[OK] Des plages publicitaires s'ouvrent intempestivement

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] Des plages publicitaires s'ouvrent intempestivement

Messagede dan49 » 05 Juin 2011, 21:36

Bonjour,
J'enregistredepuis quelques jours une ouverture de pages publicitairessans ouvrir internet explorer.
Lorsque je laisse l'ordinateurau repos, mais allumé, lorsque je le réactive ces pages apparaissent. Elles s'ouvrent également lorsque j'utilise l'ordinateur depuis un moment sans être sur internet.
Je pense donc être infecté par un logiciel malveillant. Je suis sous Avast pour l'antivirus et sous windows pour l'antispyware. j'ai bien désactivé ces deux modules pendant l'analyse de malwarebyte' antimalware.
Ces pages sont notamment: Jeu à télécharger.com - Mobifiiesta.com - kko-appli.com etc...
Je vous joins le rapport de malwarebyte:
Malwarebytes' Anti-Malware 1.51.0.1200
http://www.malwarebytes.org

Version de la base de données: 6775

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

05/06/2011 18:11:24
mbam-log-2011-06-05 (18-11-15).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 168622
Temps écoulé: 4 minute(s), 11 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 11
Fichier(s) infecté(s): 103

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\Users\Daniel\AppData\Roaming\EoRezo (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\softwareupdate (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\softwareupdate\Download (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\softwareupdate\Software (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\local settings\application data\EoRezo (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\local settings\application data\EoRezo\EoRezo (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\local settings\application data\EoRezo\EoRezo\EoStats (Adware.EoRezo) -> No action taken.

Fichier(s) infecté(s):
c:\Users\Daniel\AppData\Roaming\EoRezo\cmhost.cyp (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\confmedia.cyp (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather.cfg (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\host.cyp (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\user.cyp (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\eoweather.cfg (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\eoweatherval_02ec282.cfg (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\background_1.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\earth.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\67_day.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\67_night.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\69_day.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\69_night.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\70_day.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\70_night.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\78_day.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\78_night.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\82_day.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\82_night.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\83_day.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\83_night.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\84_day.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\84_night.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\85_day.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\85_night.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\89_day.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\89_night.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\back.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\background.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\fonds_écran.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\help.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\helppressed.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\minimise.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\minimisepressed.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\next.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\nextpressed.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\option.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\optionpressed.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\reflet_ecran.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\small_background.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\Thumbs.db (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\background_1days.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\background_2days.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\background_7days.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\backpressed.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\band.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\band_small.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\close.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\closepressed.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\dayprevisionbackground.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_classic\dayprevisionclose.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\67_day.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\67_night.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\69_day.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\69_night.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\70_day.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\70_night.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\78_day.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\78_night.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\82_day.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\82_night.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\83_day.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\83_night.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\84_day.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\84_night.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\85_day.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\85_night.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\89_day.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\89_night.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\about.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\back.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\background.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\background_1.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\background_1days.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\background_2days.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\background_7days.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\backpressed.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\close.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\closepressed.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\dayprevisionbackground.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\dayprevisionclose.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\earth.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\fonds_écran.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\help.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\helppressed.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\minimise.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\minimisepressed.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\next.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\nextpressed.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\option.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\optionpressed.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\reflet_ecran.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\Thumbs.db (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\eoweather\images_station_meteo\txt_14x13.png (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\softwareupdate\help_config.cyp (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\softwareupdate\unins000.dat (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\softwareupdate\user_config.cyp (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\AppData\Roaming\EoRezo\softwareupdate\user_profil.cyp (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\local settings\application data\EoRezo\EoRezo\confmedia.cyp (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\local settings\application data\EoRezo\EoRezo\eorezo_confmedia.cyp (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\local settings\application data\EoRezo\EoRezo\user.cyp (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\local settings\application data\EoRezo\EoRezo\user_profil.cyp (Adware.EoRezo) -> No action taken.
c:\Users\Daniel\local settings\application data\EoRezo\EoRezo\EoStats\eoStats.txt (Adware.EoRezo) -> No action taken.
merci pour votre aide. je vous adresse les deux autres rapports.
dan49
 
Messages: 31
Inscription: 26 Avr 2010, 13:33

Re: Des plages publicitaires s'ouvrent intempestivement

Messagede dan49 » 05 Juin 2011, 21:47

Je vous joins le rapport OTL.txt en deux parties ce rapport étant trop long:

OTL logfile created on: 05/06/2011 18:15:46 - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Daniel\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,88% Memory free
4,00 Gb Paging File | 2,59 Gb Available in Paging File | 64,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 107,54 Gb Free Space | 46,18% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 707,80 Gb Free Space | 37,99% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 927,56 Gb Free Space | 99,58% Space Free | Partition Type: NTFS

Computer Name: PC-DE-DANIEL | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/05 17:19:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/03/26 06:17:14 | 000,562,176 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2011/03/23 17:26:22 | 000,392,192 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/24 14:31:48 | 000,671,360 | ---- | M] (Agence-Exclusive) -- C:\Users\Daniel\AppData\Roaming\Agence-Exclusive\Agence-Exclusive\autoupdater.exe
PRC - [2011/02/24 14:17:32 | 001,035,904 | ---- | M] (PcTuto) -- C:\Program Files\Agence-Exclusive\pctuto.exe
PRC - [2011/01/25 18:36:38 | 000,082,944 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe
PRC - [2011/01/13 10:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/26 03:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/26 03:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/08/03 19:30:45 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/04/02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/24 19:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/03/02 20:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/09/12 17:38:50 | 000,358,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/09/12 17:38:46 | 000,661,160 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/09/12 17:38:16 | 005,081,912 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/20 08:07:04 | 000,955,712 | ---- | M] (SFR) -- C:\Program Files\SFR\Kit\9props.exe
PRC - [2009/06/04 00:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/06 16:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Volume Panel\VolPanlu.exe
PRC - [2006/10/11 13:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe


========== Modules (SafeList) ==========

MOD - [2011/06/05 17:19:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
MOD - [2011/01/13 10:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/12/21 07:34:12 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 03:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
MOD - [2009/07/14 03:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2009/07/14 03:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll
MOD - [2009/07/14 03:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davhlpr.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RelevantKnowledge)
SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (MBC)
SRV - File not found [On_Demand | Stopped] -- -- (GCADNGNQ)
SRV - File not found [On_Demand | Stopped] -- -- (AZGCGQZ)
SRV - File not found [On_Demand | Stopped] -- -- (ALMYCN)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/18 12:14:27 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/03/26 06:17:14 | 000,562,176 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2011/01/13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/26 03:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/08/03 19:30:45 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/06/02 23:18:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/20 17:06:52 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/09/23 14:50:28 | 000,238,960 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2009/09/12 17:38:46 | 000,661,160 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/31 20:34:40 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/18 14:48:05 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2011/01/13 10:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 10:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 10:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 10:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 10:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/01/06 12:59:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/12/15 17:55:01 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/11/26 09:23:42 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/09/01 17:25:44 | 001,603,712 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2010/08/26 05:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/08/26 05:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/26 03:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/08/03 19:30:47 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/08/03 19:30:41 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV - [2010/08/03 19:30:39 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/11/01 10:45:34 | 000,028,000 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/09/23 14:53:20 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2009/09/02 11:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/26 22:39:24 | 000,659,592 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\Windows\System32\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/06/04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/10/24 08:12:36 | 000,308,640 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MicNgTun.sys -- (MicNgTun)
DRV - [2008/10/24 08:12:36 | 000,081,184 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MicNgBas.sys -- (MicNgBas)
DRV - [2008/10/24 08:12:36 | 000,079,904 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MicNgCap.sys -- (MicNgCap)
DRV - [2007/12/14 09:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKU\S-1-5-21-3644966581-75328946-59165048-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Search-Results"
FF - prefs.js..browser.search.defaultenginename: "Search-Results"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic France FF Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2207610&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search-Results"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Search-Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://getii.com/dvds"
FF - prefs.js..extensions.enabledItems: reducbarre@reducbarre.com:1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {6d6b212b-2245-4898-8b16-9a11b81ff9e1}:2.7.2.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.startup.homepage: "http://fr.msn.com/"
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?mkt=fr-FR&FORM=MIZWG0&q="
FF - prefs.js..browser.search.selectedEngine: "Live Search"


FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010/07/26 23:42:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/04/05 09:06:45 | 000,000,000 | ---D | M]

[2010/08/09 16:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions
[2011/04/05 09:01:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions
[2010/08/09 16:30:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/08 10:34:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/05 08:53:39 | 000,000,000 | ---D | M] (Softonic France FF Community Toolbar) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}
[2011/04/05 08:53:52 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/04/05 08:53:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/05 08:53:51 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\engine@conduit.com
[2011/04/05 09:01:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\staged
[2010/08/09 16:30:07 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\support@predictad.com
[2011/04/05 10:05:35 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\toolbar@ask.com
[2010/02/04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\searchplugins\askcom.xml
[2009/12/07 09:50:51 | 000,002,171 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\searchplugins\bing.xml
[2010/08/05 21:35:24 | 000,000,939 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\searchplugins\conduit.xml
[2011/01/06 13:03:47 | 000,002,055 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\searchplugins\daemon-search.xml
[2011/03/17 13:02:11 | 000,002,558 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\searchplugins\fissa.xml
[2011/04/11 11:55:50 | 000,001,775 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\searchplugins\live-search.xml
[2011/03/20 23:35:16 | 000,003,295 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\searchplugins\search-results.xml
[2011/04/05 09:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/07 17:49:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 11:38:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/05 09:36:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/04 08:40:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/08/12 17:18:45 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
File not found (No name found) --
() (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\{E411BB40-B04C-11D8-92E7-00D09E0179F2}.XPI
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/02/23 11:09:14 | 000,002,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchaudio.xml

O1 HOSTS File: ([2009/06/04 08:47:37 | 000,307,170 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10575 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..\Toolbar\WebBrowser: (no name) - {1660B308-BECB-4062-890D-396B2FBBC8CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [EoWeather] File not found
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [pctuto] C:\Program Files\Agence-Exclusive\pctuto.exe (PcTuto)
O4 - HKLM..\Run: [Service Scheduler2 Acronis] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-3644966581-75328946-59165048-1000..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR)
O4 - HKLM..\RunOnce: [autoupdater] C:\Users\Daniel\AppData\Roaming\Agence-Exclusive\Agence-Exclusive\autoupdater.exe (Agence-Exclusive)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/58.10/uploader2.cab (UploadListView Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.5.cab (DLM Control)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://www.ma-config.com/activex/MaConfig_3_5_3_0.cab (HardwareDetection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} https://static.impots.gouv.fr/tdir/stat ... .0.0.1.cab (AdSignerLCContrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} http://cabs.rte.fr/RteAllCabsMFC.cab (RteDocumatDoc Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/05/31 23:19:20 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/05/31 23:19:20 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/05/31 23:19:20 | 000,000,000 | RHSD | M] - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011/06/05 17:28:25 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Daniel\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/05 17:19:56 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2011/06/05 09:41:39 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{6349B85D-302B-40D1-BEC8-E65872996241}
[2011/06/04 15:05:12 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{581E38CD-2485-4EDE-ADC7-FA519EA4A469}
[2011/06/03 11:38:53 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{74C8AD08-6F92-4920-A816-1F1FC2039D16}
[2011/06/02 11:19:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{58FC68BA-D3EF-48E9-BB41-D4EF7BB4F225}
[2011/06/01 14:30:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{A283AD34-BA4B-4DEE-A15B-A3E5E96EE38B}
[2011/05/31 23:19:20 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2011/05/31 23:09:46 | 000,000,000 | ---D | C] -- C:\UsbFix
[2011/05/31 22:37:55 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{7336B61A-5B2F-4D33-B327-9F84C499A794}
[2011/05/31 08:13:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{15F1D13F-2453-4CD1-BFCD-D18EA7FAE696}
[2011/05/30 12:05:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{1A4796EA-EBF3-4685-8986-42B6610B9637}
[2011/05/29 23:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Google Chrome
[2011/05/29 23:14:37 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{1F5A0C1D-1B0A-4E87-910F-DF61CF73FA01}
[2011/05/29 08:27:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{FC7B4718-1C91-4E69-B1C3-1ED30F54CCB9}
[2011/05/28 13:39:54 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{77320DD5-C1D8-4A24-9081-379A5488BDCF}
[2011/05/27 22:59:22 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C94656F4-2BE5-4BEB-BCDB-71D20BFA0AAA}
[2011/05/27 10:49:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{09758500-1551-4D25-A2A3-8A709612B48B}
[2011/05/26 22:24:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{F72EBE46-8CD7-4827-9F38-B898E9DCB270}
[2011/05/26 18:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Google Earth
[2011/05/26 07:56:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{36569CB9-E184-4351-86C4-5DABAFBE18ED}
[2011/05/25 14:25:45 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{8F5475A4-4F9B-4DBA-AE66-1DAA36889048}
[2011/05/25 08:12:45 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/05/24 09:11:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{474AEB6F-61B7-4FD5-A433-39E25DEFC626}
[2011/05/23 19:33:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\gtk-2.0
[2011/05/23 19:33:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\.thumbnails
[2011/05/23 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\gegl-0.0
[2011/05/23 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Daniel\.gimp-2.6
[2011/05/23 15:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\pctuto
[2011/05/23 15:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\pctuto
[2011/05/23 15:12:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Agence-Exclusive
[2011/05/23 15:12:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Agence-Exclusive
[2011/05/23 15:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Agence-Exclusive
[2011/05/23 14:17:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{8F0DCDFA-456E-4D2F-B5B1-EA605BBC0AD5}
[2011/05/22 23:35:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{0F5D71C8-D1C4-4C16-A88D-9A64DAA182BF}
[2011/05/22 08:42:39 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{88210974-C3FF-4B55-9E6C-54407B976735}
[2011/05/21 13:56:32 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D101FDA5-542B-4057-9A35-2E476F94B7B4}
[2011/05/20 23:09:07 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{60A70ADA-EA3F-4639-A78D-457D6F800E46}
[2011/05/19 23:50:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{467C9702-F3C9-4179-A697-9E1085745CE0}
[2011/05/19 13:42:07 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/05/19 10:03:07 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/18 23:25:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D2D08A21-2770-4F1B-A9D4-05F69C795733}
[2011/05/18 09:28:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{51B2F41F-1465-46DC-943B-8839417FD191}
[2011/05/17 12:25:39 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{BA4BF613-ABC1-4A23-8957-D1720BE32CC9}
[2011/05/16 22:28:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{FFA4A09D-CE4A-4C5A-80C3-E84F8F59E027}
[2011/05/13 23:13:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D332A073-C9C6-45B1-BA95-5E55D00D9637}
[2011/05/13 09:40:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{BBAAC572-7252-424F-991B-2ECAF8F763BD}
[2011/05/12 13:59:06 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{1CE9CEEA-1E56-44AE-9C98-5EC02AD11154}
[2011/05/11 23:37:24 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{7FA7A2FE-DF47-4815-9F9D-A18171F9A262}
[2011/05/11 11:46:31 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/05/11 11:46:31 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011/05/11 11:46:29 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/05/11 11:46:29 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/05/10 23:33:58 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{9127690D-2D56-4216-B7BC-274131EB2DF7}
[2011/05/10 08:28:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C03FE8D1-C0DF-40A3-ADCC-C65B7ED3239C}
[2011/05/09 12:24:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{B8605DD3-6EF9-443D-9354-8CAF1ED3425D}
[2011/05/08 23:15:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{8C9D886B-6219-493F-8F64-FE2279ABBB73}
[2011/05/08 08:34:29 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{4A7C1CCF-A2D1-4173-A422-82B41EAFA479}
[2011/05/07 11:37:32 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Fairport conventio - Gold séries Folk_data
[2011/05/07 09:24:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{07A1206D-E479-4629-99B3-C103B17B0C12}
[2011/05/07 09:23:40 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Dark Dark Dark - Wild go_data
[2009/12/12 00:49:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Daniel\AppData\Roaming\pcouffin.sys
[2009/06/04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009/06/04 00:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
dan49
 
Messages: 31
Inscription: 26 Avr 2010, 13:33

Re: Des plages publicitaires s'ouvrent intempestivement

Messagede dan49 » 05 Juin 2011, 21:50

Voici la deuxième partie:

========== Files - Modified Within 30 Days ==========

[2011/06/05 18:16:35 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/06/05 17:47:52 | 000,000,850 | ---- | M] () -- C:\Users\Daniel\Desktop\NTREGOPT.lnk
[2011/06/05 17:47:52 | 000,000,831 | ---- | M] () -- C:\Users\Daniel\Desktop\ERUNT.lnk
[2011/06/05 17:40:09 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/05 17:40:09 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/05 17:35:17 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/06/05 17:33:11 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/05 17:33:03 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/06/05 17:32:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/05 17:32:43 | 1610,059,776 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/05 17:32:00 | 000,055,828 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000006-00000000-00000001-00001102-00000005-00311102}.rfx
[2011/06/05 17:32:00 | 000,055,828 | ---- | M] () -- C:\Windows\System32\BMXState-{00000006-00000000-00000001-00001102-00000005-00311102}.rfx
[2011/06/05 17:32:00 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000006-00000000-00000001-00001102-00000005-00311102}.rfx
[2011/06/05 17:30:57 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/05 17:29:02 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Daniel\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/05 17:21:27 | 000,000,417 | ---- | M] () -- C:\Users\Daniel\Desktop\scan (1).zip
[2011/06/05 17:20:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/05 17:19:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2011/06/05 11:56:31 | 000,001,995 | ---- | M] () -- C:\Users\Daniel\Desktop\HijackThis.lnk
[2011/05/31 23:20:18 | 084,506,924 | ---- | M] () -- C:\UsbFix_Upload_Me_PC-DE-DANIEL.zip
[2011/05/31 23:03:19 | 000,001,516 | ---- | M] () -- C:\Users\Daniel\Desktop\UsbFix.exe - Raccourci.lnk
[2011/05/29 23:48:41 | 000,002,157 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/29 23:48:41 | 000,002,141 | ---- | M] () -- C:\Users\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/29 23:46:16 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/26 18:23:48 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/23 19:33:30 | 000,000,889 | ---- | M] () -- C:\Users\Daniel\.recently-used.xbel
[2011/05/22 09:12:09 | 000,000,176 | ---- | M] () -- C:\Users\Daniel\Desktop\Apprendre à faire des photos et à les retoucher 1point2vue.url
[2011/05/22 09:01:54 | 001,059,202 | ---- | M] () -- C:\Users\Daniel\Desktop\PremierPasEnPhoto.pdf
[2011/05/21 08:55:46 | 000,000,141 | ---- | M] () -- C:\Users\Daniel\Desktop\Gimp les tutoriaux the gimp.url
[2011/05/19 10:03:07 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/07 11:38:27 | 000,000,120 | ---- | M] () -- C:\Users\Daniel\Desktop\Satellite - The Kills beta.deezer.com.url
[2011/05/07 11:37:42 | 000,400,966 | ---- | M] () -- C:\Users\Daniel\Documents\Fairport conventio - Gold séries Folk.aup
[2011/05/07 09:23:42 | 000,134,966 | ---- | M] () -- C:\Users\Daniel\Documents\Dark Dark Dark - Wild go.aup
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/05 18:16:35 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/06/05 17:47:52 | 000,000,850 | ---- | C] () -- C:\Users\Daniel\Desktop\NTREGOPT.lnk
[2011/06/05 17:47:52 | 000,000,831 | ---- | C] () -- C:\Users\Daniel\Desktop\ERUNT.lnk
[2011/06/05 17:20:59 | 000,000,417 | ---- | C] () -- C:\Users\Daniel\Desktop\scan (1).zip
[2011/06/05 11:56:31 | 000,001,995 | ---- | C] () -- C:\Users\Daniel\Desktop\HijackThis.lnk
[2011/05/31 23:20:09 | 084,506,924 | ---- | C] () -- C:\UsbFix_Upload_Me_PC-DE-DANIEL.zip
[2011/05/31 23:03:19 | 000,001,516 | ---- | C] () -- C:\Users\Daniel\Desktop\UsbFix.exe - Raccourci.lnk
[2011/05/29 23:48:41 | 000,002,157 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/29 23:48:41 | 000,002,141 | ---- | C] () -- C:\Users\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/29 23:46:16 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/26 18:23:48 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/23 19:33:30 | 000,000,889 | ---- | C] () -- C:\Users\Daniel\.recently-used.xbel
[2011/05/22 09:12:09 | 000,000,176 | ---- | C] () -- C:\Users\Daniel\Desktop\Apprendre à faire des photos et à les retoucher 1point2vue.url
[2011/05/22 09:01:54 | 001,059,202 | ---- | C] () -- C:\Users\Daniel\Desktop\PremierPasEnPhoto.pdf
[2011/05/21 08:55:46 | 000,000,141 | ---- | C] () -- C:\Users\Daniel\Desktop\Gimp les tutoriaux the gimp.url
[2011/05/07 11:38:27 | 000,000,120 | ---- | C] () -- C:\Users\Daniel\Desktop\Satellite - The Kills beta.deezer.com.url
[2011/05/07 11:37:42 | 000,400,966 | ---- | C] () -- C:\Users\Daniel\Documents\Fairport conventio - Gold séries Folk.aup
[2011/05/07 09:23:42 | 000,134,966 | ---- | C] () -- C:\Users\Daniel\Documents\Dark Dark Dark - Wild go.aup
[2011/03/25 12:42:26 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/02/01 18:54:08 | 000,000,077 | ---- | C] () -- C:\Windows\MovieHunter.INI
[2010/11/24 09:49:05 | 000,005,037 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2010/11/24 00:33:29 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2010/08/15 14:56:38 | 000,131,072 | ---- | C] () -- C:\Windows\SNVerifyDLL.dll
[2010/07/09 18:19:18 | 000,001,057 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\vso_ts_preview.xml
[2010/06/16 15:22:56 | 000,219,348 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/06/16 00:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/04/26 09:01:43 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/04/14 10:56:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/02/20 13:08:46 | 000,000,775 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\WtvWatcher.settings
[2009/12/13 20:18:36 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/12 11:56:47 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/12/12 00:49:48 | 000,087,608 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\inst.exe
[2009/12/12 00:49:48 | 000,007,887 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\pcouffin.cat
[2009/12/12 00:49:48 | 000,001,144 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\pcouffin.inf
[2009/12/06 21:36:25 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2009/12/06 10:06:03 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2009/12/06 10:05:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2009/12/06 10:05:11 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/12/06 10:05:11 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/06 14:24:38 | 000,000,594 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\QuickZip45.ini
[2009/11/02 11:21:38 | 000,023,552 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/01 21:00:54 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/01 20:21:00 | 000,021,680 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/11/01 19:59:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/11/01 19:59:12 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/11/01 19:59:12 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/11/01 10:45:34 | 000,037,888 | ---- | C] () -- C:\Windows\System32\setupnt.dll
[2009/10/21 09:57:46 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/14 11:31:24 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2009/08/20 16:13:49 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll
[2009/08/03 17:22:40 | 000,031,007 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\UserTile.png
[2009/08/01 18:23:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/27 17:53:40 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/07/14 10:39:49 | 000,839,024 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2009/07/14 10:39:49 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2009/07/14 10:39:49 | 000,184,290 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2009/07/14 10:39:49 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,311,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,745,906 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,156,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009/06/04 00:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2009/06/04 00:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2009/06/04 00:36:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009/06/04 00:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009/05/27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009/02/18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/12/30 10:07:22 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2008/12/21 18:00:26 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/12/19 00:24:10 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIFRN.DLL
[2008/02/01 08:18:14 | 000,009,216 | ---- | C] () -- C:\Windows\System32\drivers\FlashSys.sys
[2007/09/20 12:33:52 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007/09/20 12:33:52 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/09/20 12:33:52 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2007/09/20 12:33:52 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2007/09/20 12:33:52 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007/09/20 12:33:52 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2007/09/20 12:33:52 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2007/09/20 12:33:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/09/20 12:33:52 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2007/09/20 12:33:52 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2007/09/20 12:33:52 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2007/09/20 12:33:52 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2007/09/20 12:33:52 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007/09/20 12:33:52 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2007/09/20 12:33:52 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2007/09/20 12:33:52 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/09/20 12:33:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2007/09/20 12:33:52 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2007/09/20 12:33:52 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2002/03/17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000104.DLL

========== LOP Check ==========

[2011/01/06 11:15:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acronis
[2011/05/23 15:12:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Agence-Exclusive
[2011/01/31 23:46:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\AnvSoft
[2011/05/07 11:37:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Audacity
[2009/11/01 20:12:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Auslogics
[2010/04/06 23:15:39 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\avidemux
[2011/03/18 18:06:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\BitZipper
[2011/03/15 18:03:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Broad Intelligence
[2010/08/09 16:24:50 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Canneverbe Limited
[2010/08/09 16:30:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Canneverbe_Limited
[2011/03/25 11:58:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Canon
[2010/03/03 09:29:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\CD-LabelPrint
[2011/01/12 16:49:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Cocoon Software
[2010/08/09 16:24:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\CocoonSoftware
[2011/01/06 12:59:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite
[2010/08/09 16:30:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DeepBurner
[2011/03/21 00:56:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\EoRezo
[2010/07/24 15:54:47 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\EurekaLog
[2011/05/30 11:19:56 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FileZilla
[2011/03/15 22:33:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FissaSearch
[2011/01/05 15:43:26 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\foobar2000
[2011/03/17 12:20:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FreeBurner
[2011/03/25 14:40:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FreeVideoConverter
[2010/02/11 12:39:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\gcstar
[2011/01/06 11:14:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GF-Player
[2011/05/23 19:33:30 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\gtk-2.0
[2011/01/04 12:18:56 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\HandBrake
[2009/11/04 22:47:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\igraal
[2010/07/24 11:52:46 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ImgBurn
[2009/11/01 20:12:21 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\InfraRecorder
[2011/03/25 12:33:05 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\m4ng
[2009/11/01 20:12:21 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Media Control
[2009/11/01 20:12:21 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Micro Application
[2010/07/24 08:47:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\mkvtoolnix
[2010/11/11 15:39:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mp3tag
[2010/03/10 22:50:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\MPEG Streamclip
[2011/03/18 15:51:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OfferBox
[2009/08/03 17:22:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PeerNetworking
[2011/03/18 14:52:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Pegasys Inc
[2010/02/25 12:07:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Peter Souza IV
[2010/08/09 16:30:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PhotoFiltre
[2010/08/09 16:30:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Pouchin TV Mod
[2009/11/01 20:12:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ScanSoft
[2009/11/01 20:12:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\SlySoft
[2009/11/16 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Smart Recorder
[2011/03/25 20:51:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\SourceTec
[2010/02/28 11:13:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\SpiritON TV Software
[2010/08/09 16:30:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TerraTec
[2011/02/18 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TreeCardGames
[2011/01/13 16:44:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Twan Wintjes
[2011/02/01 18:26:57 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Ulead Systems
[2010/03/18 11:34:27 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Uniblue
[2010/07/15 22:22:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\UseNeXT
[2011/03/31 10:45:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Vso
[2010/02/20 11:45:10 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\WeecastPlayer.A27AB7741756020517D10FDBA9AD7A2F55F5F984.1
[2010/10/26 15:20:27 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Windows Live Writer
[2011/02/09 11:17:59 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\WinFF
[2010/01/05 14:15:24 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\XBMC
[2011/01/29 19:14:26 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Xilisoft Corporation
[2011/03/18 13:06:44 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2009/07/14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\System32\ctfmon.exe
[2009/07/14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: IASTORV.SYS >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WININIT.EXE >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 845 bytes -> C:\Users\Daniel\Documents\Amazon_fr_ votre commande.eml:OECustomProperty
@Alternate Data Stream - 24 bytes -> C:\Windows:FDB1FA436426B802
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:0888F409
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:66633281
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:30FD0CBD
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:3440EB47
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C7D0F96D
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C1374ACE

< End of report >
dan49
 
Messages: 31
Inscription: 26 Avr 2010, 13:33

Re: Des plages publicitaires s'ouvrent intempestivement

Messagede dan49 » 05 Juin 2011, 21:53

Je vous joins le rapport Extras.txt:

OTL Extras logfile created on: 05/06/2011 18:15:46 - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Daniel\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,88% Memory free
4,00 Gb Paging File | 2,59 Gb Available in Paging File | 64,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 107,54 Gb Free Space | 46,18% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 707,80 Gb Free Space | 37,99% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 927,56 Gb Free Space | 99,58% Space Free | Partition Type: NTFS

Computer Name: PC-DE-DANIEL | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{043F86B7-EE12-3399-B2CA-D0B603D87963}" = Microsoft .NET Framework 4 Extended FRA Language Pack
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{1102B81E-73F2-339C-E299-C48D7CA32441}" = Catalyst Control Center Graphics Full Existing
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{15422767-809D-8D9C-140D-99B39C9683DA}" = Catalyst Control Center Graphics Full New
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{186DB7E2-1C55-0715-12E1-7FC473D30A4C}" = Catalyst Control Center Graphics Previews Common
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B3B5C60-70B8-F022-5497-03FD2772586C}" = CCC Help Greek
"{1C87A9F3-D01A-F4DA-F3DF-6ED7DB9EEBE1}" = CCC Help French
"{1E66C7FF-F827-4AEF-A998-932EA824998B}" = Aqua Real
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2318E9DF-8E1D-4E04-84D6-85098CFF854E}}_is1" = GreenForce-Player 1.02
"{23ABEDC0-AEDB-158D-1AB1-DDAE09BF8CB8}" = ATI AVIVO Codecs
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{278AD90C-D27D-AA89-58DF-AD13852D51CA}" = CCC Help Spanish
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2CDBFF1A-6433-E94D-CA25-831FDB9775E9}" = CCC Help Italian
"{31DED885-1124-0E58-97FB-73E4EF692E8D}" = CCC Help Hungarian
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{32A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33B670D7-8A06-DA5B-0341-5630D1E12007}" = ccc-core-static
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{38D65ABC-A00B-6E13-2EF3-826CFC8CFC14}" = CCC Help French
"{39561278-78E9-4E0D-971F-0F13C7157BC8}" = Media Browser
"{3A1BBC38-2602-B555-24D3-942F01D8DC39}" = CCC Help English
"{3B4325A0-43CD-10D1-64F6-BD2F90DCB756}" = Catalyst Control Center Graphics Previews Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4044436C-3A01-4ECA-8FC9-AC8F3F838EDC}" = Audials TV
"{425FFD94-36BD-4933-881B-FE0B9DADF2B7}" = Ma-Config.com
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}" = Fissa
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.21
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55B6344C-AE4F-4DA8-BF32-D7AE0CB4D2BE}_is1" = theRenamer 7.3b
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5774B4C1-8579-D5D9-8D38-A0CE32B6736C}" = CCC Help German
"{58CC8669-09B3-4AC7-B3DF-B5768F12878E}" = My Movies Collection Management
"{5D19BB0D-9B04-5B85-9295-4E11BCB1C2C3}" = CCC Help Polish
"{5D8A076D-F75E-A149-10D8-87338721AA3A}" = ATI Catalyst Install Manager
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62630B9A-E2EF-4F52-A30D-8E0A65E9F30B}" = dotNet FFMPEG GUI
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{6419FBF5-2DB7-FF43-EE67-5448F868D080}" = Catalyst Control Center Core Implementation
"{6494E146-418F-85E1-142E-D2F122C75274}" = ccc-utility
"{65589581-920C-CAE1-58C2-2149D3AA3F39}" = HydraVision
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (MYMOVIES)
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73AD720B-D76B-4440-A965-2D253E232143}" = TSDoctor
"{75794DD1-5D69-4E33-A141-C3D4B0724C71}" = Catalyst Control Center Graphics Previews Common
"{758C8CEF-330E-470A-A334-EB387A27DA92}" = Cypheros Desktop Clock
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Gestionnaire pour appareils Windows Mobile
"{92E4CCD6-CB9A-951B-E333-78A8BC6BA8E2}" = Catalyst Control Center Localization French
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV pour Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FA7B446-0DE0-C883-9DB4-AC9A35D60735}" = Catalyst Control Center HydraVision Full
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6834535-4E7D-C07A-2CAA-E2B73C82EC60}" = AMD Drag and Drop Transcoding
"{A68633E6-823A-4F97-A203-39808DE405A9}" = PlayReady PC Runtime X86
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.4 - Français
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACB91656-A3D1-4E5F-82F0-D3E5200F1D06}" = Skins
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B087B0C3-F595-485A-B86B-73326BA8693A}" = OpenOffice.org 2.3
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B539E69D-DD59-457D-A926-CF01ACA6D04C}" = Microsoft Image Composite Editor
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C21B8D64-350C-4FCA-899F-9FBEA69A92D1}_is1" = eac3to µGUI version 0.7.2
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C3F7C6EB-B6AD-CE5E-46BD-E6DE8EBB6E5A}" = Catalyst Control Center Graphics Previews Vista
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8E9FBF9-6CBE-AE9B-C8AB-2C8F5E32140C}" = ccc-core-static
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF6AE90D-05E8-4D0B-AF79-94F9E1CA5601}" = Microsoft Flight Simulator X Demo
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = Auslogics Registry Defrag
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DDACB061-0C85-8A15-45C9-28415476762B}" = Catalyst Control Center Graphics Light
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2A6B1A0-C1E3-4311-BF86-EAF18841FD67}" = CANAL+ pour Windows Media Center
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E7044E25-3038-4A76-9064-344AC038043E}" = Mise à jour du pilote du Gestionnaire pour appareils Windows Mobile
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8454B5F-4122-864C-002D-31F878D2CBF4}" = CCC Help English
"{EB97F682-3C8B-45D7-8274-C88EF01A0995}" = Music Browser
"{ECE1F718-CDFD-7A05-BDB9-4D33BFE67D9C}" = ccc-utility
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E6252F-8DC2-B508-D412-1C427CDB3448}" = CCC Help Portuguese
"{FC6B78BE-922F-45D4-9D47-D10C494658F6}" = TSConverter
"{FE4466A3-76B3-A9F4-9B22-150D6F8B4647}" = Catalyst Control Center Localization All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"123 Free Solitaire_is1" = 123 Free Solitaire 2009 v7.2
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"ALchemy" = Creative ALchemy
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AudioCS" = Panneau de configuration audio Creative
"AutocompletePro3_is1" = AutocompletePro
"avast5" = avast! Free Antivirus
"BitZipper_is1" = BitZipper 2010
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Propriétés de Creative Sound Blaster
"Creative Volume Panel" = Panneau de volume
"DPP" = Canon Utilities Digital Photo Professional 3.9
"DualCoreCenter_is1" = DualCoreCenter
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Editeur NJM" = Editeur NJM
"Enregistrement utilisateur de Canon MG6100 series" = Enregistrement utilisateur de Canon MG6100 series
"Enregistrement utilisateur de Canon MP600" = Enregistrement utilisateur de Canon MP600
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Ext2Fsd_is1" = Ext2Fsd 0.48
"FairUse Wizard 2" = FairUse Wizard 2
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.3
"GCstar" = GCstar 1.5.0
"Google Chrome" = Google Chrome
"Google Updater" = Outil de mise à jour Google
"HaaliMkx" = Haali Media Splitter
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{CF6AE90D-05E8-4D0B-AF79-94F9E1CA5601}" = Microsoft Flight Simulator X Demo
"LameACM" = Lame ACM MP3 Codec
"Liveupdate4_is1" = Liveupdate4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MediaInfo" = MediaInfo 0.7.41
"MediaInfo.dll" = MediaInfo.dll 0.7.41
"MediaPortal" = MediaPortal
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Extended FRA
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Money2005b" = Microsoft Money
"Movie Collection 2010_is1" = Movie Collection 6.0.5.2
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Mp3tag" = Mp3tag v2.46a
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"myiHome_is1" = myiHome v5.2.0
"NirSoft VideoCacheView" = NirSoft VideoCacheView
"OpenAL" = OpenAL
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PC Wizard 2009_is1" = PC Wizard 2009.1.90
"PcTuto_is1" = PcTuto 1.1
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"SFR_Kit" = SFR - Kit de connexion
"Smart Recorder" = Enregistreur intelligent Creative
"SoftwareUpdate_is1" = SoftwareUpdate 1.5
"Tuto The Gimp_is1" = Tuto The Gimp1.0.0.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.9.0
"Usbfix" = UsbFix By TeamXscript
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.7
"WaveStudio 7" = Creative WaveStudio 7
"WFTK" = Canon Utilities WFT Utility
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live
"Xvid_is1" = Xvid 1.2.2 final uninstall
"YouTubeGet_is1" = YouTubeGet 5.4
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EASYVIDEOSOFT" = VideoTheque
"FileZilla Client" = FileZilla Client 3.3.4.1
"PhotoFiltre" = PhotoFiltre

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
dan49
 
Messages: 31
Inscription: 26 Avr 2010, 13:33

Re: Des plages publicitaires s'ouvrent intempestivement

Messagede nickW » 06 Juin 2011, 00:49

Bonsoir,

1/ Mais as-tu vraiment lu les conditions générales de Agence-Exclusive?

LES INFORMATIONS COMMUNIQUEES PAR LES UTILISATEURS SERONT CONSERVEES DANS UN FICHIER INFORMATISE APPARTENANT A LA SOCIETE L’AGENCE EXCLUSIVE ET SONT SUSCEPTIBLES D'ETRE COMMUNIQUEES AUX PARTENAIRES COMMERCIAUX DE L’AGENCE EXCLUSIVE, ET/OU A TOUT TIERS AUX FINS DE PERMETTRE LA FOURNITURE DU SERVICE PROPOSE PAR L’AGENCE EXCLUSIVE ET/OU D'ASSURER LA PUBLICITE ET LA PROMOTION DE PRODUITS OU DE SERVICES ET/OU DE FAIRE CONNAITRE A L'UTILISATEUR DES PRODUITS OU SERVICES SUSCEPTIBLES DE L'INTERESSER

L’UTILISATEUR ACCEPTE DE RECEVOIR DE L'AGENCE EXCLUSIVE ET/OU DE SES PARTENAIRES DES OFFRES COMMERCIALES SUR SON TELEPHONE PORTABLE PAR SMS OU MMS.

LES DONNEES COMMUNIQUEES LORS DU TELECHARGEMENT DES LOGICIELS AGENCE EXCLUSIVE POURRONT ETRE CEDEES A TOUT TIERS.

En outre, en acceptant les Conditions générales et notamment son article 5 vous consentez à ce que ces informations puissent faire l'objet d'une exploitation commerciale, d'une communication à des tiers ou d'une cession, conformément à la réglementation applicable, sauf à ce que vous vous y opposiez formellement en écrivant à Agence-Exclusive.com, 25 rue de Ponthieu 75008 PARIS.

http://www.agence-exclusive.com/support_licence.html


De plus, 90% de ce qu'ils proposent sur leur page d'accueil est GRATUIT!



2/ Mais as-tu vraiment lu les conditions générales de PcTuto?

LES INFORMATIONS COMMUNIQUEES PAR LES UTILISATEURS SERONT CONSERVEES DANS UN FICHIER INFORMATISE APPARTENANT A LA SOCIETE PCTUTO ET SONT SUSCEPTIBLES D'ETRE COMMUNIQUEES AUX PARTENAIRES COMMERCIAUX DE PCTUTO, ET/OU A TOUT TIERS AUX FINS DE PERMETTRE LA FOURNITURE DU SERVICE PROPOSE PAR PCTUTO ET/OU D'ASSURER LA PUBLICITE ET LA PROMOTION DE PRODUITS OU DE SERVICES ET/OU DE FAIRE CONNAITRE A L'UTILISATEUR DES PRODUITS OU SERVICES SUSCEPTIBLES DE L'INTERESSER

L’UTILISATEUR ACCEPTE DE RECEVOIR DE PCTUTO ET/OU DE SES PARTENAIRES DES OFFRES COMMERCIALES SUR SON TELEPHONE PORTABLE PAR SMS OU MMS.

LES DONNEES COMMUNIQUEES LORS DU TELECHARGEMENT DES LOGICIELS PCTUTO POURRONT ETRE CEDEES A TOUT TIERS.

EN TÉLÉCHARGEANT GRATUITEMENT CET APPLICATIF VOUS BÉNÉFICIEREZ AUSSI EN SITE UNDER D'UNE SÉLECTION DES MEILLEURES OFFRES COMMERCIALES DU NET

http://pctuto.com/support_licence.html




3/ Qui t'a demandé d'utiliser UsbFix le 31/05?



4/ Autres outils, et premiers nettoyages de ce PC qui est infesté de logiciels publicitaires! :twisted:


Étape 1: Désinstallation
Démarrer-->Paramètres-->Panneau de Configuration-->Ajout/Suppression de programmes
Rechercher et désinstaller (si trouvé) Fissa
Rechercher et désinstaller (si trouvé) Search-Results Toolbar
Rechercher et désinstaller (si trouvé) Uniblue RegistryBooster
Rechercher et désinstaller (si trouvé) Conduit Engine
Rechercher et désinstaller (si trouvé) PcTuto 1.1
Rechercher et désinstaller (si trouvé) SoftwareUpdate 1.5
Rechercher et désinstaller (si trouvé) Uninstall 1.0.0.1


Étape 2: Ad-Remover (de la TeamXscript), téléchargement
Télécharger Ad-Remover depuis la page ci-dessous:
http://www.teamxscript.org/adremoverTelechargement.html

Cliquer sur le bouton Bleu Download Image
Enregistrer le fichier AD-R.exe sur le Bureau.


Étape 3: Toolbar-S&D (de la Team IDN), téléchargement
Télécharger Toolbar-S&D via un clic droit sur l'un des liens ci-dessous:
http://eric71.geekstogo.com/tools/ToolBarSD.exe
http://eric.71.mespages.googlepages.com/ToolBarSD.exe
Enregistrer le fichier sur le Bureau.


Étape 4: Désactivation des programmes de sécurité résidents
Désactiver le module résident de l'antivirus.
Image avast5!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Gestion des Agents avast!" et désactiver tous les agents de protection


Étape 5: Toolbar-S&D (de la Team IDN), option 1: Recherche
Faire un double clic sur ToolBarSD.exe situé sur le Bureau pour lancer l'exécution de l'outil.

Choisir la langue en tapant F puis en appuyant sur Entrée.
Lire l'avertissement, puis cliquer sur OK.

Après l'affichage du menu, taper 1 puis faire Entrée pour rechercher les fichiers responsables de l'infection.
Lorsque la recherche est terminée, une fenêtre du Bloc-notes s'ouvre et affiche le rapport (alias log).

Fermer le Bloc-notes, ce qui termine l'exécution de l'outil.

Note:
Si le Bureau ne réapparaît pas, ouvrir le Gestionnaire des tâches en utilisant simultanément les touches CTRL+ALT+SUPP.
Cliquer en haut sur le Menu Fichier et choisir Nouvelle tâche (Exécuter...).
Dans la nouvelle fenêtre Créer une nouvelle tâche qui s'est ouverte, dans la zone Ouvrir, taper exactement explorer puis cliquer sur le bouton OK. Le Bureau va réapparaître.


Étape 6: Ad-Remover (de la TeamXscript), analyse
S'il s'agit du premier lancement d'Ad-Remover, faire un double clic sur le fichier AD-R.exe Image,
sinon faire un double clic sur le raccourci AD-R Image, sur le Bureau.

L'écran principal d'Ad-Remover s'affiche:
Image

Cliquer sur le bouton Scanner et confirmer en cliquant sur le bouton Oui Image.

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer la fenêtre d'Ad-Remover en cliquant sur le bouton Quitter Image.
Fermer le Bloc-notes.


Étape 7: Réactivation des programmes de sécurité résidents
Important: Réactiver le module résident de l'antivirus.


Étape 8: Résultat
Envoyer en réponse:
*- le rapport d'analyse d'Ad-Remover (contenu du fichier %SystemDrive%\Ad-Report-SCAN[n].txt, n étant un numéro d'ordre).
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de ToolBar S&D (contenu du fichier %SystemDrive%\TB.txt)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Des plages publicitaires s'ouvrent intempestivement

Messagede dan49 » 06 Juin 2011, 08:44

Bonjour Nickw,
Pour répondre à tes questions, il semble en effet que je ne suis pas assez vigilant quant aux conséquences d'une adhésion à un site. Je vais être plus vigilent à l'avenir.
Pour ce qui est de l'utilisation du logiciel usbfix, je l'ai trouvé sur un site, mais personne ne m'a demandé de l'utiliser. tu es la première personne à qui je demande de l'aide. J'avais déjà utilisé tes servces il y a quelques temps.
J'ai lancé le logiciel Toolbar-S&D mais je n'obtiens aucune réponse. Je suis sous seven est ce la raison?
Je te joins le rapport de Ad-Remover:

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 09:31:38 le 06/06/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium (X86)
Daniel@PC-DE-DANIEL (MICRO-STAR INTERNATIONAL CO.,LTD MS-7345)

============== RECHERCHE ==============

Service: "RelevantKnowledge" Présent

Fichier trouvé: C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Fichier trouvé: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\mi3roy4r.default\searchplugins\askcom.xml
Dossier trouvé: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\mi3roy4r.default\conduit
Dossier trouvé: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\mi3roy4r.default\ConduitEngine
Dossier trouvé: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\mi3roy4r.default\extensions\engine@conduit.com
Fichier trouvé: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\mi3roy4r.default\searchplugins\conduit.xml
Dossier trouvé: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\mi3roy4r.default\extensions\@FissaPlugin
Fichier trouvé: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\mi3roy4r.default\searchplugins\fissa.xml
Dossier trouvé: C:\Users\Daniel\AppData\Local\Conduit
Dossier trouvé: C:\Users\Daniel\AppData\LocalLow\Conduit
Dossier trouvé: C:\Program Files\Conduit
Dossier trouvé: C:\Program Files\ConduitEngine
Dossier trouvé: C:\Program Files\AutocompletePro
Dossier trouvé: C:\Users\Daniel\AppData\Local\OpenCandy
Dossier trouvé: C:\Program Files\Search Settings
Dossier trouvé: C:\Users\Daniel\AppData\LocalLow\ShoppingReport2
Dossier trouvé: C:\Users\Daniel\AppData\Roaming\EoRezo
Dossier trouvé: C:\Users\Daniel\AppData\Local\EoRezo
Dossier trouvé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EoRezo
Dossier trouvé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuto
Dossier trouvé: C:\Users\Daniel\AppData\Roaming\OfferBox

-- Fichier ouvert: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\mi3roy4r.default\Prefs.js --
Ligne trouvée: user_pref("CT2207610.SavedHomepage", "hxxp://my.daemon-search.com/|hxxp://search.conduit.com/?ctid=C...
Ligne trouvée: user_pref("CT2207610.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_...
Ligne trouvée: user_pref("CT2207610.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT220...
Ligne trouvée: user_pref("CT2269050.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2542115&SearchSource=13");
Ligne trouvée: user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Ligne trouvée: user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226...
Ligne trouvée: user_pref("CT2542115.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_...
Ligne trouvée: user_pref("CT2542115.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT254...
Ligne trouvée: user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2269050");
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT2207610", ...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT2269050", ...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... nApps&lo...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... nApps&lo...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... Apps&loc...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... Apps&loc...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... dApps&lo...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... dApps&lo...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... ar&local...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... ar&local...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-ser ... rt/dlg.pkg", "\...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-se ... er=3.3.3...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... ver=3.3....
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/ ... =CT2207610",...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/ ... =CT2269050",...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... r=FF&lut=0", "63...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit. ... T2207610...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit. ... T2269050...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-serv ... ?locale=en", "\"634...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-serv ... cale=fr-fr", "\"...
Ligne trouvée: user_pref("CommunityToolbar.EngineOwner", "CT2207610");
Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerGuid", "{6d6b212b-2245-4898-8b16-9a11b81ff9e1}");
Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic_france_ff");
Ligne trouvée: user_pref("CommunityToolbar.IsEngineShown", true);
Ligne trouvée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2207610");
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{6d6b212b-2245-4898-8b16-9a11b81ff9e1}");
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic_france_ff");
Ligne trouvée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?FORM=IEFM1&q=...
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList", "CT2542115,CT2269050,CT2207610,ConduitEngine");
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList2", "CT2542115,CT2269050,CT2207610");
Ligne trouvée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Apr 05 2011 08:54:18 GMT+02...
Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Mar 15 2011 10:23:23 GMT+0100");
Ligne trouvée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.alert.locale", "en");
Ligne trouvée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Apr 05 2011 08:54:10 GMT+0200");
Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");
Ligne trouvée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Ligne trouvée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Ligne trouvée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Ligne trouvée: user_pref("CommunityToolbar.alert.userId", "{d88b0a43-c4df-4db9-b41f-3451a8cc8d4f}");
Ligne trouvée: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Feb 07 2011 13:58:56 GMT+0100");
Ligne trouvée: user_pref("CommunityToolbar.globalUserId", "d667d068-42e9-4827-a262-cf8be494534d");
Ligne trouvée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Ligne trouvée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Ligne trouvée: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2207610");
Ligne trouvée: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Tue Apr 05 2011 08:54:16 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.FirstServerDate", "04/05/2011 09");
Ligne trouvée: user_pref("ConduitEngine.FirstTime", true);
Ligne trouvée: user_pref("ConduitEngine.FirstTimeFF3", true);
Ligne trouvée: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Ligne trouvée: user_pref("ConduitEngine.HideEngineAfterRestart", true);
Ligne trouvée: user_pref("ConduitEngine.Initialize", true);
Ligne trouvée: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Ligne trouvée: user_pref("ConduitEngine.InstalledDate", "Tue Apr 05 2011 08:54:16 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.IsMulticommunity", false);
Ligne trouvée: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Ligne trouvée: user_pref("ConduitEngine.IsOpenUninstallPage", true);
Ligne trouvée: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Apr 05 2011 08:54:15 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Apr 05 2011 08:54:15 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.PublisherContainerWidth", 0);
Ligne trouvée: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Ligne trouvée: user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Apr 05 2011 08:54:12 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.UserID", "UN89263643553011222");
Ligne trouvée: user_pref("ConduitEngine.engineLocale", "fr");
Ligne trouvée: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Apr 05 2011 08:54:15 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Apr 05 2011 08:54:17 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.initDone", true);
Ligne trouvée: user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Ligne trouvée: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2207610&Sea...
Ligne trouvée: user_pref("extensions.Fissa.lastRunTime", "Thu, 17 Mar 2011 11:02:10 GMT");
Ligne trouvée: user_pref("extensions.asktb.cbid", "2R");
Ligne trouvée: user_pref("extensions.asktb.crumb", "2011.03.18+08.15.55-toolbar002iad-FR-Qm91bG9nbmUtQmlsbGFuY291cn...
Ligne trouvée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.search-results.com/web?q={query}&o...
Ligne trouvée: user_pref("extensions.asktb.dtid", "get006YYFR");
Ligne trouvée: user_pref("extensions.asktb.first-launch-url", "hxxp://www.avs4you.com/fr/Register.aspx?Type=Install...
Ligne trouvée: user_pref("extensions.asktb.l", "dis");
Ligne trouvée: user_pref("extensions.asktb.last-config-req", "1301986679132");
Ligne trouvée: user_pref("extensions.asktb.locale", "fr_FR");
Ligne trouvée: user_pref("extensions.asktb.o", "16705");
Ligne trouvée: user_pref("extensions.asktb.qsrc", "2871");
Ligne trouvée: user_pref("extensions.asktb.search-suggestions-enabled", false);
Ligne trouvée: user_pref("extensions.enabledAddons", "{3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20101113Wb1,quicks...
Ligne trouvée: user_pref("extensions.enabledItems", "reducbarre@reducbarre.com:1.1,{b9db16a4-6edc-47ec-a1f4-b86292e...
Ligne trouvée: user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-...
-- Fichier Fermé --


Clé trouvée: HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
Clé trouvée: HKLM\Software\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé trouvée: HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
Clé trouvée: HKLM\Software\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Clé trouvée: HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Clé trouvée: HKLM\Software\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Clé trouvée: HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Clé trouvée: HKLM\Software\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Clé trouvée: HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Clé trouvée: HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Clé trouvée: HKLM\Software\Classes\AskToolBar.SettingsPlugin
Clé trouvée: HKLM\Software\Classes\AskToolBar.SettingsPlugin.1
Clé trouvée: HKLM\Software\Classes\BHO.iGraalBHO
Clé trouvée: HKLM\Software\Classes\BHO.iGraalBHO.1
Clé trouvée: HKLM\Software\Classes\Conduit.Engine
Clé trouvée: HKLM\Software\Classes\SuggestMeYes.SuggestMeYesBHO
Clé trouvée: HKLM\Software\Classes\SuggestMeYes.SuggestMeYesBHO.1
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2207610
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2269050
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2542115
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2626277
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2857573
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2866295
Clé trouvée: HKLM\Software\Classes\Toolbar.iGraalToolbar
Clé trouvée: HKLM\Software\Classes\Toolbar.iGraalToolbar.1
Clé trouvée: HKLM\Software\Classes\AppID\AutocompletePro.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Clé trouvée: HKLM\Software\Classes\AppID\BHO.dll
Clé trouvée: HKLM\Software\Classes\AppID\{F5BC53C9-AA01-4579-9927-EA50B636C820}
Clé trouvée: HKLM\Software\Classes\AppID\EoEngineBHO.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400}
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\OfferBox
Clé trouvée: HKCU\Software\AutocompleteProBHO
Clé trouvée: HKCU\Software\FissaSearch
Clé trouvée: HKCU\Software\OfferBox
Clé trouvée: HKCU\Software\AppDataLow\Software\ShoppingReport2
Clé trouvée: HKLM\Software\eRightSoft\OpenCandy
Clé trouvée: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A5C27A2-A708-4C2E-9251-CBC7F0E15D09}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1
Clé trouvée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom

Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|support@predictad.com
Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eoweather
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D}


============== SCAN ADDITIONNEL ==============

-- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\mi3roy4r.default --
Extensions\@FissaPlugin (Fissa)
Extensions\engine@conduit.com (Conduit Engine )
Extensions\staged (?)
Extensions\support@predictad.com (AutocompletePro - Your handy search suggestions tool)
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1} (Softonic France FF Community Toolbar)
Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} (DVDVideoSoftTB Community Toolbar)
Searchplugins\askcom.xml (?)
Searchplugins\conduit.xml (hxxp://search.conduit.com/ResultsExt.as ... e=3&amp;q={searchTerms} /)
Searchplugins\fissa.xml (?)
Searchplugins\search-results.xml (?)
Prefs.js - browser.download.dir, C:\\Users\\Daniel\\Downloads
Prefs.js - browser.download.lastDir, C:\\Users\\Daniel\\Desktop
Prefs.js - browser.search.defaultenginename, Search-Results
Prefs.js - browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
Prefs.js - browser.search.selectedEngine, Search-Results
Prefs.js - browser.startup.homepage, hxxp://getii.com/dvds
Prefs.js - browser.startup.homepage_override.buildID, 20110318052756
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0
Prefs.js - keyword.URL, hxxp://www.bing.com/search?FORM=IEFM1&q=
Prefs.js - browser.startup.homepage, hxxp://fr.msn.com/
Prefs.js - keyword.URL, hxxp://search.live.com/results.aspx?mkt ... =MIZWG0&q=
Prefs.js - browser.search.selectedEngine, Live Search

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU_Main|Start Page - hxxp://www.google.fr/
HKLM_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&lo...)
HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "DVDVideoSoftTB Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
HKCU_SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01} - "Search-Results Search" (hxxp://websearch.search-results.com/red ... 5&src=cr...)
HKCU_SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} - "Ask Search" (hxxp://dl.ask.com/toolbarv/askRedirect.jsp?gct=&gc=1&q={searchTerms}&crm=1&toolb...)
HKLM_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "DVDVideoSoftTB Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
HKCU_Toolbar\WebBrowser|{1660B308-BECB-4062-890D-396B2FBBC8CA} (x)
HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (x)
HKCU_Toolbar\WebBrowser|{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} (C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll)
HKCU_Toolbar\WebBrowser|{B80F591E-FE9A-46CF-A13E-180377240586} (x)
HKCU_Toolbar\WebBrowser|{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} (x)
HKCU_Toolbar\WebBrowser|{00000000-0000-0000-0000-000000000000} (x)
HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (x)
HKCU_Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D} (x)
HKLM_Toolbar|{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} (x)
HKLM_Toolbar|{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} (C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll)
HKCU_ElevationPolicy\{34C449CB-417B-4096-9CE8-B436680D29CB} - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (x)
HKCU_ElevationPolicy\{5AFBB08A-E987-4862-965A-B87FEBB39022} - C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (x)
HKCU_ElevationPolicy\{606BFAD8-02FD-4F95-9B21-607F915C54D8} - C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (x)
HKCU_ElevationPolicy\{6792F547-B76C-4BB1-B48E-B423764BAE62} - C:\Windows\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe (x)
HKCU_ElevationPolicy\{6933CED2-DD90-465E-BDA1-2750C45DF11F} - C:\Program Files\Windows Live\Toolbar\wltuser.exe (x)
HKCU_ElevationPolicy\{6A5C27A2-A708-4C2E-9251-CBC7F0E15D09} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (x)
HKCU_ElevationPolicy\{933AC904-61DC-49B0-AAA7-9FFDC5A9B8C5} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe (x)
HKCU_ElevationPolicy\{95E38363-2EA6-4FF6-80C0-13EAD096E6BC} - C:\Program Files\DVDVideoSoft\DVDVideoSoftToolbarHelper.exe (x)
HKCU_ElevationPolicy\{AF77B319-C406-45BA-8891-FE19C47E0A16} - C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (x)
HKCU_ElevationPolicy\{D0B6B43B-4EDB-4977-BA7F-542FAE76F5E1} - C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (x)
HKCU_ElevationPolicy\{DCFA3C2F-9EEF-48BF-B881-5DECBB134A0B} - C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (x)
HKCU_ElevationPolicy\{DD5C77F6-82B7-4392-A1D5-469E89A611EE} - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (x)
HKCU_ElevationPolicy\{DD92FBFC-CC23-4B76-9B38-CAC71CC25075} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe (x)
HKCU_ElevationPolicy\{DFF79872-3D15-47F0-90E2-DB3F83D12C41} - C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe (x)
HKCU_ElevationPolicy\{F552C82C-9A15-4F67-9DB1-F5AA66F24D5D} - C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe (x)
HKLM_ElevationPolicy\0534e8b3-f6fb-4a90-9f62-e84b21e8650c - C:\Program Files\DVDVideoSoft\DVDVideoSoftToolbarHelper.exe (x)
HKLM_ElevationPolicy\597cb2c8-25f4-4f58-9764-cef6298c9481 - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\80d49492-aee6-4654-a060-32d30ad5c38a - C:\Program Files\Softonic_France_FF\Softonic_France_FFToolbarHelper.exe (x)
HKLM_ElevationPolicy\a8673e6a-8c77-41fd-ab5a-90a0bdd1a7ef - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\ad2a88a0-3fa9-4ab8-b2ab-39d837772316 - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\b4beca4f-c3ea-41e0-9ad2-b7e3e5d30243 - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\c2f9f82a-c40a-433c-b266-a2e8e44be580 - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\c42ee2d0-5df1-4989-a1ae-748b56dc0271 - C:\Program Files\T0rrentBitch\T0rrentBitchToolbarHelper.exe (x)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\system32\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\system32\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{1F0358F6-8317-41D4-8E8E-14A1B5A0BEBE} - C:\Program Files\iGraal\iGraalHelper.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{F365CC6C-656A-4108-8CF0-16DF98696395} - C:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe (?)
HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "@C:\Windows\WindowsMobile\INetRepl.dll,-222" (C:\Windows\WindowsMobile\INetRepl.dll,210)
HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)
BHO\{0FB6A909-6086-458F-BD92-1F8EE10042A0} - "AC-Pro" (C:\Program Files\AutocompletePro\AutocompletePro.dll)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 06/06/2011 09:31:56 (24025 Octet(s))

Fin à: 09:32:38, 06/06/2011

============== E.O.F ==============
dan49
 
Messages: 31
Inscription: 26 Avr 2010, 13:33

Re: Des plages publicitaires s'ouvrent intempestivement

Messagede nickW » 06 Juin 2011, 21:58

Bonsoir,

As-tu vraiment désinstallé les logiciels comme demandé ci-dessus (Étape 1)?


Quelques nettoyages, nouvelle analyse OTL:

Étape 1: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image avast5!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Gestion des Agents avast!" et désactiver tous les agents de protection


Étape 2: Ad-Remover (de la TeamXscript), nettoyage
Faire un double clic sur le raccourci AD-R Image, sur le Bureau.

L'écran principal d'Ad-Remover s'affiche:
Image

Cliquer sur le bouton Nettoyer et confirmer en cliquant sur le bouton Oui Image..

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer la fenêtre d'Ad-Remover en cliquant sur le bouton Quitter Image.
Fermer le Bloc-notes.


Étape 3: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 4: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image


Cocher (en haut) la case située devant Tous les utilisateurs:
Image

Puis cliquer sur le bouton Analyse:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 5: Résultat
Envoyer en réponse:
*- le rapport de nettoyage d'Ad-Remover (contenu du fichier %SystemDrive%\Ad-Report-CLEAN[n].txt, n étant un numéro d'ordre).
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End of report>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Des plages publicitaires s'ouvrent intempestivement

Messagede dan49 » 06 Juin 2011, 22:46

Bonjour NickW,
Je te remercie pour ta patience et je réponds à ta première question: J'ai en effet désinstallé tous les logiciels que tu m'as demandé, ils étaient tous visibles dans le logiciel de désinstallation de windows.
Pour ce qui est de l'état de mon ordinateur, je n'ai vu apparaître qu'une seule fois une page publictaire ce matin et depuis plus rien. Il s'agit d'une très nette amélioration. Je vais surveiiller demain et noter les anomalies.
Je te joins les rapports demandés:

Le rapport AD-R:

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 23:28:30 le 06/06/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium (X86)
Daniel@PC-DE-DANIEL (MICRO-STAR INTERNATIONAL CO.,LTD MS-7345)

============== ACTION(S) ==============

Service: "RelevantKnowledge" Stoppé et supprimé

Fichier supprimé: C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Fichier supprimé: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\mi3roy4r.default\searchplugins\askcom.xml
Dossier supprimé: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\mi3roy4r.default\conduit
Dossier supprimé: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\mi3roy4r.default\ConduitEngine
Dossier supprimé: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\mi3roy4r.default\extensions\engine@conduit.com
Fichier supprimé: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\mi3roy4r.default\searchplugins\conduit.xml
Dossier supprimé: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\mi3roy4r.default\extensions\@FissaPlugin
Fichier supprimé: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\mi3roy4r.default\searchplugins\fissa.xml
Dossier supprimé: C:\Users\Daniel\AppData\Local\Conduit
Dossier supprimé: C:\Users\Daniel\AppData\LocalLow\Conduit
Dossier supprimé: C:\Program Files\Conduit
Dossier supprimé: C:\Program Files\ConduitEngine
Dossier supprimé: C:\Program Files\AutocompletePro
Dossier supprimé: C:\Users\Daniel\AppData\Local\OpenCandy
Dossier supprimé: C:\Program Files\Search Settings
Dossier supprimé: C:\Users\Daniel\AppData\LocalLow\ShoppingReport2
Dossier supprimé: C:\Users\Daniel\AppData\Roaming\EoRezo
Dossier supprimé: C:\Users\Daniel\AppData\Local\EoRezo
Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EoRezo
Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuto
Dossier supprimé: C:\Users\Daniel\AppData\Roaming\OfferBox

(!) -- Fichiers temporaires supprimés.


-- Fichier ouvert: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\mi3roy4r.default\Prefs.js --
/!\ Impossible d'ouvrir le fichier, nettoyage interrompu /!\
-- Fichier Fermé --


Clé supprimée: HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
Clé supprimée: HKLM\Software\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé supprimée: HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
Clé supprimée: HKLM\Software\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Clé supprimée: HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Clé supprimée: HKLM\Software\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Clé supprimée: HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Clé supprimée: HKLM\Software\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Clé supprimée: HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Clé supprimée: HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Clé supprimée: HKLM\Software\Classes\AskToolBar.SettingsPlugin
Clé supprimée: HKLM\Software\Classes\AskToolBar.SettingsPlugin.1
Clé supprimée: HKLM\Software\Classes\BHO.iGraalBHO
Clé supprimée: HKLM\Software\Classes\BHO.iGraalBHO.1
Clé supprimée: HKLM\Software\Classes\Conduit.Engine
Clé supprimée: HKLM\Software\Classes\SuggestMeYes.SuggestMeYesBHO
Clé supprimée: HKLM\Software\Classes\SuggestMeYes.SuggestMeYesBHO.1
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2207610
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2269050
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2542115
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2626277
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2857573
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2866295
Clé supprimée: HKLM\Software\Classes\Toolbar.iGraalToolbar
Clé supprimée: HKLM\Software\Classes\Toolbar.iGraalToolbar.1
Clé supprimée: HKLM\Software\Classes\AppID\AutocompletePro.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Clé supprimée: HKLM\Software\Classes\AppID\BHO.dll
Clé supprimée: HKLM\Software\Classes\AppID\{F5BC53C9-AA01-4579-9927-EA50B636C820}
Clé supprimée: HKLM\Software\Classes\AppID\EoEngineBHO.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400}
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\OfferBox
Clé supprimée: HKCU\Software\AutocompleteProBHO
Clé supprimée: HKCU\Software\FissaSearch
Clé supprimée: HKCU\Software\OfferBox
Clé supprimée: HKCU\Software\AppDataLow\Software\ShoppingReport2
Clé supprimée: HKLM\Software\eRightSoft\OpenCandy
Clé supprimée: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A5C27A2-A708-4C2E-9251-CBC7F0E15D09}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1
Clé supprimée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom

Valeur supprimée: HKLM\Software\Mozilla\Firefox\Extensions|support@predictad.com
Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eoweather
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D}


============== SCAN ADDITIONNEL ==============

-- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\mi3roy4r.default --
Extensions\staged (?)
Extensions\support@predictad.com (AutocompletePro - Your handy search suggestions tool)
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1} (Softonic France FF Community Toolbar)
Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} (DVDVideoSoftTB Community Toolbar)
Searchplugins\search-results.xml (?)
Prefs.js - browser.download.dir, C:\\Users\\Daniel\\Downloads
Prefs.js - browser.download.lastDir, C:\\Users\\Daniel\\Desktop
Prefs.js - browser.search.defaultenginename, Search-Results
Prefs.js - browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
Prefs.js - browser.search.selectedEngine, Search-Results
Prefs.js - browser.startup.homepage, hxxp://getii.com/dvds
Prefs.js - browser.startup.homepage_override.buildID, 20110318052756
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0
Prefs.js - keyword.URL, hxxp://www.bing.com/search?FORM=IEFM1&q=
Prefs.js - browser.startup.homepage, hxxp://fr.msn.com/
Prefs.js - keyword.URL, hxxp://search.live.com/results.aspx?mkt ... =MIZWG0&q=
Prefs.js - browser.search.selectedEngine, Live Search

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01} - "Search-Results Search" (hxxp://websearch.search-results.com/red ... 5&src=cr...)
HKCU_Toolbar\WebBrowser|{1660B308-BECB-4062-890D-396B2FBBC8CA} (x)
HKCU_Toolbar\WebBrowser|{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} (C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll)
HKCU_Toolbar\WebBrowser|{B80F591E-FE9A-46CF-A13E-180377240586} (x)
HKCU_Toolbar\WebBrowser|{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} (x)
HKCU_Toolbar\WebBrowser|{00000000-0000-0000-0000-000000000000} (x)
HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (x)
HKLM_Toolbar|{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} (x)
HKLM_Toolbar|{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} (C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll)
HKCU_ElevationPolicy\{34C449CB-417B-4096-9CE8-B436680D29CB} - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (x)
HKCU_ElevationPolicy\{5AFBB08A-E987-4862-965A-B87FEBB39022} - C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (x)
HKCU_ElevationPolicy\{606BFAD8-02FD-4F95-9B21-607F915C54D8} - C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (x)
HKCU_ElevationPolicy\{6792F547-B76C-4BB1-B48E-B423764BAE62} - C:\Windows\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe (x)
HKCU_ElevationPolicy\{6933CED2-DD90-465E-BDA1-2750C45DF11F} - C:\Program Files\Windows Live\Toolbar\wltuser.exe (x)
HKCU_ElevationPolicy\{933AC904-61DC-49B0-AAA7-9FFDC5A9B8C5} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe (x)
HKCU_ElevationPolicy\{95E38363-2EA6-4FF6-80C0-13EAD096E6BC} - C:\Program Files\DVDVideoSoft\DVDVideoSoftToolbarHelper.exe (x)
HKCU_ElevationPolicy\{AF77B319-C406-45BA-8891-FE19C47E0A16} - C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (x)
HKCU_ElevationPolicy\{D0B6B43B-4EDB-4977-BA7F-542FAE76F5E1} - C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (x)
HKCU_ElevationPolicy\{DCFA3C2F-9EEF-48BF-B881-5DECBB134A0B} - C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (x)
HKCU_ElevationPolicy\{DD5C77F6-82B7-4392-A1D5-469E89A611EE} - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (x)
HKCU_ElevationPolicy\{DD92FBFC-CC23-4B76-9B38-CAC71CC25075} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe (x)
HKCU_ElevationPolicy\{DFF79872-3D15-47F0-90E2-DB3F83D12C41} - C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe (x)
HKCU_ElevationPolicy\{F552C82C-9A15-4F67-9DB1-F5AA66F24D5D} - C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe (x)
HKLM_ElevationPolicy\0534e8b3-f6fb-4a90-9f62-e84b21e8650c - C:\Program Files\DVDVideoSoft\DVDVideoSoftToolbarHelper.exe (x)
HKLM_ElevationPolicy\597cb2c8-25f4-4f58-9764-cef6298c9481 - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\80d49492-aee6-4654-a060-32d30ad5c38a - C:\Program Files\Softonic_France_FF\Softonic_France_FFToolbarHelper.exe (x)
HKLM_ElevationPolicy\a8673e6a-8c77-41fd-ab5a-90a0bdd1a7ef - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\ad2a88a0-3fa9-4ab8-b2ab-39d837772316 - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\b4beca4f-c3ea-41e0-9ad2-b7e3e5d30243 - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\c2f9f82a-c40a-433c-b266-a2e8e44be580 - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\c42ee2d0-5df1-4989-a1ae-748b56dc0271 - C:\Program Files\T0rrentBitch\T0rrentBitchToolbarHelper.exe (x)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\system32\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\system32\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{1F0358F6-8317-41D4-8E8E-14A1B5A0BEBE} - C:\Program Files\iGraal\iGraalHelper.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{F365CC6C-656A-4108-8CF0-16DF98696395} - C:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe (?)
HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "@C:\Windows\WindowsMobile\INetRepl.dll,-222" (C:\Windows\WindowsMobile\INetRepl.dll,210)
HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 246 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 06/06/2011 23:28:46 (13377 Octet(s))
C:\Ad-Report-SCAN[1].txt - 06/06/2011 09:31:56 (24164 Octet(s))

Fin à: 23:29:44, 06/06/2011

============== E.O.F ==============
dan49
 
Messages: 31
Inscription: 26 Avr 2010, 13:33

Re: Des plages publicitaires s'ouvrent intempestivement

Messagede dan49 » 06 Juin 2011, 22:50

Je te joins le rapport OTL.Txt:

OTL logfile created on: 06/06/2011 23:36:56 - Run 4
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Daniel\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,25% Memory free
4,00 Gb Paging File | 2,71 Gb Available in Paging File | 67,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 106,17 Gb Free Space | 45,59% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 704,22 Gb Free Space | 37,80% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 927,56 Gb Free Space | 99,58% Space Free | Partition Type: NTFS

Computer Name: PC-DE-DANIEL | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/05 17:19:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/20 08:03:56 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/05/19 10:03:07 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2011/03/26 06:17:14 | 000,562,176 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2011/03/23 17:26:22 | 000,392,192 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/25 18:36:38 | 000,082,944 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe
PRC - [2011/01/13 10:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/26 03:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/26 03:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/08/03 19:30:45 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/04/02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/24 19:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/03/02 20:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/09/12 17:38:50 | 000,358,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/09/12 17:38:46 | 000,661,160 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/09/12 17:38:16 | 005,081,912 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/20 08:07:04 | 000,955,712 | ---- | M] (SFR) -- C:\Program Files\SFR\Kit\9props.exe
PRC - [2009/06/04 00:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/06 16:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Volume Panel\VolPanlu.exe
PRC - [2006/10/11 13:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe


========== Modules (SafeList) ==========

MOD - [2011/06/05 17:19:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
MOD - [2011/01/13 10:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (MBC)
SRV - File not found [On_Demand | Stopped] -- -- (GCADNGNQ)
SRV - File not found [On_Demand | Stopped] -- -- (AZGCGQZ)
SRV - File not found [On_Demand | Stopped] -- -- (ALMYCN)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/18 12:14:27 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/03/26 06:17:14 | 000,562,176 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2011/01/13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/26 03:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/08/03 19:30:45 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/06/02 23:18:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/20 17:06:52 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/09/23 14:50:28 | 000,238,960 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2009/09/12 17:38:46 | 000,661,160 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/31 20:34:40 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/18 14:48:05 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2011/01/13 10:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 10:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 10:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 10:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 10:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/01/06 12:59:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/12/15 17:55:01 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/11/26 09:23:42 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/09/01 17:25:44 | 001,603,712 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2010/08/26 05:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/08/26 05:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/26 03:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/08/03 19:30:47 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/08/03 19:30:41 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV - [2010/08/03 19:30:39 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/11/01 10:45:34 | 000,028,000 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/09/23 14:53:20 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2009/09/02 11:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/26 22:39:24 | 000,659,592 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\Windows\System32\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/06/04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/10/24 08:12:36 | 000,308,640 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MicNgTun.sys -- (MicNgTun)
DRV - [2008/10/24 08:12:36 | 000,081,184 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MicNgBas.sys -- (MicNgBas)
DRV - [2008/10/24 08:12:36 | 000,079,904 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MicNgCap.sys -- (MicNgCap)
DRV - [2007/12/14 09:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3644966581-75328946-59165048-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Search-Results"
FF - prefs.js..browser.search.defaultenginename: "Search-Results"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic France FF Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2207610&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search-Results"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Search-Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://getii.com/dvds"
FF - prefs.js..extensions.enabledItems: reducbarre@reducbarre.com:1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {6d6b212b-2245-4898-8b16-9a11b81ff9e1}:2.7.2.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.startup.homepage: "http://fr.msn.com/"
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?mkt=fr-FR&FORM=MIZWG0&q="
FF - prefs.js..browser.search.selectedEngine: "Live Search"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/04/05 09:06:45 | 000,000,000 | ---D | M]

[2010/08/09 16:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions
[2011/06/06 23:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions
[2010/08/09 16:30:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/08 10:34:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/05 08:53:39 | 000,000,000 | ---D | M] (Softonic France FF Community Toolbar) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}
[2011/04/05 08:53:52 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/04/05 08:53:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/05 09:01:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\staged
[2010/08/09 16:30:07 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\support@predictad.com
[2009/12/07 09:50:51 | 000,002,171 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\searchplugins\bing.xml
[2011/01/06 13:03:47 | 000,002,055 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\searchplugins\daemon-search.xml
[2011/04/11 11:55:50 | 000,001,775 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\searchplugins\live-search.xml
[2011/03/20 23:35:16 | 000,003,295 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\searchplugins\search-results.xml
[2011/04/05 09:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/07 17:49:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 11:38:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/05 09:36:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/04 08:40:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/08/12 17:18:45 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/02/23 11:09:14 | 000,002,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchaudio.xml

O1 HOSTS File: ([2009/06/04 08:47:37 | 000,307,170 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10575 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..\Toolbar\WebBrowser: (no name) - {1660B308-BECB-4062-890D-396B2FBBC8CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Service Scheduler2 Acronis] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-3644966581-75328946-59165048-1000..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3644966581-75328946-59165048-1000\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/58.10/uploader2.cab (UploadListView Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.5.cab (DLM Control)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://www.ma-config.com/activex/MaConfig_3_5_3_0.cab (HardwareDetection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} https://static.impots.gouv.fr/tdir/stat ... .0.0.1.cab (AdSignerLCContrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} http://cabs.rte.fr/RteAllCabsMFC.cab (RteDocumatDoc Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/05/31 23:19:20 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/05/31 23:19:20 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/05/31 23:19:20 | 000,000,000 | RHSD | M] - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 20:53:53 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{5452DAD3-92A9-4C07-B452-2BD54AD0CEAD}
[2011/06/06 14:21:26 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Cyberlink
[2011/06/06 14:21:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\CyberLink PhotoDirector 2011
[2011/06/06 14:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2011/06/06 14:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2011/06/06 09:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2011/06/06 08:36:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{08A1D462-341F-4B35-BDE2-C1C968BFBC7E}
[2011/06/05 17:28:25 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Daniel\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/05 17:19:56 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2011/06/05 09:41:39 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{6349B85D-302B-40D1-BEC8-E65872996241}
[2011/06/04 15:05:12 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{581E38CD-2485-4EDE-ADC7-FA519EA4A469}
[2011/06/03 11:38:53 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{74C8AD08-6F92-4920-A816-1F1FC2039D16}
[2011/06/02 11:19:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{58FC68BA-D3EF-48E9-BB41-D4EF7BB4F225}
[2011/06/01 14:30:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{A283AD34-BA4B-4DEE-A15B-A3E5E96EE38B}
[2011/05/31 23:19:20 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2011/05/31 23:09:46 | 000,000,000 | ---D | C] -- C:\UsbFix
[2011/05/31 22:37:55 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{7336B61A-5B2F-4D33-B327-9F84C499A794}
[2011/05/31 08:13:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{15F1D13F-2453-4CD1-BFCD-D18EA7FAE696}
[2011/05/30 12:05:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{1A4796EA-EBF3-4685-8986-42B6610B9637}
[2011/05/29 23:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Google Chrome
[2011/05/29 23:14:37 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{1F5A0C1D-1B0A-4E87-910F-DF61CF73FA01}
[2011/05/29 08:27:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{FC7B4718-1C91-4E69-B1C3-1ED30F54CCB9}
[2011/05/28 13:39:54 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{77320DD5-C1D8-4A24-9081-379A5488BDCF}
[2011/05/27 22:59:22 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C94656F4-2BE5-4BEB-BCDB-71D20BFA0AAA}
[2011/05/27 10:49:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{09758500-1551-4D25-A2A3-8A709612B48B}
[2011/05/26 22:24:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{F72EBE46-8CD7-4827-9F38-B898E9DCB270}
[2011/05/26 18:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Google Earth
[2011/05/26 07:56:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{36569CB9-E184-4351-86C4-5DABAFBE18ED}
[2011/05/25 14:25:45 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{8F5475A4-4F9B-4DBA-AE66-1DAA36889048}
[2011/05/25 08:12:45 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/05/24 09:11:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{474AEB6F-61B7-4FD5-A433-39E25DEFC626}
[2011/05/23 19:33:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\gtk-2.0
[2011/05/23 19:33:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\.thumbnails
[2011/05/23 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\gegl-0.0
[2011/05/23 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Daniel\.gimp-2.6
[2011/05/23 14:17:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{8F0DCDFA-456E-4D2F-B5B1-EA605BBC0AD5}
[2011/05/22 23:35:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{0F5D71C8-D1C4-4C16-A88D-9A64DAA182BF}
[2011/05/22 08:42:39 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{88210974-C3FF-4B55-9E6C-54407B976735}
[2011/05/21 13:56:32 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D101FDA5-542B-4057-9A35-2E476F94B7B4}
[2011/05/20 23:09:07 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{60A70ADA-EA3F-4639-A78D-457D6F800E46}
[2011/05/19 23:50:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{467C9702-F3C9-4179-A697-9E1085745CE0}
[2011/05/19 13:42:07 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/05/19 10:03:07 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/18 23:25:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D2D08A21-2770-4F1B-A9D4-05F69C795733}
[2011/05/18 09:28:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{51B2F41F-1465-46DC-943B-8839417FD191}
[2011/05/17 12:25:39 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{BA4BF613-ABC1-4A23-8957-D1720BE32CC9}
[2011/05/16 22:28:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{FFA4A09D-CE4A-4C5A-80C3-E84F8F59E027}
[2011/05/13 23:13:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D332A073-C9C6-45B1-BA95-5E55D00D9637}
[2011/05/13 09:40:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{BBAAC572-7252-424F-991B-2ECAF8F763BD}
[2011/05/12 13:59:06 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{1CE9CEEA-1E56-44AE-9C98-5EC02AD11154}
[2011/05/11 23:37:24 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{7FA7A2FE-DF47-4815-9F9D-A18171F9A262}
[2011/05/11 11:46:31 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/05/11 11:46:31 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011/05/11 11:46:29 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/05/11 11:46:29 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/05/10 23:33:58 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{9127690D-2D56-4216-B7BC-274131EB2DF7}
[2011/05/10 08:28:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C03FE8D1-C0DF-40A3-ADCC-C65B7ED3239C}
[2011/05/09 12:24:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{B8605DD3-6EF9-443D-9354-8CAF1ED3425D}
[2011/05/08 23:15:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{8C9D886B-6219-493F-8F64-FE2279ABBB73}
[2011/05/08 08:34:29 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{4A7C1CCF-A2D1-4173-A422-82B41EAFA479}
[2009/12/12 00:49:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Daniel\AppData\Roaming\pcouffin.sys
[2009/06/04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009/06/04 00:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/06 23:39:24 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 23:39:24 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 23:34:32 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/06/06 23:32:36 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/06 23:32:18 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/06/06 23:32:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/06 23:31:53 | 1610,059,776 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/06 23:31:08 | 000,055,828 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000006-00000000-00000001-00001102-00000005-00311102}.rfx
[2011/06/06 23:31:08 | 000,055,828 | ---- | M] () -- C:\Windows\System32\BMXState-{00000006-00000000-00000001-00001102-00000005-00311102}.rfx
[2011/06/06 23:31:08 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000006-00000000-00000001-00001102-00000005-00311102}.rfx
[2011/06/06 23:20:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/06 14:21:05 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PhotoDirector 2011.lnk
[2011/06/06 14:17:09 | 099,991,640 | ---- | M] () -- C:\Users\Daniel\Documents\CyberLink.v1730_36089_Spr_PTD110506-02.exe
[2011/06/06 09:31:37 | 000,001,793 | ---- | M] () -- C:\Users\Daniel\Desktop\AD-R.lnk
[2011/06/06 09:22:37 | 000,343,020 | ---- | M] () -- C:\Users\Daniel\Desktop\ToolBarSD.exe
[2011/06/06 09:21:08 | 000,002,242 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/06 09:19:10 | 000,001,484 | ---- | M] () -- C:\Users\Daniel\Desktop\AD-R - Raccourci.lnk
[2011/06/05 18:16:35 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/06/05 17:47:52 | 000,000,850 | ---- | M] () -- C:\Users\Daniel\Desktop\NTREGOPT.lnk
[2011/06/05 17:47:52 | 000,000,831 | ---- | M] () -- C:\Users\Daniel\Desktop\ERUNT.lnk
[2011/06/05 17:30:57 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/05 17:29:02 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Daniel\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/05 17:21:27 | 000,000,417 | ---- | M] () -- C:\Users\Daniel\Desktop\scan (1).zip
[2011/06/05 17:19:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2011/06/05 11:56:31 | 000,001,995 | ---- | M] () -- C:\Users\Daniel\Desktop\HijackThis.lnk
[2011/05/31 23:20:18 | 084,506,924 | ---- | M] () -- C:\UsbFix_Upload_Me_PC-DE-DANIEL.zip
[2011/05/31 23:03:19 | 000,001,516 | ---- | M] () -- C:\Users\Daniel\Desktop\UsbFix.exe - Raccourci.lnk
[2011/05/29 23:48:41 | 000,002,141 | ---- | M] () -- C:\Users\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/29 23:46:16 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/26 18:23:48 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/23 19:33:30 | 000,000,889 | ---- | M] () -- C:\Users\Daniel\.recently-used.xbel
[2011/05/22 09:12:09 | 000,000,176 | ---- | M] () -- C:\Users\Daniel\Desktop\Apprendre à faire des photos et à les retoucher 1point2vue.url
[2011/05/22 09:01:54 | 001,059,202 | ---- | M] () -- C:\Users\Daniel\Desktop\PremierPasEnPhoto.pdf
[2011/05/21 08:55:46 | 000,000,141 | ---- | M] () -- C:\Users\Daniel\Desktop\Gimp les tutoriaux the gimp.url
[2011/05/19 10:03:07 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/06 14:21:05 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PhotoDirector 2011.lnk
[2011/06/06 14:07:37 | 099,991,640 | ---- | C] () -- C:\Users\Daniel\Documents\CyberLink.v1730_36089_Spr_PTD110506-02.exe
[2011/06/06 09:31:37 | 000,001,793 | ---- | C] () -- C:\Users\Daniel\Desktop\AD-R.lnk
[2011/06/06 09:22:37 | 000,343,020 | ---- | C] () -- C:\Users\Daniel\Desktop\ToolBarSD.exe
[2011/06/06 09:19:10 | 000,001,484 | ---- | C] () -- C:\Users\Daniel\Desktop\AD-R - Raccourci.lnk
[2011/06/05 18:16:35 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/06/05 17:47:52 | 000,000,850 | ---- | C] () -- C:\Users\Daniel\Desktop\NTREGOPT.lnk
[2011/06/05 17:47:52 | 000,000,831 | ---- | C] () -- C:\Users\Daniel\Desktop\ERUNT.lnk
[2011/06/05 17:20:59 | 000,000,417 | ---- | C] () -- C:\Users\Daniel\Desktop\scan (1).zip
[2011/06/05 11:56:31 | 000,001,995 | ---- | C] () -- C:\Users\Daniel\Desktop\HijackThis.lnk
[2011/05/31 23:20:09 | 084,506,924 | ---- | C] () -- C:\UsbFix_Upload_Me_PC-DE-DANIEL.zip
[2011/05/31 23:03:19 | 000,001,516 | ---- | C] () -- C:\Users\Daniel\Desktop\UsbFix.exe - Raccourci.lnk
[2011/05/29 23:48:41 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/29 23:48:41 | 000,002,141 | ---- | C] () -- C:\Users\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/29 23:46:16 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/26 18:23:48 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/23 19:33:30 | 000,000,889 | ---- | C] () -- C:\Users\Daniel\.recently-used.xbel
[2011/05/22 09:12:09 | 000,000,176 | ---- | C] () -- C:\Users\Daniel\Desktop\Apprendre à faire des photos et à les retoucher 1point2vue.url
[2011/05/22 09:01:54 | 001,059,202 | ---- | C] () -- C:\Users\Daniel\Desktop\PremierPasEnPhoto.pdf
[2011/05/21 08:55:46 | 000,000,141 | ---- | C] () -- C:\Users\Daniel\Desktop\Gimp les tutoriaux the gimp.url
[2011/03/25 12:42:26 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/02/01 18:54:08 | 000,000,077 | ---- | C] () -- C:\Windows\MovieHunter.INI
[2010/11/24 09:49:05 | 000,005,037 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2010/11/24 00:33:29 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2010/08/15 14:56:38 | 000,131,072 | ---- | C] () -- C:\Windows\SNVerifyDLL.dll
[2010/07/09 18:19:18 | 000,001,057 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\vso_ts_preview.xml
[2010/06/16 15:22:56 | 000,219,348 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/06/16 00:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/04/26 09:01:43 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/04/14 10:56:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/02/20 13:08:46 | 000,000,775 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\WtvWatcher.settings
[2009/12/13 20:18:36 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/12 11:56:47 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/12/12 00:49:48 | 000,087,608 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\inst.exe
[2009/12/12 00:49:48 | 000,007,887 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\pcouffin.cat
[2009/12/12 00:49:48 | 000,001,144 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\pcouffin.inf
[2009/12/06 21:36:25 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2009/12/06 10:06:03 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2009/12/06 10:05:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2009/12/06 10:05:11 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/12/06 10:05:11 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/06 14:24:38 | 000,000,594 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\QuickZip45.ini
[2009/11/02 11:21:38 | 000,023,552 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/01 21:00:54 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/01 20:21:00 | 000,021,680 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/11/01 19:59:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/11/01 19:59:12 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/11/01 19:59:12 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/11/01 10:45:34 | 000,037,888 | ---- | C] () -- C:\Windows\System32\setupnt.dll
[2009/10/21 09:57:46 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/14 11:31:24 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2009/08/20 16:13:49 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll
[2009/08/03 17:22:40 | 000,031,007 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\UserTile.png
[2009/08/01 18:23:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/27 17:53:40 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/07/14 10:39:49 | 000,839,024 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2009/07/14 10:39:49 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2009/07/14 10:39:49 | 000,184,290 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2009/07/14 10:39:49 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,311,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,745,906 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,156,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009/06/04 00:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2009/06/04 00:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2009/06/04 00:36:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009/06/04 00:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009/05/27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009/02/18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/12/30 10:07:22 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2008/12/21 18:00:26 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/12/19 00:24:10 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIFRN.DLL
[2008/02/01 08:18:14 | 000,009,216 | ---- | C] () -- C:\Windows\System32\drivers\FlashSys.sys
[2007/09/20 12:33:52 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007/09/20 12:33:52 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/09/20 12:33:52 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2007/09/20 12:33:52 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2007/09/20 12:33:52 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007/09/20 12:33:52 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2007/09/20 12:33:52 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2007/09/20 12:33:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/09/20 12:33:52 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2007/09/20 12:33:52 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2007/09/20 12:33:52 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2007/09/20 12:33:52 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2007/09/20 12:33:52 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007/09/20 12:33:52 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2007/09/20 12:33:52 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2007/09/20 12:33:52 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/09/20 12:33:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2007/09/20 12:33:52 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2007/09/20 12:33:52 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2002/03/17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000104.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 845 bytes -> C:\Users\Daniel\Documents\Amazon_fr_ votre commande.eml:OECustomProperty
@Alternate Data Stream - 24 bytes -> C:\Windows:FDB1FA436426B802
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:0888F409
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:66633281
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:30FD0CBD
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:3440EB47
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C7D0F96D
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C1374ACE

< End of report >
dan49
 
Messages: 31
Inscription: 26 Avr 2010, 13:33

Re: Des plages publicitaires s'ouvrent intempestivement

Messagede nickW » 07 Juin 2011, 00:27

Re-

On continue ...


Étape 1: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image avast5!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Gestion des Agents avast!" et désactiver tous les agents de protection


Étape 2: SystemLook (de jpshortstuff)
Télécharger SystemLook depuis l'un des deux liens ci-dessous:
http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshor ... emLook.exe
Enregistrer ce fichier sur le Bureau.


Étape 3: SystemLook (de jpshortstuff)
Faire un clic droit sur SystemLook.exe situé sur le Bureau, puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'exécution de l'outil.

Sélectionner toutes les lignes ci-dessous comprises entre les deux lignes ------- (qu'il ne faut pas sélectionner), puis appuyer simultanément sur les touches Ctrl et C
Note importante: ne pas oublier de sélectionner le caractère "deux points" en début de première ligne.

-----------------------------------------------------

:comment

:dir
C:\Users\Daniel\AppData\Local\{6349B85D-302B-40D1-BEC8-E65872996241} /s
C:\Users\Daniel\AppData\Local\{581E38CD-2485-4EDE-ADC7-FA519EA4A469} /s
C:\Users\Daniel\AppData\Local\{74C8AD08-6F92-4920-A816-1F1FC2039D16} /s
C:\Users\Daniel\AppData\Local\{58FC68BA-D3EF-48E9-BB41-D4EF7BB4F225} /s
C:\Users\Daniel\AppData\Local\{A283AD34-BA4B-4DEE-A15B-A3E5E96EE38B} /s
C:\Users\Daniel\AppData\Local\{7336B61A-5B2F-4D33-B327-9F84C499A794} /s
C:\Users\Daniel\AppData\Local\{15F1D13F-2453-4CD1-BFCD-D18EA7FAE696} /s
C:\Users\Daniel\AppData\Local\{1A4796EA-EBF3-4685-8986-42B6610B9637} /s
C:\Users\Daniel\AppData\Local\{1F5A0C1D-1B0A-4E87-910F-DF61CF73FA01} /s
C:\Users\Daniel\AppData\Local\{FC7B4718-1C91-4E69-B1C3-1ED30F54CCB9} /s
C:\Users\Daniel\AppData\Local\{77320DD5-C1D8-4A24-9081-379A5488BDCF} /s
C:\Users\Daniel\AppData\Local\{C94656F4-2BE5-4BEB-BCDB-71D20BFA0AAA} /s
C:\Users\Daniel\AppData\Local\{09758500-1551-4D25-A2A3-8A709612B48B} /s
C:\Users\Daniel\AppData\Local\{F72EBE46-8CD7-4827-9F38-B898E9DCB270} /s
C:\Users\Daniel\AppData\Local\{36569CB9-E184-4351-86C4-5DABAFBE18ED} /s
C:\Users\Daniel\AppData\Local\{8F5475A4-4F9B-4DBA-AE66-1DAA36889048} /s
C:\Users\Daniel\AppData\Local\{474AEB6F-61B7-4FD5-A433-39E25DEFC626} /s


-----------------------------------------------------

Dans la petite fenêtre de SystemLook, faire un clic droit dans la zone blanche et choisir Coller.
Note: les lignes sélectionnées précédemment doivent avoir été recopiées dans la zone blanche de SystemLook - y compris le caractère "deux points" en début de première ligne.

Cliquer sur le bouton Look pour lancer la recherche.

Lorsque l'outil a terminé cette recherche, il y a ouverture d'une fenêtre du Bloc-notes.
Fermer le Bloc-notes.
Fermer SystemLook en cliquant sur le bouton Exit.


Étape 4: OTL (de OldTimer), correction

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Sélectionner toutes les lignes ci-dessous comprises entre les deux lignes ------- (qu'il ne faut pas sélectionner), puis appuyer simultanément sur les touches Ctrl et C
Note importante: ne pas oublier de sélectionner le caractère "deux points" en début de première ligne.

-----------------------------------------------------

:otl
FF - prefs.js..browser.search.defaultengine: "Search-Results"
FF - prefs.js..browser.search.defaultenginename: "Search-Results"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic France FF Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2207610&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search-Results"

FF - prefs.js..browser.search.selectedEngine: "Search-Results"
FF - prefs.js..browser.startup.homepage: "http://getii.com/dvds"
FF - prefs.js..extensions.enabledItems: reducbarre@reducbarre.com:1.1
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.1.0
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {6d6b212b-2245-4898-8b16-9a11b81ff9e1}:2.7.2.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
[2011/04/05 08:53:39 | 000,000,000 | ---D | M] (Softonic France FF Community Toolbar) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}
[2010/08/09 16:30:07 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\extensions\support@predictad.com
[2011/03/20 23:35:16 | 000,003,295 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mi3roy4r.default\searchplugins\search-results.xml
[2010/08/12 17:18:45 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.

:Files
C:\Users\Daniel\AppData\Roaming\Agence-Exclusive
C:\Users\Daniel\AppData\Roaming\FissaSearch
C:\Users\Daniel\AppData\Local\Agence-Exclusive

:Commands
[emptytemp]



-----------------------------------------------------

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: dan49.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.


Retourner dans la fenêtre de OTL, faire un clic droit dans la zone blanche sous "Personnalisation" Image et choisir Coller (les lignes sélectionnées ci-dessus doivent apparaître dans la zone "Personnalisation").

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 5: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 6: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Tous les utilisateurs: Image

Puis cliquer sur le bouton Analyse: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de SystemLook (contenu du fichier SystemLook.txt situé sur le Bureau)
*- le rapport de correction de OTL (contenu du fichier %SystemDrive%\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End of report>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 33 invités