DownloadReferralCookieData", "");
Supprimée : user_pref("CT2504091.EMailNotifierPollDate", "Wed Jun 02 2010 22:47:53 GMT+0200");
Supprimée : user_pref("CT2504091.FeedLastCount129079840422964131", 10);
Supprimée : user_pref("CT2504091.FeedPollDate128891351169457140", "Wed Jun 02 2010 23:52:32 GMT+0200");
Supprimée : user_pref("CT2504091.FeedPollDate129079840422964131", "Wed Jun 02 2010 22:52:53 GMT+0200");
Supprimée : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Supprimée : user_pref("CT2504091.FirstServerDate", "2-6-2010");
Supprimée : user_pref("CT2504091.FirstTime", true);
Supprimée : user_pref("CT2504091.FirstTimeFF3", true);
Supprimée : user_pref("CT2504091.FirstTimeSettingsDone", true);
Supprimée : user_pref("CT2504091.FixPageNotFoundErrors", true);
Supprimée : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Supprimée : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Supprimée : user_pref("CT2504091.HasUserGlobalKeys", true);
Supprimée : user_pref("CT2504091.Initialize", true);
Supprimée : user_pref("CT2504091.InitializeCommonPrefs", true);
Supprimée : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
Supprimée : user_pref("CT2504091.InstallationType", "UnknownIntegration");
Supprimée : user_pref("CT2504091.InstalledDate", "Wed Jun 02 2010 20:52:40 GMT+0200");
Supprimée : user_pref("CT2504091.IsGrouping", false);
Supprimée : user_pref("CT2504091.IsMulticommunity", false);
Supprimée : user_pref("CT2504091.IsOpenThankYouPage", true);
Supprimée : user_pref("CT2504091.IsOpenUninstallPage", false);
Supprimée : user_pref("CT2504091.LanguagePackLastCheckTime", "Sun Aug 05 2012 15:04:49 GMT+0200");
Supprimée : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Supprimée : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Supprimée : user_pref("CT2504091.LastLogin_2.7.0.14", "Wed Jun 02 2010 20:52:53 GMT+0200");
Supprimée : user_pref("CT2504091.LastLogin_3.12.2.3", "Sun Jun 03 2012 16:32:51 GMT+0200");
Supprimée : user_pref("CT2504091.LastLogin_3.13.0.6", "Sun Jul 15 2012 21:59:16 GMT+0200");
Supprimée : user_pref("CT2504091.LastLogin_3.14.1.0", "Mon Aug 06 2012 10:51:12 GMT+0200");
Supprimée : user_pref("CT2504091.LatestVersion", "3.14.1.0");
Supprimée : user_pref("CT2504091.Locale", "en-us");
Supprimée : user_pref("CT2504091.LoginCache", 4);
Supprimée : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Supprimée : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Supprimée : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Supprimée : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
Supprimée : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Supprimée : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Supprimée : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Supprimée : user_pref("CT2504091.SearchInNewTabEnabled", true);
Supprimée : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Supprimée : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Sun Aug 05 2012 15:04:49 GMT+0200");
Supprimée : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Supprimée : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Supprimée : user_pref("CT2504091.ServiceMapLastCheckTime", "Sun Aug 05 2012 15:04:49 GMT+0200");
Supprimée : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Supprimée : user_pref("CT2504091.SettingsLastCheckTime", "Mon Aug 06 2012 10:51:11 GMT+0200");
Supprimée : user_pref("CT2504091.SettingsLastUpdate", "1341594968");
Supprimée : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Supprimée : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Wed Jun 02 2010 20:52:16 GMT+0200");
Supprimée : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1272927290");
Supprimée : user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
Supprimée : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
Supprimée : user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Supprimée : user_pref("CT2504091.UserID", "UN83303391841776696");
Supprimée : user_pref("CT2504091.alertChannelId", "897164");
Supprimée : user_pref("CT2504091.clientLogIsEnabled", true);
Supprimée : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Supprimée : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Supprimée : user_pref("CT2504091.homepageProtectorEnableByLogin", true);
Supprimée : user_pref("CT2504091.initDone", true);
Supprimée : user_pref("CT2504091.myStuffEnabled", true);
Supprimée : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Supprimée : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Supprimée : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Supprimée : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Supprimée : user_pref("CT2504091.revertSettingsEnabled", true);
Supprimée : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
Supprimée : user_pref("CT2504091.searchProtectorEnableByLogin", true);
Supprimée : user_pref("CT2504091.testingCtid", "");
Supprimée : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Sun Aug 05 2012 15:04:49 GMT+0200");
Supprimée : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Supprimée : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Supprimée : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Supprimée : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Supprimée : user_pref("CommunityToolbar.globalUserId", "3ca7fbcc-5eca-4dbb-bf31-fcafdde2b344");
-\\ Google Chrome v21.0.1180.60
Fichier : C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Preferences
Supprimée : "path": "C:\\Program Files\\Viewpoint\\Viewpoint Experience Technology\\npViewpoint.dll",
*************************
AdwCleaner[S1].txt - [11964 octets] - [06/08/2012 11:13:03]
########## EOF - C:\AdwCleaner[S1].txt - [12093 octets] ##########
Est-ce terminé?
# AdwCleaner v1.800 - Rapport créé le 06/08/2012 à 11:13:03
# Mis à jour le 01/08/2012 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Basic Service Pack 1 (32 bits)
# Nom d'utilisateur : Audrey - PC-DE-AUDREY
# Exécuté depuis : C:\Users\Audrey\Desktop\adwcleaner.exe
# Option [Suppression]
***** [Services] *****
***** [Fichiers / Dossiers] *****
Dossier Supprimé : C:\Users\Audrey\AppData\LocalLow\Conduit
Dossier Supprimé : C:\Users\Audrey\AppData\LocalLow\Vuze_Remote
Dossier Supprimé : C:\Users\Audrey\AppData\Roaming\CrazyLoader
Dossier Supprimé : C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\ynkw33p0.default\CT2504091
Dossier Supprimé : C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\ynkw33p0.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Dossier Supprimé : C:\ProgramData\Viewpoint
Dossier Supprimé : C:\Program Files\Conduit
Dossier Supprimé : C:\Program Files\Viewpoint
Dossier Supprimé : C:\Program Files\Vuze_Remote
Fichier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Fichier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk
***** [Registre] *****
Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKCU\Software\AppDataLow\Toolbar
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\JavaSoft\Prefs\crazyloader
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Clé Supprimée : HKCU\Software\Spointer
Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Clé Supprimée : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Clé Supprimée : HKLM\SOFTWARE\Conduit
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Clé Supprimée : HKLM\SOFTWARE\MetaStream
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Clé Supprimée : HKLM\SOFTWARE\Viewpoint
Clé Supprimée : HKLM\SOFTWARE\Vuze_Remote
***** [Registre - GUID] *****
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{60362EE7-0CB0-4388-94E5-4BF025525888}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1037263F-330A-4685-A7E8-4A20BDBA67B4}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1037263F-330A-4685-A7E8-4A20BDBA67B4}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
***** [Navigateurs] *****
-\\ Internet Explorer v7.0.6001.18000
[OK] Le registre ne contient aucune entrée illégitime.
-\\ Mozilla Firefox v14.0.1 (fr)
Nom du profil : default
Fichier : C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\ynkw33p0.default\prefs.js
Supprimée : user_pref("CT2504091..clientLogIsEnabled", false);
Supprimée : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Supprimée : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Supprimée : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Supprimée : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Supprimée : user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);
Supprimée : user_pref("CT2504091.CTID", "CT2504091");
Supprimée : user_pref("CT2504091.CurrentServerDate", "6-8-2012");
Supprimée : user_pref("CT2504091.DialogsAlignMode", "LTR");
Supprimée : user_pref("CT2504091.DialogsGetterLastCheckTime", "Fri Aug 03 2012 12:29:57 GMT+0200");
Supprimée : user_pref("CT2504091.DownloadReferralCookieData", "");
Supprimée : user_pref("CT2504091.EMailNotifierPollDate", "Wed Jun 02 2010 22:47:53 GMT+0200");
Supprimée : user_pref("CT2504091.FeedLastCount129079840422964131", 10);
Supprimée : user_pref("CT2504091.FeedPollDate128891351169457140", "Wed Jun 02 2010 23:52:32 GMT+0200");
Supprimée : user_pref("CT2504091.FeedPollDate129079840422964131", "Wed Jun 02 2010 22:52:53 GMT+0200");
Supprimée : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Supprimée : user_pref("CT2504091.FirstServerDate", "2-6-2010");
Supprimée : user_pref("CT2504091.FirstTime", true);
Supprimée : user_pref("CT2504091.FirstTimeFF3", true);
Supprimée : user_pref("CT2504091.FirstTimeSettingsDone", true);
Supprimée : user_pref("CT2504091.FixPageNotFoundErrors", true);
Supprimée : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Supprimée : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Supprimée : user_pref("CT2504091.HasUserGlobalKeys", true);
Supprimée : user_pref("CT2504091.Initialize", true);
Supprimée : user_pref("CT2504091.InitializeCommonPrefs", true);
Supprimée : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
Supprimée : user_pref("CT2504091.InstallationType", "UnknownIntegration");
Supprimée : user_pref("CT2504091.InstalledDate", "Wed Jun 02 2010 20:52:40 GMT+0200");
Supprimée : user_pref("CT2504091.IsGrouping", false);
Supprimée : user_pref("CT2504091.IsMulticommunity", false);
Supprimée : user_pref("CT2504091.IsOpenThankYouPage", true);
Supprimée : user_pref("CT2504091.IsOpenUninstallPage", false);
Supprimée : user_pref("CT2504091.LanguagePackLastCheckTime", "Sun Aug 05 2012 15:04:49 GMT+0200");
Supprimée : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Supprimée : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Supprimée : user_pref("CT2504091.LastLogin_2.7.0.14", "Wed Jun 02 2010 20:52:53 GMT+0200");
Supprimée : user_pref("CT2504091.LastLogin_3.12.2.3", "Sun Jun 03 2012 16:32:51 GMT+0200");
Supprimée : user_pref("CT2504091.LastLogin_3.13.0.6", "Sun Jul 15 2012 21:59:16 GMT+0200");
Supprimée : user_pref("CT2504091.LastLogin_3.14.1.0", "Mon Aug 06 2012 10:51:12 GMT+0200");
Supprimée : user_pref("CT2504091.LatestVersion", "3.14.1.0");
Supprimée : user_pref("CT2504091.Locale", "en-us");
Supprimée : user_pref("CT2504091.LoginCache", 4);
Supprimée : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Supprimée : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Supprimée : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Supprimée : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
Supprimée : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Supprimée : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Supprimée : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Supprimée : user_pref("CT2504091.SearchInNewTabEnabled", true);
Supprimée : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Supprimée : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Sun Aug 05 2012 15:04:49 GMT+0200");
Supprimée : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Supprimée : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Supprimée : user_pref("CT2504091.ServiceMapLastCheckTime", "Sun Aug 05 2012 15:04:49 GMT+0200");
Supprimée : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Supprimée : user_pref("CT2504091.SettingsLastCheckTime", "Mon Aug 06 2012 10:51:11 GMT+0200");
Supprimée : user_pref("CT2504091.SettingsLastUpdate", "1341594968");
Supprimée : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Supprimée : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Wed Jun 02 2010 20:52:16 GMT+0200");
Supprimée : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1272927290");
Supprimée : user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
Supprimée : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
Supprimée : user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Supprimée : user_pref("CT2504091.UserID", "UN83303391841776696");
Supprimée : user_pref("CT2504091.alertChannelId", "897164");
Supprimée : user_pref("CT2504091.clientLogIsEnabled", true);
Supprimée : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Supprimée : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Supprimée : user_pref("CT2504091.homepageProtectorEnableByLogin", true);
Supprimée : user_pref("CT2504091.initDone", true);
Supprimée : user_pref("CT2504091.myStuffEnabled", true);
Supprimée : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Supprimée : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Supprimée : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Supprimée : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Supprimée : user_pref("CT2504091.revertSettingsEnabled", true);
Supprimée : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
Supprimée : user_pref("CT2504091.searchProtectorEnableByLogin", true);
Supprimée : user_pref("CT2504091.testingCtid", "");
Supprimée : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Sun Aug 05 2012 15:04:49 GMT+0200");
Supprimée : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]
Supprimée : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Supprimée : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Supprimée : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Supprimée : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Supprimée : user_pref("CommunityToolbar.globalUserId", "3ca7fbcc-5eca-4dbb-bf31-fcafdde2b344");
-\\ Google Chrome v21.0.1180.60
Fichier : C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Preferences
Supprimée : "path": "C:\\Program Files\\Viewpoint\\Viewpoint Experience Technology\\npViewpoint.dll",
*************************
AdwCleaner[S1].txt - [11964 octets] - [06/08/2012 11:13:03]
########## EOF - C:\AdwCleaner[S1].txt - [12093 octets] ##########
Est-ce terminé?
- | Alerter
- | Alerter
J'ai tout supprimé dans le fichier quarantaire de Mbam et j'ai désinstaller Combofix. J'ai lancé OTL et voici le rapport:
OTL logfile created on: 06/08/2012 16:27:44 - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Audrey\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,10% Memory free
4,21 Gb Paging File | 2,98 Gb Available in Paging File | 70,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,96 Gb Total Space | 18,15 Gb Free Space | 17,98% Space Free | Partition Type: NTFS
Drive D: | 10,83 Gb Total Space | 2,44 Gb Free Space | 22,50% Space Free | Partition Type: NTFS
Drive F: | 508,34 Mb Total Space | 289,85 Mb Free Space | 57,02% Space Free | Partition Type: FAT
Computer Name: PC-DE-AUDREY | User Name: Audrey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/08/06 11:42:33 | 000,302,961 | ---- | M] () -- C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
PRC - [2012/08/04 16:41:40 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Audrey\Desktop\OTL.exe
PRC - [2012/07/03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/06/17 19:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2010/05/21 01:01:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 01:01:26 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/12/22 04:31:26 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
PRC - [2009/12/22 04:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgdersvc.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/21 04:33:52 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
PRC - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2007/10/03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
========== Modules (No Company Name) ==========
MOD - [2012/08/06 11:42:33 | 000,302,961 | ---- | M] () -- C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
MOD - [2012/02/20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/01 11:59:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/07/01 11:58:53 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll
MOD - [2011/07/01 11:58:52 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll
MOD - [2011/07/01 11:58:52 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.Wrapper.dll
MOD - [2011/07/01 11:57:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/07/01 11:53:58 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/07/01 11:51:07 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/07/01 11:50:36 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/07/01 11:50:15 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
MOD - [2011/07/01 11:50:03 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll
MOD - [2011/07/01 11:50:01 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll
MOD - [2011/07/01 11:49:43 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll
MOD - [2011/07/01 11:49:25 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll
MOD - [2011/07/01 11:49:19 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/07/01 11:48:37 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/05/04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\PROGRA~1\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\PROGRA~1\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll
MOD - [2008/07/27 20:22:54 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2008/07/27 20:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/07/27 20:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/07/27 20:03:10 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008/07/11 21:39:10 | 000,245,760 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2008/07/11 21:39:10 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2008/07/11 21:39:10 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_fr_31bf3856ad364e35\WindowsBase.resources.dll
MOD - [2008/01/21 04:34:17 | 000,368,640 | ---- | M] () -- C:\WINDOWS\System32\msjetoledb40.dll
MOD - [2007/10/01 17:11:02 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2007/10/01 17:11:00 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2007/10/01 17:10:50 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2007/10/01 17:10:28 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2007/10/01 17:10:20 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2007/10/01 17:10:20 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2007/10/01 17:10:20 | 000,006,144 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2007/08/20 14:10:18 | 000,249,856 | ---- | M] () -- C:\WINDOWS\System32\igfxTMM.dll
MOD - [2007/08/14 16:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
========== Win32 Services (SafeList) ==========
SRV - [2012/08/06 16:26:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/06 11:42:32 | 000,285,795 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -- (HOSTS Anti-PUPs)
SRV - [2012/07/19 21:16:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/04/26 16:30:01 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2009/12/22 04:31:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/12/22 04:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\System32\dgdersvc.exe -- (dgdersvc)
SRV - [2008/11/11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/05 09:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/07/03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/22 04:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/12/22 04:31:02 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2009/09/19 07:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/09/19 07:30:10 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2009/09/19 07:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/09/19 07:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/01/21 04:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Pilote de carte Intel(R)
DRV - [2007/10/11 13:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/10 16:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/25 13:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/30 15:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/23 23:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/06/28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
IE - HKLM\..\SearchScopes,DefaultScope = {F06C9E33-E332-48E7-91DC-AF028AA60E37}
IE - HKLM\..\SearchScopes\{51B0C529-4961-4997-B5F3-4D93C5C38223}: "URL" = http://fr.kelkoopartners.net/ctl/do/search?siteSearchQu...{searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932
IE - HKLM\..\SearchScopes\{F06C9E33-E332-48E7-91DC-AF028AA60E37}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?s...{searchTerms}&invocationType=tb50hpcnnbie7-fr-fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {F06C9E33-E332-48E7-91DC-AF028AA60E37}
IE - HKCU\..\SearchScopes\{51B0C529-4961-4997-B5F3-4D93C5C38223}: "URL" = http://fr.kelkoopartners.net/ctl/do/search?siteSearchQu...{searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932
IE - HKCU\..\SearchScopes\{F06C9E33-E332-48E7-91DC-AF028AA60E37}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?s...{searchTerms}&invocationType=tb50hpcnnbie7-fr-fr
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "place:sort=8&redirectsMode=2&maxResults=10"
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Audrey\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Audrey\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Audrey\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/06 11:24:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 21:16:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/02 19:12:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 21:16:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/02 19:12:37 | 000,000,000 | ---D | M]
[2010/04/11 01:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Audrey\AppData\Roaming\mozilla\Extensions
[2012/08/06 11:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Audrey\AppData\Roaming\mozilla\Firefox\Profiles\ynkw33p0.default\extensions
[2010/07/01 13:59:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Audrey\AppData\Roaming\mozilla\Firefox\Profiles\ynkw33p0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/06 18:00:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Audrey\AppData\Roaming\mozilla\Firefox\Profiles\ynkw33p0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/05/02 20:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/12/14 19:26:17 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/08/06 11:24:56 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/07/26 12:56:40 | 000,276,167 | ---- | M] () (No name found) -- C:\USERS\AUDREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YNKW33P0.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012/07/19 21:16:24 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 23:46:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/21 03:45:57 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/04/21 03:45:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/21 03:45:57 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/04/21 03:45:57 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/04/21 03:45:57 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/04/21 03:45:57 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google![:o]( ":o")
riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Audrey\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Audrey\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Audrey\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Audrey\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Recherche Google = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Recherche Google = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Gmail = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/08/06 11:42:37 | 000,010,992 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 install.optimum-installer.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 ads.traff.co # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 popander.mobi # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 universal-downloader.softonic.fr # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 www.messengerdusexe.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 speedmaxpc.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 cdneu.friedcookiescdn.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 file-extractor.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 bfd34af056e54c8abcb9dd50862f0b9b.integration.download.conduit-services.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 www.winload.de # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 ct2319825.ourtoolbar.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 ie.conduit-download.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 ct2319825.ourtoolbar.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 servicemap.conduit-services.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 usage.toolbar.conduit-services.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 ff.conduit-download.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 storage.conduit.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 cdnus.ironcdn.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 cdn.install.playbryte.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 download.shoptowin.net # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 www.wajam.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 cdn.install.oibundles2.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 service.yontoo.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 www.fixie.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 d2qsma9t6l5kt7.cloudfront.net # Hosts Anti-Adware / PUPs
O1 - Hosts: 165 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe ()
O4 - Startup: C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-wind... (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-wind... (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-wind... (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F69649B-84DD-43CA-A079-37E99ABC2C53}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B2085F6-BAA0-4A1D-A36D-F5E6138B225F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Audrey\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Audrey\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/06 05:48:05 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/06 15:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/08/06 15:38:04 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/06 15:38:04 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/06 11:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Hosts_Anti_Adwares_PUPs
[2012/08/06 11:25:42 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/08/06 11:25:42 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/08/06 11:25:42 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/08/06 11:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/06 11:25:41 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/08/06 11:25:37 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/08/06 11:24:46 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/06 11:24:45 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/08/06 10:49:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/05 17:20:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/05 17:19:01 | 000,000,000 | ---D | C] -- C:\Users\Audrey\AppData\Local\temp
[2012/08/05 17:10:58 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/04 22:12:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/04 22:12:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/04 22:12:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/04 22:06:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/04 22:06:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/04 21:59:17 | 004,725,168 | R--- | C] (Swearware) -- C:\Users\Audrey\Desktop\ComboFix.exe
[2012/08/04 19:58:25 | 000,000,000 | ---D | C] -- C:\Users\Audrey\AppData\Roaming\Malwarebytes
[2012/08/04 19:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/04 19:58:15 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/04 19:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/04 19:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/04 16:43:51 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Audrey\Desktop\OTL.exe
[2012/08/03 10:55:58 | 000,000,000 | ---D | C] -- C:\Users\Audrey\AppData\Local\Macromedia
[1 C:\Users\Audrey\Desktop\*.tmp files -> C:\Users\Audrey\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/08/06 16:26:30 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/06 16:26:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/06 16:26:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/06 15:50:01 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3244362998-3445812476-3492851113-1000UA.job
[2012/08/06 15:47:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/06 15:47:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/06 15:38:15 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/08/06 15:38:15 | 000,001,947 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/08/06 15:36:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 15:36:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 11:42:37 | 000,010,992 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/06 11:42:34 | 000,000,978 | ---- | M] () -- C:\Users\Audrey\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
[2012/08/06 11:38:46 | 000,000,281 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/08/06 11:36:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/06 11:36:36 | 2134,949,888 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/06 11:36:35 | 204,904,934 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/06 11:25:42 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/06 11:25:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/08/06 11:21:01 | 000,000,242 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2012/08/06 10:50:02 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3244362998-3445812476-3492851113-1000Core.job
[2012/08/05 17:27:37 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/08/05 17:27:37 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/05 17:27:37 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/08/05 17:27:37 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/05 15:15:55 | 004,725,168 | R--- | M] (Swearware) -- C:\Users\Audrey\Desktop\ComboFix.exe
[2012/08/04 22:07:43 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
[2012/08/04 19:58:17 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/04 16:41:40 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Audrey\Desktop\OTL.exe
[2012/08/03 11:55:36 | 000,002,009 | ---- | M] () -- C:\Users\Audrey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/29 00:44:28 | 000,088,064 | ---- | M] () -- C:\Users\Audrey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/19 16:13:07 | 000,857,221 | ---- | M] () -- C:\Users\Audrey\Documents\DEMANDE REINSCRIPTION.pdf
[2012/07/16 16:45:02 | 000,079,612 | ---- | M] () -- C:\Users\Audrey\Desktop\Devis-3.pdf
[2012/07/16 16:42:21 | 000,030,832 | ---- | M] () -- C:\Users\Audrey\Desktop\Devis Auto_2-1.pdf
[2012/07/12 15:04:22 | 000,223,374 | ---- | M] () -- C:\Users\Audrey\Documents\Proposition De Contrat DA.pdf
[2012/07/12 15:00:18 | 000,079,612 | ---- | M] () -- C:\Users\Audrey\Documents\Devis-3 MAAF.pdf
[2012/07/10 10:32:00 | 001,400,481 | ---- | M] () -- C:\Users\Audrey\Desktop\SL382053.JPG
[1 C:\Users\Audrey\Desktop\*.tmp files -> C:\Users\Audrey\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/08/06 15:38:15 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/08/06 15:38:07 | 000,001,002 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/06 11:42:34 | 000,000,978 | ---- | C] () -- C:\Users\Audrey\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
[2012/08/06 11:25:42 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/05 17:19:37 | 2134,949,888 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/04 22:12:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/04 22:12:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/04 22:12:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/04 22:12:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/04 22:12:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/04 22:07:43 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/08/04 19:58:17 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/19 16:13:07 | 000,857,221 | ---- | C] () -- C:\Users\Audrey\Documents\DEMANDE REINSCRIPTION.pdf
[2012/07/16 16:45:02 | 000,079,612 | ---- | C] () -- C:\Users\Audrey\Desktop\Devis-3.pdf
[2012/07/16 16:42:21 | 000,030,832 | ---- | C] () -- C:\Users\Audrey\Desktop\Devis Auto_2-1.pdf
[2012/07/12 15:04:22 | 000,223,374 | ---- | C] () -- C:\Users\Audrey\Documents\Proposition De Contrat DA.pdf
[2012/07/12 15:00:18 | 000,079,612 | ---- | C] () -- C:\Users\Audrey\Documents\Devis-3 MAAF.pdf
[2012/07/10 11:04:27 | 001,400,481 | ---- | C] () -- C:\Users\Audrey\Desktop\SL382053.JPG
[2011/11/12 02:56:00 | 000,000,000 | ---- | C] () -- C:\Users\Audrey\AppData\Local\{4C5305BC-62CA-4EDF-B901-D1CE4A208F67}
[2010/12/14 19:36:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/09 21:33:14 | 000,000,680 | ---- | C] () -- C:\Users\Audrey\AppData\Local\d3d9caps.dat
[2010/12/07 00:41:51 | 000,000,701 | ---- | C] () -- C:\Users\Audrey\AppData\Roaming\init.dll
[2010/12/07 00:41:51 | 000,000,006 | ---- | C] () -- C:\Users\Audrey\AppData\Roaming\SYSTEM32.dll
[2010/12/07 00:41:41 | 000,000,701 | ---- | C] () -- C:\Users\Audrey\AppData\Roaming\sound.dll
[2010/12/07 00:41:15 | 000,116,736 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010/12/07 00:41:09 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
[2010/12/06 23:26:42 | 000,204,848 | ---- | C] () -- C:\Windows\System32\gswin32c.exe
[2010/12/06 23:26:38 | 000,054,272 | ---- | C] () -- C:\Windows\System32\P2irdao.dll
[2010/12/06 23:26:38 | 000,050,176 | ---- | C] () -- C:\Windows\System32\P2ctdao.dll
[2010/12/06 23:26:37 | 000,748,160 | ---- | C] () -- C:\Windows\System32\Co2c40en.dll
[2010/12/06 23:26:37 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\Implode.dll
[2010/12/06 21:11:16 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/12/06 21:11:16 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/11/07 17:59:08 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/07 17:04:55 | 000,000,122 | ---- | C] () -- C:\Users\Audrey\AppData\Roaming\wklnhst.dat
[2010/09/03 11:02:49 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/03 11:02:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
< End of report >
OTL logfile created on: 06/08/2012 16:27:44 - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Audrey\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,10% Memory free
4,21 Gb Paging File | 2,98 Gb Available in Paging File | 70,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,96 Gb Total Space | 18,15 Gb Free Space | 17,98% Space Free | Partition Type: NTFS
Drive D: | 10,83 Gb Total Space | 2,44 Gb Free Space | 22,50% Space Free | Partition Type: NTFS
Drive F: | 508,34 Mb Total Space | 289,85 Mb Free Space | 57,02% Space Free | Partition Type: FAT
Computer Name: PC-DE-AUDREY | User Name: Audrey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/08/06 11:42:33 | 000,302,961 | ---- | M] () -- C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
PRC - [2012/08/04 16:41:40 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Audrey\Desktop\OTL.exe
PRC - [2012/07/03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/06/17 19:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2010/05/21 01:01:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 01:01:26 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/12/22 04:31:26 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
PRC - [2009/12/22 04:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgdersvc.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/21 04:33:52 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
PRC - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2007/10/03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
========== Modules (No Company Name) ==========
MOD - [2012/08/06 11:42:33 | 000,302,961 | ---- | M] () -- C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
MOD - [2012/02/20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/01 11:59:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/07/01 11:58:53 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll
MOD - [2011/07/01 11:58:52 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll
MOD - [2011/07/01 11:58:52 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.Wrapper.dll
MOD - [2011/07/01 11:57:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/07/01 11:53:58 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/07/01 11:51:07 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/07/01 11:50:36 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/07/01 11:50:15 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
MOD - [2011/07/01 11:50:03 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll
MOD - [2011/07/01 11:50:01 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll
MOD - [2011/07/01 11:49:43 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll
MOD - [2011/07/01 11:49:25 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll
MOD - [2011/07/01 11:49:19 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/07/01 11:48:37 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/05/04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\PROGRA~1\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\PROGRA~1\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll
MOD - [2008/07/27 20:22:54 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2008/07/27 20:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/07/27 20:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/07/27 20:03:10 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008/07/11 21:39:10 | 000,245,760 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2008/07/11 21:39:10 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2008/07/11 21:39:10 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_fr_31bf3856ad364e35\WindowsBase.resources.dll
MOD - [2008/01/21 04:34:17 | 000,368,640 | ---- | M] () -- C:\WINDOWS\System32\msjetoledb40.dll
MOD - [2007/10/01 17:11:02 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2007/10/01 17:11:00 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2007/10/01 17:10:50 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2007/10/01 17:10:28 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2007/10/01 17:10:20 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2007/10/01 17:10:20 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2007/10/01 17:10:20 | 000,006,144 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2007/08/20 14:10:18 | 000,249,856 | ---- | M] () -- C:\WINDOWS\System32\igfxTMM.dll
MOD - [2007/08/14 16:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
========== Win32 Services (SafeList) ==========
SRV - [2012/08/06 16:26:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/06 11:42:32 | 000,285,795 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -- (HOSTS Anti-PUPs)
SRV - [2012/07/19 21:16:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/04/26 16:30:01 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2009/12/22 04:31:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/12/22 04:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\System32\dgdersvc.exe -- (dgdersvc)
SRV - [2008/11/11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/05 09:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/07/03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/22 04:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/12/22 04:31:02 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2009/09/19 07:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/09/19 07:30:10 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2009/09/19 07:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/09/19 07:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/01/21 04:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Pilote de carte Intel(R)
DRV - [2007/10/11 13:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/10 16:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/25 13:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/30 15:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/23 23:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/06/28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
IE - HKLM\..\SearchScopes,DefaultScope = {F06C9E33-E332-48E7-91DC-AF028AA60E37}
IE - HKLM\..\SearchScopes\{51B0C529-4961-4997-B5F3-4D93C5C38223}: "URL" = http://fr.kelkoopartners.net/ctl/do/search?siteSearchQu...{searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932
IE - HKLM\..\SearchScopes\{F06C9E33-E332-48E7-91DC-AF028AA60E37}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?s...{searchTerms}&invocationType=tb50hpcnnbie7-fr-fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {F06C9E33-E332-48E7-91DC-AF028AA60E37}
IE - HKCU\..\SearchScopes\{51B0C529-4961-4997-B5F3-4D93C5C38223}: "URL" = http://fr.kelkoopartners.net/ctl/do/search?siteSearchQu...{searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932
IE - HKCU\..\SearchScopes\{F06C9E33-E332-48E7-91DC-AF028AA60E37}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?s...{searchTerms}&invocationType=tb50hpcnnbie7-fr-fr
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "place:sort=8&redirectsMode=2&maxResults=10"
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Audrey\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Audrey\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Audrey\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/06 11:24:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 21:16:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/02 19:12:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 21:16:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/02 19:12:37 | 000,000,000 | ---D | M]
[2010/04/11 01:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Audrey\AppData\Roaming\mozilla\Extensions
[2012/08/06 11:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Audrey\AppData\Roaming\mozilla\Firefox\Profiles\ynkw33p0.default\extensions
[2010/07/01 13:59:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Audrey\AppData\Roaming\mozilla\Firefox\Profiles\ynkw33p0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/06 18:00:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Audrey\AppData\Roaming\mozilla\Firefox\Profiles\ynkw33p0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/05/02 20:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/12/14 19:26:17 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/08/06 11:24:56 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/07/26 12:56:40 | 000,276,167 | ---- | M] () (No name found) -- C:\USERS\AUDREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YNKW33P0.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012/07/19 21:16:24 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 23:46:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/21 03:45:57 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/04/21 03:45:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/21 03:45:57 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/04/21 03:45:57 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/04/21 03:45:57 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/04/21 03:45:57 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google
riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Audrey\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Audrey\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Audrey\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Audrey\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Recherche Google = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Recherche Google = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Gmail = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/08/06 11:42:37 | 000,010,992 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 install.optimum-installer.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 ads.traff.co # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 popander.mobi # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 universal-downloader.softonic.fr # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 www.messengerdusexe.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 speedmaxpc.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 cdneu.friedcookiescdn.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 file-extractor.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 bfd34af056e54c8abcb9dd50862f0b9b.integration.download.conduit-services.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 www.winload.de # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 ct2319825.ourtoolbar.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 ie.conduit-download.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 ct2319825.ourtoolbar.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 servicemap.conduit-services.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 usage.toolbar.conduit-services.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 ff.conduit-download.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 storage.conduit.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 cdnus.ironcdn.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 cdn.install.playbryte.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 download.shoptowin.net # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 www.wajam.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 cdn.install.oibundles2.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 service.yontoo.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 www.fixie.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 d2qsma9t6l5kt7.cloudfront.net # Hosts Anti-Adware / PUPs
O1 - Hosts: 165 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe ()
O4 - Startup: C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-wind... (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-wind... (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-wind... (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F69649B-84DD-43CA-A079-37E99ABC2C53}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B2085F6-BAA0-4A1D-A36D-F5E6138B225F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Audrey\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Audrey\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/06 05:48:05 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/06 15:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/08/06 15:38:04 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/06 15:38:04 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/06 11:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Hosts_Anti_Adwares_PUPs
[2012/08/06 11:25:42 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/08/06 11:25:42 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/08/06 11:25:42 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/08/06 11:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/06 11:25:41 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/08/06 11:25:37 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/08/06 11:24:46 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/06 11:24:45 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/08/06 10:49:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/05 17:20:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/05 17:19:01 | 000,000,000 | ---D | C] -- C:\Users\Audrey\AppData\Local\temp
[2012/08/05 17:10:58 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/04 22:12:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/04 22:12:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/04 22:12:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/04 22:06:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/04 22:06:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/04 21:59:17 | 004,725,168 | R--- | C] (Swearware) -- C:\Users\Audrey\Desktop\ComboFix.exe
[2012/08/04 19:58:25 | 000,000,000 | ---D | C] -- C:\Users\Audrey\AppData\Roaming\Malwarebytes
[2012/08/04 19:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/04 19:58:15 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/04 19:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/04 19:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/04 16:43:51 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Audrey\Desktop\OTL.exe
[2012/08/03 10:55:58 | 000,000,000 | ---D | C] -- C:\Users\Audrey\AppData\Local\Macromedia
[1 C:\Users\Audrey\Desktop\*.tmp files -> C:\Users\Audrey\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/08/06 16:26:30 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/06 16:26:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/06 16:26:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/06 15:50:01 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3244362998-3445812476-3492851113-1000UA.job
[2012/08/06 15:47:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/06 15:47:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/06 15:38:15 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/08/06 15:38:15 | 000,001,947 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/08/06 15:36:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 15:36:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 11:42:37 | 000,010,992 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/06 11:42:34 | 000,000,978 | ---- | M] () -- C:\Users\Audrey\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
[2012/08/06 11:38:46 | 000,000,281 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/08/06 11:36:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/06 11:36:36 | 2134,949,888 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/06 11:36:35 | 204,904,934 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/06 11:25:42 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/06 11:25:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/08/06 11:21:01 | 000,000,242 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2012/08/06 10:50:02 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3244362998-3445812476-3492851113-1000Core.job
[2012/08/05 17:27:37 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/08/05 17:27:37 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/05 17:27:37 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/08/05 17:27:37 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/05 15:15:55 | 004,725,168 | R--- | M] (Swearware) -- C:\Users\Audrey\Desktop\ComboFix.exe
[2012/08/04 22:07:43 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
[2012/08/04 19:58:17 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/04 16:41:40 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Audrey\Desktop\OTL.exe
[2012/08/03 11:55:36 | 000,002,009 | ---- | M] () -- C:\Users\Audrey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/29 00:44:28 | 000,088,064 | ---- | M] () -- C:\Users\Audrey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/19 16:13:07 | 000,857,221 | ---- | M] () -- C:\Users\Audrey\Documents\DEMANDE REINSCRIPTION.pdf
[2012/07/16 16:45:02 | 000,079,612 | ---- | M] () -- C:\Users\Audrey\Desktop\Devis-3.pdf
[2012/07/16 16:42:21 | 000,030,832 | ---- | M] () -- C:\Users\Audrey\Desktop\Devis Auto_2-1.pdf
[2012/07/12 15:04:22 | 000,223,374 | ---- | M] () -- C:\Users\Audrey\Documents\Proposition De Contrat DA.pdf
[2012/07/12 15:00:18 | 000,079,612 | ---- | M] () -- C:\Users\Audrey\Documents\Devis-3 MAAF.pdf
[2012/07/10 10:32:00 | 001,400,481 | ---- | M] () -- C:\Users\Audrey\Desktop\SL382053.JPG
[1 C:\Users\Audrey\Desktop\*.tmp files -> C:\Users\Audrey\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/08/06 15:38:15 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/08/06 15:38:07 | 000,001,002 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/06 11:42:34 | 000,000,978 | ---- | C] () -- C:\Users\Audrey\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
[2012/08/06 11:25:42 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/05 17:19:37 | 2134,949,888 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/04 22:12:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/04 22:12:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/04 22:12:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/04 22:12:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/04 22:12:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/04 22:07:43 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/08/04 19:58:17 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/19 16:13:07 | 000,857,221 | ---- | C] () -- C:\Users\Audrey\Documents\DEMANDE REINSCRIPTION.pdf
[2012/07/16 16:45:02 | 000,079,612 | ---- | C] () -- C:\Users\Audrey\Desktop\Devis-3.pdf
[2012/07/16 16:42:21 | 000,030,832 | ---- | C] () -- C:\Users\Audrey\Desktop\Devis Auto_2-1.pdf
[2012/07/12 15:04:22 | 000,223,374 | ---- | C] () -- C:\Users\Audrey\Documents\Proposition De Contrat DA.pdf
[2012/07/12 15:00:18 | 000,079,612 | ---- | C] () -- C:\Users\Audrey\Documents\Devis-3 MAAF.pdf
[2012/07/10 11:04:27 | 001,400,481 | ---- | C] () -- C:\Users\Audrey\Desktop\SL382053.JPG
[2011/11/12 02:56:00 | 000,000,000 | ---- | C] () -- C:\Users\Audrey\AppData\Local\{4C5305BC-62CA-4EDF-B901-D1CE4A208F67}
[2010/12/14 19:36:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/09 21:33:14 | 000,000,680 | ---- | C] () -- C:\Users\Audrey\AppData\Local\d3d9caps.dat
[2010/12/07 00:41:51 | 000,000,701 | ---- | C] () -- C:\Users\Audrey\AppData\Roaming\init.dll
[2010/12/07 00:41:51 | 000,000,006 | ---- | C] () -- C:\Users\Audrey\AppData\Roaming\SYSTEM32.dll
[2010/12/07 00:41:41 | 000,000,701 | ---- | C] () -- C:\Users\Audrey\AppData\Roaming\sound.dll
[2010/12/07 00:41:15 | 000,116,736 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010/12/07 00:41:09 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
[2010/12/06 23:26:42 | 000,204,848 | ---- | C] () -- C:\Windows\System32\gswin32c.exe
[2010/12/06 23:26:38 | 000,054,272 | ---- | C] () -- C:\Windows\System32\P2irdao.dll
[2010/12/06 23:26:38 | 000,050,176 | ---- | C] () -- C:\Windows\System32\P2ctdao.dll
[2010/12/06 23:26:37 | 000,748,160 | ---- | C] () -- C:\Windows\System32\Co2c40en.dll
[2010/12/06 23:26:37 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\Implode.dll
[2010/12/06 21:11:16 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/12/06 21:11:16 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/11/07 17:59:08 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/07 17:04:55 | 000,000,122 | ---- | C] () -- C:\Users\Audrey\AppData\Roaming\wklnhst.dat
[2010/09/03 11:02:49 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/03 11:02:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
< End of report >
- | Alerter
Pour finir :
1/
==Prévention==
Mets à jour Adobe Reader, Java, Vista, Internet Explorer.
http://get.adobe.com/fr/reader/ (décoche McAfee Security Scan Plus)
http://www.java.com/fr/download/
http://update.microsoft.com/windowsupdate/v6/default.as...
Un dossier sur la prévention et sécurité sur Internet est disponible ici (A lire avec Adobe Reader).
==Problème résolu ?==
--> Si tu estimes que ton problème est résolu, ajoute [Résolu] devant le titre de ton sujet.
Sois plus vigilant sur Internet![;)]( ";)")
1/
- Télécharge DelFix sur ton Bureau.
- Clique droit sur DelFix et choisis Exécuter en tant qu'administrateur.
- Clique sur le bouton Suppression.
- Poste le rapport (C:\DelFixSuppr.txt).
- Supprime DelFix.
2/
- Télécharge et installe CCleaner.
- Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
- Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
3/
- Il est nécessaire de désactiver puis réactiver la restauration système pour la purger. Ensuite, crée un point de restauration.
==Prévention==
Mets à jour Adobe Reader, Java, Vista, Internet Explorer.
http://get.adobe.com/fr/reader/ (décoche McAfee Security Scan Plus)
http://www.java.com/fr/download/
http://update.microsoft.com/windowsupdate/v6/default.as...
Un dossier sur la prévention et sécurité sur Internet est disponible ici (A lire avec Adobe Reader).
==Problème résolu ?==
--> Si tu estimes que ton problème est résolu, ajoute [Résolu] devant le titre de ton sujet.
Sois plus vigilant sur Internet
- | Alerter
Voici le rapport de Delfix
# DelFix v8.9 - Rapport créé le 06/08/2012 à 18:28:25
# Mis à jour le 27/07/12 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Basic Service Pack 1 (32 bits)
# Nom d'utilisateur : Audrey - PC-DE-AUDREY (Administrateur)
# Exécuté depuis : C:\Users\Audrey\Desktop\delfix.exe
# Option [Suppression]
~~~~~~ Dossiers(s) ~~~~~~
Supprimé : C:\Qoobox
Supprimé : C:\Combofix
~~~~~~ Fichier(s) ~~~~~~
Supprimé : C:\ComboFix.txt
Supprimé : C:\Users\Audrey\Desktop\catchme.log
Supprimé : C:\Users\Audrey\Desktop\ComboFix.exe
Supprimé : C:\Users\Audrey\Desktop\Extras.Txt
Supprimé : C:\Users\Audrey\Desktop\OTL.Txt
Supprimé : C:\Users\Audrey\Desktop\OTL.exe
Supprimé : C:\Windows\grep.exe
Supprimé : C:\Windows\PEV.exe
Supprimé : C:\Windows\NIRCMD.exe
Supprimé : C:\Windows\MBR.exe
Supprimé : C:\Windows\SED.exe
Supprimé : C:\Windows\SWREG.exe
Supprimé : C:\Windows\SWSC.exe
Supprimé : C:\Windows\SWXCACLS.exe
Supprimé : C:\Windows\Zip.exe
~~~~~~ Registre ~~~~~~
Clé Supprimée : HKLM\SOFTWARE\OldTimer Tools
Clé Supprimée : HKLM\SOFTWARE\Swearware
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
~~~~~~ Autres ~~~~~~
-> Prefetch Vidé
*************************
DelFix[S1].txt - [1253 octets] - [06/08/2012 18:28:25]
########## EOF - C:\DelFix[S1].txt - [1377 octets] ##########
# DelFix v8.9 - Rapport créé le 06/08/2012 à 18:28:25
# Mis à jour le 27/07/12 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Basic Service Pack 1 (32 bits)
# Nom d'utilisateur : Audrey - PC-DE-AUDREY (Administrateur)
# Exécuté depuis : C:\Users\Audrey\Desktop\delfix.exe
# Option [Suppression]
~~~~~~ Dossiers(s) ~~~~~~
Supprimé : C:\Qoobox
Supprimé : C:\Combofix
~~~~~~ Fichier(s) ~~~~~~
Supprimé : C:\ComboFix.txt
Supprimé : C:\Users\Audrey\Desktop\catchme.log
Supprimé : C:\Users\Audrey\Desktop\ComboFix.exe
Supprimé : C:\Users\Audrey\Desktop\Extras.Txt
Supprimé : C:\Users\Audrey\Desktop\OTL.Txt
Supprimé : C:\Users\Audrey\Desktop\OTL.exe
Supprimé : C:\Windows\grep.exe
Supprimé : C:\Windows\PEV.exe
Supprimé : C:\Windows\NIRCMD.exe
Supprimé : C:\Windows\MBR.exe
Supprimé : C:\Windows\SED.exe
Supprimé : C:\Windows\SWREG.exe
Supprimé : C:\Windows\SWSC.exe
Supprimé : C:\Windows\SWXCACLS.exe
Supprimé : C:\Windows\Zip.exe
~~~~~~ Registre ~~~~~~
Clé Supprimée : HKLM\SOFTWARE\OldTimer Tools
Clé Supprimée : HKLM\SOFTWARE\Swearware
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
~~~~~~ Autres ~~~~~~
-> Prefetch Vidé
*************************
DelFix[S1].txt - [1253 octets] - [06/08/2012 18:28:25]
########## EOF - C:\DelFix[S1].txt - [1377 octets] ##########
- | Alerter
- | Alerter
- | Alerter
- | Alerter
Lassé par la pub ? Créez un compte
Contenus similaires :
- ForumRésolulive security platinum (résolu)
- ForumPouvez-vous m'aider à enlever le virus Live security platinium de mon PC?
- ForumComment me debarrasser de du virus Live security platinium?
- Forumcomment enlever le virus live security platinum
- ForumVirus => live security platinium.
- ForumVirus Live sécurity platinium
- Voir plus
