Heuristic reserved word exploit

  • Auteur de la discussion seaclaid
  • Date de début
S

seaclaid

Nouveau membre
Bonjour,
Malwarebytes anti-malware me détecte ce virus, il me dis que la suppression s'est faites avec succès mais dès que je rallume mon ordinateur, le virus est toujours la. Pareil avec avast, et comme je suis nulle en informatique je ne sais plus quoi faire. Si vous pouviez m'aider sa serait vraiment cool.
Merci d'avance

 
KeyserSoze

KeyserSoze

AnimistrateuR
Staff
Salut, il faut que tu désactives la restauration système le temps du nettoyage.

Quel est ton windows ?
 
S

seaclaid

Nouveau membre
Quand je dis que je suis nulle ... c'est pas une blague. Tu fais comment pour désactiver la restauration du système?? =s
Je suis sous windows vista
 
KeyserSoze

KeyserSoze

AnimistrateuR
Staff
Ok, c'est pour ça que je te demandais quel Windows ;)

Par ici :
Vous devez être connecté pour voir les liens.


Tu désactives, tu fais ton scan, tu nettoies, tu relances le pc, et tu réactives. Ensuite un nouveau scan pour vérifier ;)
 
KeyserSoze

KeyserSoze

AnimistrateuR
Staff
Ça m'étonne, il est vraiment collant, essaie avec avast toujours avec la RS désactivée pendant le scan.
 
KeyserSoze

KeyserSoze

AnimistrateuR
Staff
Ok je me suis documenté est c'est assez sérieux, regarde ici :
Vous devez être connecté pour voir les liens.
 
help-manformatique

help-manformatique

Grand Maître
Ok donc je peux essayer comme j'ai fait une formation de helper en sécurité-virus mais comme je n'avais plus le temps pour cause d'examen, on m'a viré.

Fais exactement cette procédure :

■ Télécharge
Vous devez être connecté pour voir les liens.
(de OldTimer[/#ff]) sur ton Bureau.

■ Si tu es sous XP, double-clique dessus pour le lancer, si tu es sous Vista/7, fais un clic droit dessus et fais Exécuter en tant qu'administrateur pour le lancer.

■ Une fenêtre apparaît.

■ Coche la case : Tous les utilisateurs

■ Coche les cases correspondant à la Recherche LOP et à la Recherche Purity (En bleu vers le bas de la fenêtre).

■ Enfin, clique sur le bouton Analyse. Pendant la durée du scanne, ne touche à rien. Le scan prendra quelques temps.

■ A la fin du scan, deux rapports s'ouvriront : OTL.Txt et Extras.Txt. Copie/colle ici l'ensemble des rapports.

Pour les rapports, qui ont tendance à être trop longs pour le forum, merci d'utiliser
Vous devez être connecté pour voir les liens.
: dépose le fichier via "parcourir" et poste simplement le lien obtenu.

On va déjà essayer avec sa pour voir si il trouve quelque chose, mais si cette désinfection deviens trop compliqué j'arrêterai pour ne pas endommager ton PC pour mauvaise manip
 
S

seaclaid

Nouveau membre
OTL Extras logfile created on: 31/05/2011 20:55:23 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Noémie\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,90 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 41,74% Memory free
6,03 Gb Paging File | 4,22 Gb Available in Paging File | 69,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,23 Gb Total Space | 229,28 Gb Free Space | 79,55% Space Free | Partition Type: NTFS
Drive D: | 9,86 Gb Total Space | 1,68 Gb Free Space | 17,00% Space Free | Partition Type: NTFS

Computer Name: PC-DE-NOÉMIE | User Name: Noémie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orange HSS\Connectivity\ConnectivityManager.exe" = C:\Program Files\Orange HSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029A6A38-1779-40FA-932E-F29FFAE8D319}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1E5DFFB8-2BCC-48FF-A33F-EBB09101BB09}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2CBC85FB-2270-453D-86C1-BF5AB7CB4CC2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{33E82353-CC9C-4389-A7B5-D4A215781F80}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{394BB905-E8E1-4F40-84C0-CEC8074CFC69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56409F7C-415E-4D67-8C89-787E98B21E33}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7A3B733F-A042-40E1-90FA-9BB45B8790E4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9B02F208-E0BA-4685-B050-AD7B006C11A5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A0F9856C-F715-47A4-9D4C-40C8DC70B141}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E5AE7E36-2303-44F0-A38F-777AA957D47C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E94D4B67-C9C6-4C4F-8CD3-52184381D551}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003CD618-0CA2-4694-BC73-F95A96CB8A3D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0AADF62D-26B2-454F-95D3-CE31331EF79E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{1E645D53-E1E6-459B-9E90-95E84AA2F857}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32367B62-41A5-4182-8688-42B9996529F1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{4449CC39-BC9B-4D75-8465-D99983F5CAF9}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{4779DDE0-1F70-4760-A959-950075204FDB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{50D3104E-0D7E-49F5-B6EB-2D59CC390F0F}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{541A59E9-3119-4C1A-B939-FA0A36F9DA70}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{6493E700-9DC1-4C18-8D8F-AB46B885FA5A}" = protocol=17 | dir=in | app=c:\program files\orange\telephone sur pc\telephonesurpc.exe |
"{8AF4FBD1-BE11-4D04-9A4D-991EA7D42A68}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{9971D476-836C-455C-9725-E08963426CEA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A18E41CB-2B39-4B41-82C6-36E35188943F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{A53FF8B5-ACB6-4E4A-BC73-7D894AFE8925}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{A70954D3-949B-4584-89DC-8A28C33AEE9B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA67507C-B473-42A4-B014-EF87810E7B5C}" = protocol=6 | dir=in | app=c:\program files\orange\telephone sur pc\telephonesurpc.exe |
"{AA75C53A-9CEC-449E-9792-1E1560E34E90}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{B060023D-8C0D-4BBA-BD09-CCD96A751933}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{B173056A-CAF3-4F88-AAFE-63E1865214B2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{B2C67F2D-1CE1-45AC-9172-A8FAC8A9D604}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B42A332F-2911-464A-932B-0175D6546115}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{B570457C-6106-431D-852A-E980632A6235}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{BE9A3566-9751-402F-A4A0-8BD9F1210EFC}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{C46D6536-3EC2-4E64-8006-1C2AA6846D55}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{C4EB66A6-1518-4285-AA71-512CEC85D40F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{EE578450-C735-44B0-8664-D5F89BC7B79B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2C8574B5-6935-4FCE-860E-F4E8602378FF}" = OfferBox
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EE2EF4B-25D3-4D44-8384-A2B96F811F55}" = OpenOffice.org 3.2
"{5546F4E9-B0F4-4F54-B949-2AB006C9284F}" = DJ_AIO_06_F2400_SW_Min
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6084C211-01A1-464E-97A0-09772E122B50}" = Moovida
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{61172A5D-60AA-43BE-958F-90451024E768}_is1" = Adobe Photoshop CS5 Portable
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6DBB66CD-38C7-472C-BBB9-06BFDA182A29}" = F2400
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{819CA3BC-2FF8-4811-B42F-421F7BFD3559}" = HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{ORAHSS}.UninstallSuite" = Orange - Logiciels Internet
"AC3Filter_is1" = AC3Filter 1.63b
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Toolbar" = AOL Toolbar 5.0
"avast" = avast! Free Antivirus
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
"DivX Setup.divx.com" = Configuration DivX
"Fissa" = Fissa
"Free Download Manager_is1" = Free Download Manager 3.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"JPG to PDF Converter" = JPG to PDF Converter 1.0
"Le Maître de l'Olympe - Zeus." = Le Maître de l'Olympe - Zeus.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"OfferBox Browser" = OfferBox Browser
"PROPLUS" = Microsoft Office Professional Plus 2007
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"téléphone sur PC" = téléphone sur PC 2.5.4
"VLC media player" = VLC media player 1.0.1
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1616983123-4015870426-446568484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"PhotoFiltre" = PhotoFiltre

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/05/2011 01:30:49 | Computer Name = PC-de-Noémie | Source = WinMgmt | ID = 10
Description =

Error - 27/05/2011 02:10:50 | Computer Name = PC-de-Noémie | Source = RasClient | ID = 20227
Description =

Error - 27/05/2011 06:44:20 | Computer Name = PC-de-Noémie | Source = WinMgmt | ID = 10
Description =

Error - 29/05/2011 12:12:16 | Computer Name = PC-de-Noémie | Source = WinMgmt | ID = 10
Description =

Error - 30/05/2011 01:50:10 | Computer Name = PC-de-Noémie | Source = WinMgmt | ID = 10
Description =

Error - 30/05/2011 01:52:17 | Computer Name = PC-de-Noémie | Source = Application Error | ID = 1000
Description = Application défaillante TelephoneSurPC.exe, version 2.5.4.0, horodatage
0x4cb56151, module défaillant ftfrmwrk.dll, version 1.8.0.0, horodatage 0x4cb42514,
code d’exception 0xc0000005, décalage d’erreur 0x000ae51c, ID du processus 0xd54,
heure de début de l’application 0x01cc1e8d68c5a074.

Error - 30/05/2011 05:01:50 | Computer Name = PC-de-Noémie | Source = WinMgmt | ID = 10
Description =

Error - 30/05/2011 08:41:50 | Computer Name = PC-de-Noémie | Source = WinMgmt | ID = 10
Description =

Error - 30/05/2011 08:56:57 | Computer Name = PC-de-Noémie | Source = WinMgmt | ID = 10
Description =

Error - 30/05/2011 12:38:28 | Computer Name = PC-de-Noémie | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 06/07/2010 11:57:36 | Computer Name = PC-de-Noémie | Source = Service Control Manager | ID = 7000
Description =

Error - 06/07/2010 11:57:36 | Computer Name = PC-de-Noémie | Source = Service Control Manager | ID = 7026
Description =

Error - 06/07/2010 17:23:53 | Computer Name = PC-de-Noémie | Source = DCOM | ID = 10010
Description =

Error - 06/07/2010 17:24:02 | Computer Name = PC-de-Noémie | Source = Service Control Manager | ID = 7043
Description =

Error - 07/07/2010 04:23:13 | Computer Name = PC-de-Noémie | Source = HTTP | ID = 15016
Description =

Error - 07/07/2010 04:23:46 | Computer Name = PC-de-Noémie | Source = Service Control Manager | ID = 7000
Description =

Error - 07/07/2010 04:23:46 | Computer Name = PC-de-Noémie | Source = Service Control Manager | ID = 7000
Description =

Error - 07/07/2010 04:23:46 | Computer Name = PC-de-Noémie | Source = Service Control Manager | ID = 7026
Description =

Error - 07/07/2010 04:58:50 | Computer Name = PC-de-Noémie | Source = DCOM | ID = 10016
Description =

Error - 07/07/2010 04:58:50 | Computer Name = PC-de-Noémie | Source = DCOM | ID = 10016
Description =


< End of report >
 
S

seaclaid

Nouveau membre
OTL logfile created on: 31/05/2011 20:55:23 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Noémie\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,90 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 41,74% Memory free
6,03 Gb Paging File | 4,22 Gb Available in Paging File | 69,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,23 Gb Total Space | 229,28 Gb Free Space | 79,55% Space Free | Partition Type: NTFS
Drive D: | 9,86 Gb Total Space | 1,68 Gb Free Space | 17,00% Space Free | Partition Type: NTFS

Computer Name: PC-DE-NOÉMIE | User Name: Noémie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/31 20:53:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Noémie\Downloads\OTL.exe
PRC - [2011/05/10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/03/17 17:25:04 | 001,966,936 | ---- | M] (Secure Digital Services Limited) -- C:\Program Files\OfferBox\OfferBox.exe
PRC - [2011/02/04 12:08:57 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/04 12:08:48 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/04 12:08:48 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/10/13 09:35:52 | 000,111,360 | ---- | M] (France Telecom) -- C:\Program Files\Orange\Telephone sur PC\TelephoneSurPC.exe
PRC - [2010/10/04 15:04:34 | 000,421,888 | ---- | M] () -- C:\Program Files\Orange\Telephone sur PC\TelephoneSurPCAgent.exe
PRC - [2010/09/01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/14 21:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/02 17:36:16 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2009/02/27 06:54:56 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/20 10:39:12 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/01/20 10:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe
PRC - [2009/01/20 10:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe
PRC - [2008/12/23 17:18:20 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/11/20 18:15:46 | 000,135,168 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange HSS\systray\systrayapp.exe
PRC - [2008/11/20 18:15:40 | 000,602,864 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange HSS\Launcher\Launcher.exe
PRC - [2008/11/20 18:15:38 | 000,065,536 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2008/11/20 18:15:38 | 000,065,536 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
PRC - [2008/11/20 18:15:30 | 000,028,672 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
PRC - [2008/11/20 18:15:28 | 000,712,704 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
PRC - [2008/11/20 18:15:28 | 000,364,544 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
PRC - [2008/11/20 18:15:24 | 000,090,112 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
PRC - [2008/01/21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


========== Modules (SafeList) ==========

MOD - [2011/05/31 20:53:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Noémie\Downloads\OTL.exe
MOD - [2011/05/10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/04 12:08:57 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/02/04 12:08:48 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/01/20 10:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe -- (STacSV)
SRV - [2009/01/20 10:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/23 17:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/20 18:15:38 | 000,065,536 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2008/02/03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/02/04 12:09:08 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/02/04 12:09:08 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/01/20 10:39:16 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/12/23 13:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/12/20 00:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/11/06 17:52:40 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
DRV - [2008/11/06 17:52:40 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/09/22 07:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/01/21 04:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
Vous devez être connecté pour voir les liens.

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
Vous devez être connecté pour voir les liens.



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1616983123-4015870426-446568484-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1616983123-4015870426-446568484-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1616983123-4015870426-446568484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/06 17:00:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Program Files\OfferBox\offerboxffx@offerbox.com [2011/03/18 20:14:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\moovida@spointer.com: C:\Program Files\Fluendo\Moovida\spointer\extensions\moovida@spointer.com


O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - File not found
O2 - BHO: (Interest recogniser for Moovida (powered by Spointer)) - {E2A7BD67-0EAF-497f-B05B-748D7BF3C421} - File not found
O2 - BHO: (OfferBox) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files\OfferBox\OfferBoxBHO.dll (Secure Digital Services Limited)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - File not found
O3 - HKU\S-1-5-21-1616983123-4015870426-446568484-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [TELEPHONESURPCAGENT] C:\Program Files\Orange\Telephone sur PC\TelephoneSurPCAgent.exe ()
O4 - HKU\S-1-5-18..\Run: [TELEPHONESURPCAGENT] C:\Program Files\Orange\Telephone sur PC\TelephoneSurPCAgent.exe ()
O4 - HKU\S-1-5-19..\Run: [TELEPHONESURPCAGENT] C:\Program Files\Orange\Telephone sur PC\TelephoneSurPCAgent.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [TELEPHONESURPCAGENT] C:\Program Files\Orange\Telephone sur PC\TelephoneSurPCAgent.exe ()
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1616983123-4015870426-446568484-1000..\Run: [rundll32] File not found
O4 - HKU\S-1-5-21-1616983123-4015870426-446568484-1000..\Run: [TELEPHONESURPCAGENT] C:\Program Files\Orange\Telephone sur PC\TelephoneSurPCAgent.exe ()
O4 - Startup: C:\Users\Noémie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe ()
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1616983123-4015870426-446568484-1000\..Trusted Domains: orange.fr ([]http in Sites de confiance)
O15 - HKU\S-1-5-21-1616983123-4015870426-446568484-1000\..Trusted Domains: voila.fr ([rw.search.ke] http in Sites de confiance)
O15 - HKU\S-1-5-21-1616983123-4015870426-446568484-1000\..Trusted Domains: weborama.fr ([orange] http in Sites de confiance)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}
Vous devez être connecté pour voir les liens.
(Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
Vous devez être connecté pour voir les liens.
(Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
Vous devez être connecté pour voir les liens.
(Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Vous devez être connecté pour voir les liens.
(Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.179.1.100 194.179.1.101
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Noémie\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Noémie\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{50133965-9c80-11df-be12-00238bcb41ee}\Shell\AutoRun\command - "" = Toshiba\Launcher\start.exe
O33 - MountPoints2\{a69e8c5d-af79-11df-a3ee-00238bcb41ee}\Shell - "" = AutoRun
O33 - MountPoints2\{a69e8c5d-af79-11df-a3ee-00238bcb41ee}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/31 16:45:20 | 000,000,000 | ---D | C] -- C:\Users\Noémie\AppData\Roaming\Avira
[2011/05/31 16:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/05/31 16:43:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/05/31 16:43:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/05/31 16:43:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/05/31 16:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/05/31 16:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/26 20:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/05/26 20:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/19 15:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 Portable
[2011/05/19 15:12:18 | 108,102,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Photoshop_CS5_Lite_Portable_Setup.exe
[2011/05/11 19:43:43 | 000,000,000 | ---D | C] -- C:\Users\Noémie\Documents\Espagne
[2011/05/10 20:08:20 | 000,000,000 | ---D | C] -- C:\Users\Noémie\Documents\Stage CAIV

========== Files - Modified Within 30 Days ==========

[2011/05/31 20:58:48 | 000,000,512 | ---- | M] () -- C:\Users\Noémie\Desktop\OTL - Raccourci.lnk
[2011/05/31 20:27:11 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1616983123-4015870426-446568484-1000UA.job
[2011/05/31 19:27:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1616983123-4015870426-446568484-1000Core.job
[2011/05/31 19:14:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/31 19:14:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/31 18:39:09 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\jvtouw.sys
[2011/05/31 18:28:10 | 000,242,176 | ---- | M] () -- C:\Users\Noémie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/31 17:15:54 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/05/31 17:14:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/31 17:14:42 | 3119,435,776 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/31 16:43:29 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/31 16:10:44 | 000,002,687 | ---- | M] () -- C:\Users\Noémie\Desktop\Microsoft Office Word 2007.lnk
[2011/05/31 14:28:17 | 000,002,047 | ---- | M] () -- C:\Users\Noémie\Desktop\Google Chrome.lnk
[2011/05/31 14:28:17 | 000,002,009 | ---- | M] () -- C:\Users\Noémie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/30 19:53:17 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/29 18:43:36 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/05/29 18:43:36 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/29 18:43:36 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/05/29 18:43:36 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/26 20:49:38 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/21 16:51:57 | 000,000,680 | ---- | M] () -- C:\Users\Noémie\AppData\Local\d3d9caps.dat
[2011/05/19 15:14:53 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop CS5.lnk
[2011/05/10 14:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/10 14:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/06 21:52:46 | 000,002,401 | ---- | M] () -- C:\Users\Noémie\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype (2).lnk

========== Files Created - No Company Name ==========

[2011/05/31 20:58:48 | 000,000,512 | ---- | C] () -- C:\Users\Noémie\Desktop\OTL - Raccourci.lnk
[2011/05/31 18:39:09 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\jvtouw.sys
[2011/05/31 16:43:29 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/26 20:49:38 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/19 15:14:53 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop CS5.lnk
[2011/05/19 15:13:03 | 001,199,104 | ---- | C] () -- C:\Users\Noémie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe
[2011/04/17 12:10:00 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/04/17 12:10:00 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/04/17 12:10:00 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/04/17 12:10:00 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/04/17 12:10:00 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/04/17 12:10:00 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/04/17 12:10:00 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/04/17 12:10:00 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/04/17 12:10:00 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/04/17 12:10:00 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/04/17 12:10:00 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/04/17 12:10:00 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/04/17 12:10:00 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/04/17 12:10:00 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/04/17 12:10:00 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/04/17 12:10:00 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/04/17 12:10:00 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/04/17 12:09:59 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/04/17 12:09:59 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/09/03 18:36:47 | 000,000,016 | ---- | C] () -- C:\Users\Noémie\AppData\Roaming\hngmfc.dat
[2010/08/10 14:03:17 | 000,000,680 | ---- | C] () -- C:\Users\Noémie\AppData\Local\d3d9caps.dat
[2010/07/06 17:51:40 | 000,000,335 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/07/06 17:24:57 | 000,185,394 | ---- | C] () -- C:\Windows\hpoins44.dat.temp
[2010/07/06 17:24:57 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat.temp
[2010/07/06 16:51:48 | 000,185,471 | ---- | C] () -- C:\Windows\hpoins44.dat
[2010/06/14 07:19:07 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/06/04 22:23:33 | 000,242,176 | ---- | C] () -- C:\Users\Noémie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/14 14:52:07 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2010/01/29 23:12:12 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2009/02/27 06:32:07 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/02/27 06:32:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/27 06:28:43 | 000,679,042 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2009/02/27 06:28:43 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2009/02/27 06:28:43 | 000,126,626 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2009/02/27 06:28:43 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2009/02/26 23:39:21 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008/10/28 10:35:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll
[2008/10/28 10:28:36 | 002,026,604 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/10/28 10:28:36 | 000,445,796 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/10/28 10:28:36 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/09/22 07:49:24 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:44:53 | 000,415,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/05/25 22:17:26 | 000,000,000 | ---D | M] -- C:\Users\Noémie\AppData\Roaming\cdiak
[2010/08/07 08:57:42 | 000,000,000 | ---D | M] -- C:\Users\Noémie\AppData\Roaming\FissaSearch
[2011/05/27 12:41:07 | 000,000,000 | ---D | M] -- C:\Users\Noémie\AppData\Roaming\Free Download Manager
[2010/08/07 09:12:04 | 000,000,000 | ---D | M] -- C:\Users\Noémie\AppData\Roaming\gtk-2.0
[2010/08/07 11:17:14 | 000,000,000 | ---D | M] -- C:\Users\Noémie\AppData\Roaming\moovida-1
[2011/05/29 21:05:15 | 000,000,000 | ---D | M] -- C:\Users\Noémie\AppData\Roaming\OfferBox
[2010/06/04 23:05:35 | 000,000,000 | ---D | M] -- C:\Users\Noémie\AppData\Roaming\OpenOffice.org
[2011/03/24 19:07:41 | 000,000,000 | ---D | M] -- C:\Users\Noémie\AppData\Roaming\PhotoFiltre
[2011/02/25 18:52:22 | 000,000,000 | ---D | M] -- C:\Users\Noémie\AppData\Roaming\PlayFirst
[2010/06/07 06:49:07 | 000,000,000 | ---D | M] -- C:\Users\Noémie\AppData\Roaming\Telephone sur PC
[2010/07/13 21:25:07 | 000,000,000 | ---D | M] -- C:\Users\Noémie\AppData\Roaming\WildTangent
[2011/05/31 17:13:17 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Noémie\Documents\DJ.GoGo.974.R._.NANNY.MC.PHEE._.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Noémie\Documents\DJ.GoGo.974.R._.Cracks._.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Noémie\Documents\Dear.John.2010.FRENCH.DVDRiP.XViD-SLiM.avi:TOC.WMV

< End of report >
 
help-manformatique

help-manformatique

Grand Maître
Je vois que ton système n'est pas à jour, donc faut faire tes MAJ quand elles sont disponibles

Ok déjà, fait ce qui suit :

1/

Télécharge
Vous devez être connecté pour voir les liens.
(C_XX) sur ton Bureau.
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
Double-cliquez sur AD-R présent sur ton bureau. (Clic droit -> "Exécuter en tant qu'administrateur" pour VISTA et SEVEN
Patiente jusqu'à l'apparition du menu principale. A partir de là, clique sur Scanner. Ont te demandera de confirmer, clique sur Oui et patiente jusqu'à la fin du scan.
!! Laisse Travailler l'outil !!
Une fenêtre contenant le rapport va s'ouvrir, poste moi le rapport dans ta prochaine réponse.
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
Ensuite clique sur Quitter pour fermer Ad-Remover.

Note : Le rapport que Ad-Remover viens de générer se trouve ici : C:\Ad-Report-SCAN

On va essayer aussi un autre outil de diagnostic :

2/

Télécharge
Vous devez être connecté pour voir les liens.
et sauvegarde-le sur ton bureau.

• Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
• Double-clique sur dds.scr pour lancer l'outil.
• Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
• Clique Oui à la prochaine invite Optional Scan.
• Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
 
S

seaclaid

Nouveau membre
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web:
Vous devez être connecté pour voir les liens.


C:\Program Files\Ad-Remover\main.exe (SCAN [2]) -> Lancé à 16:19:55 le 01/06/2011, Mode normal

Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1 (X86)
Noémie@PC-DE-NOÉMIE (Hewlett-Packard Compaq Presario CQ71 Notebook PC)

============== RECHERCHE ==============


Fichier trouvé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk
Dossier trouvé: C:\Users\Noémie\AppData\Roaming\FissaSearch
Dossier trouvé: C:\Users\Noémie\AppData\Roaming\OfferBox
Dossier trouvé: C:\Program Files\OfferBox

Clé trouvée: HKLM\Software\Classes\CLSID\{58EFBE9C-4621-4d79-90E7-8BEE265CA951}
Clé trouvée: HKLM\Software\Classes\CLSID\{7935436E-8F14-4C84-9ECF-BEB791296619}
Clé trouvée: HKLM\Software\Classes\Interface\{7935436E-8F14-4C84-9ECF-BEB791296619}
Clé trouvée: HKLM\Software\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E}
Clé trouvée: HKLM\Software\Classes\CLSID\{B3DBB2D5-5F06-4EC2-904D-812ECE520509}
Clé trouvée: HKLM\Software\Classes\Interface\{B3DBB2D5-5F06-4EC2-904D-812ECE520509}
Clé trouvée: HKLM\Software\Classes\CLSID\{C4A743DE-EAAC-4cd0-9BF6-378E8141868B}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4A743DE-EAAC-4cd0-9BF6-378E8141868B}
Clé trouvée: HKLM\Software\Classes\CLSID\{DCE997C8-5920-4c09-99EE-59F46634FE2C}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DCE997C8-5920-4c09-99EE-59F46634FE2C}
Clé trouvée: HKLM\Software\Classes\CLSID\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}
Clé trouvée: HKLM\Software\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé trouvée: HKLM\Software\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
Clé trouvée: HKLM\Software\Classes\Interface\{7CF4E72E-C9C0-4CA8-A039-1F5BAD426CCE}
Clé trouvée: HKLM\Software\Classes\Interface\{81B32B9F-AFDC-4F7E-8F13-E39BB8ECF638}
Clé trouvée: HKLM\Software\Classes\Interface\{925C24DC-0C0B-4AE7-98F5-18252822C89C}
Clé trouvée: HKLM\Software\Classes\Interface\{CA1BC665-4B6B-435C-80C1-0E12D993ED49}
Clé trouvée: HKLM\Software\Classes\Interface\{D5AB027D-C91A-4324-8C78-12CF1A588C48}
Clé trouvée: HKLM\Software\Classes\Interface\{E5DB89B8-5BE1-461C-A7EF-89B68211889D}
Clé trouvée: HKLM\Software\Classes\TypeLib\{14816CF6-426C-40D7-904C-E5600F015EC2}
Clé trouvée: HKLM\Software\Classes\TypeLib\{282D18C0-5424-44F4-A531-55F9AC5B8FD8}
Clé trouvée: HKLM\Software\Classes\TypeLib\{ED85AEBE-F834-4088-B5D3-97EB2478A6CD}
Clé trouvée: HKLM\Software\Classes\TypeLib\{FD06B491-1EA6-4F5C-86D2-C86D3A3A3731}
Clé trouvée: HKLM\Software\Classes\OfferBox.OfferBoxServer
Clé trouvée: HKLM\Software\Classes\OfferBox.OfferBoxServer.1
Clé trouvée: HKLM\Software\OfferBox
Clé trouvée: HKCU\Software\FissaSearch
Clé trouvée: HKCU\Software\OfferBox
Clé trouvée: HKCU\Software\Spointer
Clé trouvée: HKLM\Software\Classes\Installer\Products\5B4758C25396ECF468E04F8E063287FF
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\5B4758C25396ECF468E04F8E063287FF
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DB24F50-8C65-4772-9844-47FE8701BE57}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2C8574B5-6935-4FCE-860E-F4E8602378FF}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Fissa
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C8574B5-6935-4FCE-860E-F4E8602378FF}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fissa
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OfferBox Browser
Clé trouvée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom

Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|offerboxffx@offerbox.com
Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|moovida@spointer.com


============== SCAN ADDITIONNEL ==============

**** Google Chrome Version [11.0.696.71] ****

Extension\bjeikeheijdjdfjbmknpefojickbkmom (C:\Program Files\OfferBox\OfferBoxChromeExtension.crx) (?)
Extension\kngejcchcedjdemdaeneneeahmjnpaec (C:\Program Files\Fluendo\Moovida\spointer\extensions\chrome\moovida_air_chrome.crx) (x)
Extension\lifbcibllhkdhoafpjfnlhfpfgnpldfl (C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx) (?)

-- C:\Users\Noémie\AppData\Local\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Activé: true) (hxxp://www.google.fr/search?hl=fr&q={searchTerms}+&meta=)
Preferences - homepage: hxxp://www.google.com
Preferences - homepage_is_newtabpage: false
Plugin - Interest Recognizer for Moovida (Activé: true) (C:\Users\No\u00E9mie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngejcchcedjdemdaeneneeahmjnpaec\3.2.1508.138\moovida_air_chrome.dll) (x)
Plugin - "OfferboxChromePlugin Dynamic Link Library" (Activé: true)
Plugin - "DivX Player" (Activé: true)
Plugin - "Interest Recognizer for Moovida" (Activé: true)

========================================

**** Internet Explorer Version [7.0.6001.18000] ****

HKCU_Main|Start Page - hxxp://www.msn.com/
HKLM_Main|Default_Page_URL - hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Presario&pf=cnnb
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Presario&pf=cnnb
HKCU_SearchScopes\{33ED9D02-FD81-4C79-A0F6-96AADD1F3318} - "Kelkoo" (hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKLM_SearchScopes\{33ED9D02-FD81-4C79-A0F6-96AADD1F3318} - "Kelkoo" (hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKCU_Toolbar\WebBrowser|{DE9C389F-3316-41A7-809B-AA305ED9D922} (C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll) (x)
HKLM_Toolbar|{DE9C389F-3316-41A7-809B-AA305ED9D922} (C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll) (x)
HKCU_ElevationPolicy\{9EAD311C-955D-40F5-8741-6260678DC242} - C:\Program Files\Orange HSS\Launcher\Launcher.exe (France Telecom SA)
HKLM_ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB} - C:\Program Files\OfferBox\OfferBox.exe (Secure Digital Services Limited)
HKLM_ElevationPolicy\{5DB24F50-8C65-4772-9844-47FE8701BE57} - C:\Program Files\Fluendo\Moovida\spointer\moovida_air.exe (x)
HKLM_ElevationPolicy\{ADADAEE2-457A-4984-A57C-E01C3A2BA612} - c:\program files\aol\aol toolbar 5.0\AolTbServer.exe (x)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - "AOL Toolbar BHO" (C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll) (x)
BHO\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} - "FDMIECookiesBHO Class" (C:\Program Files\Free Download Manager\iefdm2.dll) (x)
BHO\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421} - "Interest recogniser for Moovida (powered by Spointer)" (C:\Program Files\Fluendo\Moovida\spointer\extensions\moovida_air_ie.dll) (x)
BHO\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - "OfferBox" (C:\Program Files\OfferBox\OfferBoxBHO.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 2 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 01/06/2011 16:18:36 (8484 Octet(s))
C:\Ad-Report-SCAN[2].txt - 01/06/2011 16:20:00 (8411 Octet(s))

Fin à: 16:20:42, 01/06/2011

============== E.O.F ==============
C'est le rapport ADR
 
S

seaclaid

Nouveau membre
et DDS ne fonctionne pas même lorsque tous les anti-virus sont désactivés
 
help-manformatique

help-manformatique

Grand Maître
Ok parce que ce n'est pas un fichier .exe , il est en .scr
Relance AD-R et choisis l'option " nettoyage "
 
S

seaclaid

Nouveau membre
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web:
Vous devez être connecté pour voir les liens.


C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 19:39:42 le 01/06/2011, Mode normal

Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1 (X86)
Noémie@PC-DE-NOÉMIE (Hewlett-Packard Compaq Presario CQ71 Notebook PC)

============== ACTION(S) ==============


Fichier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk
Dossier supprimé: C:\Users\Noémie\AppData\Roaming\FissaSearch
Dossier supprimé: C:\Users\Noémie\AppData\Roaming\OfferBox
Dossier supprimé: C:\Program Files\OfferBox

(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Classes\CLSID\{58EFBE9C-4621-4d79-90E7-8BEE265CA951}
Clé supprimée: HKLM\Software\Classes\CLSID\{7935436E-8F14-4C84-9ECF-BEB791296619}
Clé supprimée: HKLM\Software\Classes\Interface\{7935436E-8F14-4C84-9ECF-BEB791296619}
Clé supprimée: HKLM\Software\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E}
Clé supprimée: HKLM\Software\Classes\CLSID\{B3DBB2D5-5F06-4EC2-904D-812ECE520509}
Clé supprimée: HKLM\Software\Classes\Interface\{B3DBB2D5-5F06-4EC2-904D-812ECE520509}
Clé supprimée: HKLM\Software\Classes\CLSID\{C4A743DE-EAAC-4cd0-9BF6-378E8141868B}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4A743DE-EAAC-4cd0-9BF6-378E8141868B}
Clé supprimée: HKLM\Software\Classes\CLSID\{DCE997C8-5920-4c09-99EE-59F46634FE2C}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DCE997C8-5920-4c09-99EE-59F46634FE2C}
Clé supprimée: HKLM\Software\Classes\CLSID\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}
Clé supprimée: HKLM\Software\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé supprimée: HKLM\Software\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
Clé supprimée: HKLM\Software\Classes\Interface\{7CF4E72E-C9C0-4CA8-A039-1F5BAD426CCE}
Clé supprimée: HKLM\Software\Classes\Interface\{81B32B9F-AFDC-4F7E-8F13-E39BB8ECF638}
Clé supprimée: HKLM\Software\Classes\Interface\{925C24DC-0C0B-4AE7-98F5-18252822C89C}
Clé supprimée: HKLM\Software\Classes\Interface\{CA1BC665-4B6B-435C-80C1-0E12D993ED49}
Clé supprimée: HKLM\Software\Classes\Interface\{D5AB027D-C91A-4324-8C78-12CF1A588C48}
Clé supprimée: HKLM\Software\Classes\Interface\{E5DB89B8-5BE1-461C-A7EF-89B68211889D}
Clé supprimée: HKLM\Software\Classes\TypeLib\{14816CF6-426C-40D7-904C-E5600F015EC2}
Clé supprimée: HKLM\Software\Classes\TypeLib\{282D18C0-5424-44F4-A531-55F9AC5B8FD8}
Clé supprimée: HKLM\Software\Classes\TypeLib\{ED85AEBE-F834-4088-B5D3-97EB2478A6CD}
Clé supprimée: HKLM\Software\Classes\TypeLib\{FD06B491-1EA6-4F5C-86D2-C86D3A3A3731}
Clé supprimée: HKLM\Software\Classes\OfferBox.OfferBoxServer
Clé supprimée: HKLM\Software\Classes\OfferBox.OfferBoxServer.1
Clé supprimée: HKLM\Software\OfferBox
Clé supprimée: HKCU\Software\FissaSearch
Clé supprimée: HKCU\Software\OfferBox
Clé supprimée: HKCU\Software\Spointer
Clé supprimée: HKLM\Software\Classes\Installer\Products\5B4758C25396ECF468E04F8E063287FF
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\5B4758C25396ECF468E04F8E063287FF
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DB24F50-8C65-4772-9844-47FE8701BE57}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2C8574B5-6935-4FCE-860E-F4E8602378FF}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Fissa
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C8574B5-6935-4FCE-860E-F4E8602378FF}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fissa
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OfferBox Browser
Clé supprimée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom

Valeur supprimée: HKLM\Software\Mozilla\Firefox\Extensions|offerboxffx@offerbox.com
Valeur supprimée: HKLM\Software\Mozilla\Firefox\Extensions|moovida@spointer.com


============== SCAN ADDITIONNEL ==============

**** Google Chrome Version [11.0.696.71] ****

Extension\kngejcchcedjdemdaeneneeahmjnpaec (C:\Program Files\Fluendo\Moovida\spointer\extensions\chrome\moovida_air_chrome.crx) (x)
Extension\lifbcibllhkdhoafpjfnlhfpfgnpldfl (C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx) (?)

-- C:\Users\Noémie\AppData\Local\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Activé: true) (hxxp://www.google.fr/search?hl=fr&q={searchTerms}+&meta=)
Preferences - homepage: hxxp://www.google.com
Preferences - homepage_is_newtabpage: false
Plugin - Interest Recognizer for Moovida (Activé: true) (C:\Users\No\u00E9mie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngejcchcedjdemdaeneneeahmjnpaec\3.2.1508.138\moovida_air_chrome.dll) (x)
Plugin - "OfferboxChromePlugin Dynamic Link Library" (Activé: true)
Plugin - "DivX Player" (Activé: true)
Plugin - "Interest Recognizer for Moovida" (Activé: true)

========================================

**** Internet Explorer Version [7.0.6001.18000] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{33ED9D02-FD81-4C79-A0F6-96AADD1F3318} - "Kelkoo" (hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKLM_SearchScopes\{33ED9D02-FD81-4C79-A0F6-96AADD1F3318} - "Kelkoo" (hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKCU_Toolbar\WebBrowser|{DE9C389F-3316-41A7-809B-AA305ED9D922} (C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll) (x)
HKLM_Toolbar|{DE9C389F-3316-41A7-809B-AA305ED9D922} (C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll) (x)
HKCU_ElevationPolicy\{9EAD311C-955D-40F5-8741-6260678DC242} - C:\Program Files\Orange HSS\Launcher\Launcher.exe (France Telecom SA)
HKLM_ElevationPolicy\{ADADAEE2-457A-4984-A57C-E01C3A2BA612} - c:\program files\aol\aol toolbar 5.0\AolTbServer.exe (x)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - "AOL Toolbar BHO" (C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll) (x)
BHO\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} - "FDMIECookiesBHO Class" (C:\Program Files\Free Download Manager\iefdm2.dll) (x)

========================================

C:\Program Files\Ad-Remover\Quarantine: 27 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 17 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 01/06/2011 19:39:46 (8079 Octet(s))
C:\Ad-Report-SCAN[1].txt - 01/06/2011 16:18:36 (8484 Octet(s))
C:\Ad-Report-SCAN[2].txt - 01/06/2011 16:20:00 (8549 Octet(s))

Fin à: 19:41:03, 01/06/2011

============== E.O.F ==============
 
help-manformatique

help-manformatique

Grand Maître
Ok donc fait ceci, pour voir un truc :

Télécharge
Vous devez être connecté pour voir les liens.
:

■Installe le programme (aide
Vous devez être connecté pour voir les liens.
)
■Lance-le et met à jour la base de définition.

■Choisi ensuite "Exécuter un examen rapide" puis "Rechercher"
■Sélectionne les disques dur et clique sur "Lancer l'examen"
■Laisse l'analyse se faire.
■A la fin, vérifie que les éléments trouvés soient coché (dans "Résultat de l'examen).
■Puis clique sur "Supprimer la sélection" en bas.
■Un redémarrage peut être nécessaire.

■Un rapport va s'afficher, enregistre-le sur ton bureau.
■ou sinon, après le démarrage, il se trouvera dans "Rapports/logs"

[:_tom_:7]
 
S

seaclaid

Nouveau membre
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4941

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

02/06/2011 16:55:11
mbam-log-2011-06-02 (16-55-11).txt

Type d'examen: Examen complet (C:\|D:\|E:\|)
Elément(s) analysé(s): 304816
Temps écoulé: 1 heure(s), 58 minute(s), 50 seconde(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
C:\Windows\Temp\svhost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\Temp\svhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

C'est le rapport MBAM, le virus est toujours là
 
Vous devez vous inscrire ou vous connecter pour répondre ici.
Dernières actus
Derniers messages publiés
Statistiques globales
Discussions
730 126
Messages
6 717 807
Membres
1 586 365
Dernier membre
matiOs1
Partager cette page
Haut