[Réglé] DECALAGE SON/IMAGE

LORAN59 · le 03 Déc 2010 20:08

Bonsoir,
voilà mon souci,j'ai un décalage entre le son et l'image notamment quand je joue au poker :wink:

de plus mon pc rame a fond surtout les pagesweb j'ai lancer un scan spybot et il m'a trouvé pas mal de coockies.
Pourriez vous s'il vous plait jeter un oeil sur mon pc. D'avance merci
PS:pc portable AMD ATHLON 64
WINDOWS VISTA

DouDou9455 · le 03 Déc 2010 20:24

Bonsoir,

Suis ce petit tutoriel à fin de faciliter le travail aux Helpers .::ICI::.
Spybot n'es plus d'actualité désinstalle le et installe Mbam .::ICI::.

Skynet · le 03 Déc 2010 21:12

trés bonne remarque merci :oops:

EDIT :

Code: Tout sélectionner: OTL logfile created on: 03/12/2010 20:59:51 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\audrey\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 101,78 Gb Total Space | 12,24 Gb Free Space | 12,02% Space Free | Partition Type: NTFS Computer Name: PC-DE-AUDREY | User Name: audrey | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/12/03 20:58:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\audrey\Downloads\OTL.exe PRC - [2010/11/29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/11/29 17:42:14 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010/10/28 17:51:29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010/10/28 17:51:28 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/10/26 13:05:26 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\audrey\AppData\Local\Temp\RtkBtMnt.exe PRC - [2010/08/27 14:15:18 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2010/08/27 14:13:36 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2010/08/17 12:39:03 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/08/17 12:38:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/08/17 12:38:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/01/14 21:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009/07/20 21:31:47 | 000,082,005 | ---- | M] (Helper) -- C:\Windows\System32\gpcqwcxxwcfd.exe PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008/07/23 04:05:18 | 000,846,344 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2008/07/03 04:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008/06/11 10:18:30 | 000,024,576 | ---- | M] () -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe PRC - [2008/04/06 21:42:36 | 000,034,040 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe PRC - [2008/04/06 21:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe PRC - [2008/04/04 02:03:14 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe PRC - [2008/03/03 12:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe PRC - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/12/03 20:58:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\audrey\Downloads\OTL.exe MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device) SRV - File not found [Auto | Stopped] -- C:\Windows\System32\LEXBCES.EXE -- (LexBceS) SRV - [2010/11/29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/10/12 15:53:37 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010/08/27 14:13:36 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010/08/27 14:10:46 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2010/08/17 12:39:03 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/08/17 12:38:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/07/20 21:31:47 | 000,082,005 | ---- | M] (Helper) [Auto | Running] -- C:\Windows\System32\gpcqwcxxwcfd.exe -- (mthglibqoipqmv) SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008/06/11 10:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService) SRV - [2008/04/06 21:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc) SRV - [2008/04/04 02:03:14 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc) SRV - [2008/03/03 12:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc) SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgvmodem.sys -- (LGVMODEM) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgbtbus.sys -- (lgbusenum) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgbtport.sys -- (LgBttPort) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\audrey\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\audrey\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\lgandadb.sys -- (androidusb) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgandmodem.sys -- (ANDModem) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgandgps.sys -- (AndGps) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lganddiag.sys -- (AndDiag) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgandbus.sys -- (Andbus) DRV - [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010/08/17 12:39:11 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010/08/17 12:39:11 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/06/17 14:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/02/25 10:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009/11/19 14:32:02 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008/08/07 03:40:40 | 000,129,552 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s) DRV - [2008/07/28 08:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008/07/04 07:35:38 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/07/03 10:03:48 | 002,152,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/07/01 06:16:38 | 000,388,096 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28.sys -- (netr28) DRV - [2008/06/11 10:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008/06/10 11:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/04/28 14:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2008/02/22 04:50:48 | 000,198,064 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008/01/30 10:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2008/01/30 10:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper) DRV - [2008/01/21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008/01/21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007/04/17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2006/11/02 14:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2006/11/02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3414321035-3588275162-2481999209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3414321035-3588275162-2481999209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3414321035-3588275162-2481999209-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "IMBooster4web-en Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: fsonlinescanner@f-secure.com:1.00 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.2 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4 FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=15627&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\ FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 17:51:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/22 10:09:23 | 000,000,000 | ---D | M] [2009/02/16 20:18:56 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\mozilla\Extensions [2010/12/03 17:54:48 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\mozilla\Firefox\Profiles\2xyb2lss.default\extensions [2010/08/18 16:10:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\audrey\AppData\Roaming\mozilla\Firefox\Profiles\2xyb2lss.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/10/26 09:04:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\audrey\AppData\Roaming\mozilla\Firefox\Profiles\2xyb2lss.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010/11/04 10:45:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\audrey\AppData\Roaming\mozilla\Firefox\Profiles\2xyb2lss.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/11/09 00:18:28 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\audrey\AppData\Roaming\mozilla\Firefox\Profiles\2xyb2lss.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010/11/18 19:06:13 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\mozilla\Firefox\Profiles\2xyb2lss.default\extensions\ffxtlbr@babylon.com [2010/03/03 16:47:17 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\mozilla\Firefox\Profiles\2xyb2lss.default\extensions\fsonlinescanner@f-secure.com [2010/09/11 21:47:11 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\mozilla\Firefox\Profiles\2xyb2lss.default\extensions\personas@christopher.beard [2010/11/18 18:56:12 | 000,005,201 | ---- | M] () -- C:\Users\audrey\AppData\Roaming\Mozilla\FireFox\Profiles\2xyb2lss.default\searchplugins\gfxtbsearch.xml [2009/04/28 20:22:18 | 000,001,632 | ---- | M] () -- C:\Users\audrey\AppData\Roaming\Mozilla\FireFox\Profiles\2xyb2lss.default\searchplugins\live-search.xml [2010/03/27 15:40:52 | 000,002,119 | ---- | M] () -- C:\Users\audrey\AppData\Roaming\Mozilla\FireFox\Profiles\2xyb2lss.default\searchplugins\MyStart Search.xml [2010/11/03 10:29:46 | 000,002,306 | ---- | M] () -- C:\Users\audrey\AppData\Roaming\Mozilla\FireFox\Profiles\2xyb2lss.default\searchplugins\wot-safe-search.xml [2010/10/27 11:39:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/10/27 11:39:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010/10/27 11:39:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/07/30 12:46:24 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2010/11/18 18:56:11 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml [2010/07/30 12:46:24 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/07/30 12:46:24 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2010/07/30 12:46:24 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/07/30 12:46:24 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2010/10/22 14:40:52 | 000,000,794 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3414321035-3588275162-2481999209-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics) O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\EMACHINES\WR_PopUp\WarReg_PopUp.exe (eMachines) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [] File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\audrey\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\audrey\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/10/22 15:00:11 | 000,000,004 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010/12/03 20:57:17 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ] O33 - MountPoints2\{0957aea7-e345-11dd-9378-001eecc84c69}\Shell - "" = AutoRun O33 - MountPoints2\{0957aea7-e345-11dd-9378-001eecc84c69}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/12/03 20:57:17 | 000,000,000 | RHSD | C] -- C:\Autorun.inf [2010/12/03 20:56:55 | 000,000,000 | ---D | C] -- C:\UsbFix [2010/12/01 14:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\Winamax Poker [2010/11/18 19:15:39 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6FR.DLL [2010/11/18 19:15:39 | 000,000,000 | ---D | C] -- C:\Users\audrey\AppData\Roaming\FreeVideoConverter [2010/11/18 19:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\Free Video Converter [2010/11/18 18:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon [2010/11/18 18:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabVideoConverter [2010/11/18 18:03:23 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2010/11/10 16:35:00 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2010/11/09 11:16:57 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010/11/09 10:43:59 | 000,000,000 | ---D | C] -- C:\Users\audrey\AppData\Roaming\DivX [2010/11/08 21:09:42 | 000,000,000 | ---D | C] -- C:\Users\audrey\Documents\LG OSP [2010/11/08 21:04:45 | 000,000,000 | ---D | C] -- C:\Users\audrey\Documents\LG PC Suite IV [2010/11/08 21:04:45 | 000,000,000 | ---D | C] -- C:\Users\audrey\AppData\Local\LG Electronics [2010/11/08 20:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine [2010/11/08 20:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010/11/08 13:43:37 | 000,000,000 | ---D | C] -- C:\Users\audrey\Documents\DriverGenius [2010/11/08 13:15:36 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdfcoinstaller01005.dll [2010/11/08 13:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics [2010/11/08 13:10:12 | 000,000,000 | ---D | C] -- C:\GT540 [2010/11/08 13:04:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll [2010/11/08 13:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX [2010/11/08 12:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/12/03 20:40:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/12/03 19:43:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/12/03 19:43:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/12/03 18:55:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/12/03 15:48:42 | 000,681,658 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2010/12/03 15:48:42 | 000,598,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/12/03 15:48:42 | 000,127,840 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2010/12/03 15:48:42 | 000,105,284 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/12/03 15:43:00 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2010/12/03 15:42:58 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/12/02 13:47:43 | 000,093,696 | ---- | M] () -- C:\Users\audrey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/01 17:39:44 | 000,000,892 | ---- | M] () -- C:\Users\audrey\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2010/12/01 14:11:33 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\Winamax Poker.lnk [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/11/22 10:09:23 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/11/20 20:12:16 | 000,002,413 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini [2010/11/19 15:42:28 | 000,306,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/11/18 19:15:45 | 000,000,924 | ---- | M] () -- C:\Users\audrey\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk [2010/11/18 19:15:45 | 000,000,900 | ---- | M] () -- C:\Users\audrey\Desktop\Free Video Converter.lnk [2010/11/10 19:30:16 | 000,000,000 | ---- | M] () -- C:\Users\audrey\Documents\vlc-1.1.4-win32.exe [2010/11/09 11:20:10 | 000,000,769 | ---- | M] () -- C:\Users\audrey\Desktop\LGMobile update.lnk [2010/11/08 20:50:19 | 000,001,397 | ---- | M] () -- C:\Users\audrey\Desktop\DivX Movies.lnk [2010/11/08 20:41:36 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010/11/08 13:17:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_lgandadb_01005.Wdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/11/18 19:15:45 | 000,000,924 | ---- | C] () -- C:\Users\audrey\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk [2010/11/18 19:15:45 | 000,000,900 | ---- | C] () -- C:\Users\audrey\Desktop\Free Video Converter.lnk [2010/11/08 20:50:19 | 000,001,397 | ---- | C] () -- C:\Users\audrey\Desktop\DivX Movies.lnk [2010/11/08 13:17:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_lgandadb_01005.Wdf [2010/11/08 13:09:16 | 000,000,769 | ---- | C] () -- C:\Users\audrey\Desktop\LGMobile update.lnk [2010/11/08 13:04:07 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2010/11/08 13:04:07 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2010/06/29 05:34:58 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys [2010/05/05 14:00:27 | 000,000,109 | ---- | C] () -- C:\Windows\Lexstat.ini [2010/02/21 20:39:06 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/01/30 20:01:22 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009/11/23 00:53:17 | 000,000,674 | ---- | C] () -- C:\Windows\wininit.ini [2009/10/21 22:38:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/05/04 11:49:08 | 000,024,206 | ---- | C] () -- C:\Users\audrey\AppData\Roaming\UserTile.png [2009/01/27 17:48:39 | 000,012,619 | ---- | C] () -- C:\Windows\eck8324.dll [2009/01/27 16:45:54 | 000,000,032 | ---- | C] () -- C:\Windows\System32\tgfsdsd.dll [2009/01/18 13:18:56 | 000,000,000 | ---- | C] () -- C:\Users\audrey\AppData\Roaming\wklnhst.dat [2008/12/16 16:10:44 | 000,093,696 | ---- | C] () -- C:\Users\audrey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/09/24 19:37:30 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008/09/24 19:30:40 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008/09/19 22:24:39 | 000,009,846 | ---- | C] () -- C:\Windows\System32\mswdn-oue.dll [2008/08/25 21:55:54 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008/08/25 21:55:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008/08/25 13:03:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008/08/25 13:03:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2007/02/07 16:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005/09/13 15:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll [2002/09/13 16:40:06 | 000,000,266 | ---- | C] () -- C:\Windows\System32\lxbkcoin.ini [2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [color=#E56717]========== LOP Check ==========[/color] [2010/01/30 20:01:52 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\Canneverbe Limited [2009/02/05 15:44:00 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\F-Secure [2010/11/18 19:47:29 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\FreeVideoConverter [2010/03/14 20:34:43 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\igraal [2010/03/25 16:06:12 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\LiveCAD3 [2010/11/18 13:09:46 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\Partouche [2010/11/18 13:01:27 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\Partouche Poker [2010/06/19 19:59:02 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\QUAD Utilities [2009/01/18 13:19:00 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\Template [2010/01/29 16:21:16 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\TuneUp Software [2010/10/29 10:57:36 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\Uniblue [2010/12/03 20:56:19 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\uTorrent [2010/06/11 15:37:41 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1 [2010/12/02 22:55:25 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:8927A071 < End of report >

EDIT Bis :

Code: Tout sélectionner: OTL Extras logfile created on: 03/12/2010 20:59:51 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\audrey\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 101,78 Gb Total Space | 12,24 Gb Free Space | 12,02% Space Free | Partition Type: NTFS Computer Name: PC-DE-AUDREY | User Name: audrey | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3414321035-3588275162-2481999209-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0EB25F93-1EA9-430D-8382-77747EA23FE2}" = lport=2869 | protocol=6 | dir=in | app=system | "{49593C91-F350-4F44-8097-CDFF9BE54D95}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{5F2C288E-EB1C-4E77-8666-5D0D3D45CE94}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{AD9BB402-899F-4B5C-BEC6-D221BF31B662}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{294D3A99-81CF-4CD4-BA19-9E1FE1C73C5F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{2F3F9190-679A-4F2E-BD77-AAEF4E7228C0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{4A681DF7-871D-4546-908E-15027009528C}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{53864352-6E09-478E-A0F5-C23B25A1A57C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{58345B82-0CB4-4DB2-9A1E-78ED67C2D8B8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{74C90EA4-AA11-4604-88D8-634024084FE7}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{78A9C1F2-489E-4D79-8100-55431DE3B3C2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{98206F32-5BE4-41F9-AB52-1F2AA5AE7A9C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{A64703F0-4D85-4367-88D3-09F9329E9322}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{E99742A2-AA41-4925-B081-FE8668CF4727}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{FCF18725-B5BE-4D54-AFE1-5A1A3093EA65}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{FD381DE4-6E63-48AF-9C34-1A9CB1E17AAC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "TCP Query User{FCA0ED86-D833-49E0-A1BD-7CA6B9363E78}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{53042930-C566-4C70-99F2-3369C3866946}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0214A441-A4AB-43A8-8DEF-2F73C5364673}" = Microsoft Works "{08715547-A3E5-D54A-C7C3-84348C0624EE}" = Catalyst Control Center Localization Portuguese "{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B473FE5-A37A-FAEC-375A-DF7FACB974C2}" = Catalyst Control Center Localization Swedish "{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{1985865F-013F-E7E0-64C1-D426A0AE2C8E}" = CCC Help Czech "{1D25EB8B-61CD-2936-D6F6-596C9278F2F0}" = Catalyst Control Center InstallProxy "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1F7D7D0A-5696-F1AA-8967-C780DA8C3536}" = Catalyst Control Center Localization Chinese Traditional "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20385C16-2E18-7874-A4F6-68D0B14CFD2D}" = Catalyst Control Center Graphics Light "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "{223CADD2-5E02-350D-C7D9-1092D38CF049}" = CCC Help Dutch "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{27E957E9-D6DF-1C12-EA88-81DDA54508FB}" = Catalyst Control Center Localization Italian "{27FB1657-2F26-955B-34D3-381323E159B6}" = Catalyst Control Center Graphics Full Existing "{2893110C-5623-20C0-4D99-4F717F16FC81}" = Catalyst Control Center Graphics Full New "{29BC0BC3-CCC0-39C5-21F9-F17230F1F4F3}" = ccc-core-static "{2B9FEAEC-EB33-99FE-B582-33A45D272F03}" = Catalyst Control Center Localization Russian "{2D8E1E31-5B41-11C8-C88C-E69106AA5EC1}" = CCC Help Spanish "{2E9A0D49-B758-638C-3639-896041E683F8}" = Catalyst Control Center Localization Finnish "{31BAC22A-0717-F8CE-FC67-F74B57C71460}" = CCC Help German "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{3A2CC72F-DDE4-A81E-475D-DA286113652C}" = Catalyst Control Center Graphics Previews Vista "{3AC21843-7DB1-8BF6-88AC-330BC2B7DA8E}" = CCC Help Japanese "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra "{44454932-7EE9-2903-549F-45CFF97D2B82}" = CCC Help Korean "{44D077C3-A31F-CD46-499B-7BF1D8B2C4ED}" = CCC Help Thai "{463E4C5C-77EE-EBD6-7798-5FB2DB3DA5CC}" = CCC Help Danish "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{47A0A904-290D-315F-F90D-8CCDA69B18F9}" = Catalyst Control Center Localization Polish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4E4F8163-9889-4BAB-B2E7-DBAAE248C1EB}" = LG Android Driver "{513BA0B0-248A-A705-89EF-866C4D3B86A7}" = Catalyst Control Center Localization Turkish "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{608E2E77-C78D-072A-28E2-71E62BF54592}" = Catalyst Control Center Localization Dutch "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{6251545D-5058-CB7F-D93A-F87A192A4378}" = CCC Help Portuguese "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A0BE0CF-B901-4C81-B308-6C08B393C2AC}" = Catalyst Control Center Localization Hungarian "{6FC25653-65CC-0B75-1C14-676342A15259}" = Catalyst Control Center Localization Chinese Standard "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73706EE4-90E4-A65B-40BD-86672156A626}" = Skins "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7766AA5D-3DB1-A633-92A2-0CA13E2568DD}" = CCC Help French "{78386976-46A3-F5C3-36B4-98280F3B81E7}" = CCC Help Turkish "{796F53F9-A098-3ED2-A4FC-E1C24430A243}" = Catalyst Control Center Localization Japanese "{7B0A8F0E-3672-4DA5-9540-A8D0171C38D8}" = TuneUp Utilities Language Pack (fr-FR) "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7ECB1FE2-408E-D314-D812-0FC3FA048C61}" = CCC Help Hungarian "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management "{7F9ADEE3-E5E0-34A5-345A-590BC90D4E33}" = CCC Help Italian "{81E55AB8-83FC-C7D7-F599-B8C9AA9BD207}" = CCC Help Russian "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}" = Diner Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}" = Luxor "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}" = Build-a-lot "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11386547}" = Farm Frenzy "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CE5A7A2-BC80-EFD3-6489-E92A2BCB1BF2}" = ccc-utility "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007 "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007 "{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A2DB513F-A9AA-D30F-B00D-B6C3056F5608}" = Catalyst Control Center Localization Norwegian "{A68341CE-7AB6-3984-420A-D197E6BB72E7}" = CCC Help Greek "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA5D6036-96DD-4613-BC59-3E00A23545C3}" = Winamax Poker "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français "{ADF34BD2-879C-63EA-1C7E-2F2CDA9E5950}" = CCC Help Chinese Standard "{AEEDFE42-D580-54D6-6947-E805FD5CECCB}" = CCC Help English "{AF18FA75-1239-B316-AED9-08151CB34737}" = Catalyst Control Center Localization Korean "{AF7AA100-3160-480B-DB62-BABE42A6B618}" = CCC Help Norwegian "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B0C037F9-7BD7-6417-6ADF-A08EEC011AF0}" = CCC Help Swedish "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BD7D29B1-903C-45DB-2685-C154C17FDDA5}" = ATI Catalyst Install Manager "{BF7AB326-92C8-C250-5B99-0DB96A2634D9}" = Catalyst Control Center Localization Greek "{C17F7063-4BBC-EC05-4312-7F33DA5641E0}" = Catalyst Control Center Localization Spanish "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C95159F2-6A71-C74D-855A-22943F1016C3}" = Catalyst Control Center Localization French "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D513B90E-92C9-2A48-044C-6F6264E5AF6A}" = Catalyst Control Center Core Implementation "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2AE8456-CCFE-46C0-8629-71CC507660FC}" = LG SP USB Driver "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5B4B94E-AFE8-3635-857A-8AE7F90E9DDD}" = Catalyst Control Center Localization Thai "{E863E701-B897-C5BC-5F9B-5F3E7484E81C}" = CCC Help Finnish "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F4D0FC65-E6D0-0AC3-F87B-06BF11435DE0}" = Catalyst Control Center Localization Czech "{F719C40B-FDE9-402B-8F9C-2D47517DC813}" = Catalyst Control Center Localization German "{F9015FF1-09EB-4A43-8E69-0136F890C656}" = CCC Help Chinese Traditional "{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver "{FC67D87A-ABDB-69BE-2988-3CDCCD84B211}" = Catalyst Control Center Localization Danish "{FDD357D8-A4EB-1DBB-1CB2-74E9F259817B}" = CCC Help Polish "{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "Defraggler" = Defraggler "Free Video Converter_is1" = Free Video Converter V 2.9 "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "INFORAD MANAGER_is1" = INFORAD MANAGER 3.6 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "IrfanView" = IrfanView (remove only) "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "PcjC9-suv_is1" = All In One "PokerStars" = PokerStars "PokerStars.fr" = PokerStars.fr "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities" = TuneUp Utilities "Usbfix" = UsbFix By El Desaparecido & C_XX "VLC media player" = VLC media player 1.0.3 "wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1" = Winamax Poker "WBFS Manager 3.0" = WBFS Manager 3.0 "WinLiveSuite" = Windows Live "ZHPDiag_is1" = ZHPDiag 1.27 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3414321035-3588275162-2481999209-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Partouche" = Partouche "Partouche Poker" = Partouche Poker "uTorrent" = µTorrent [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 09/11/2010 05:09:35 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785 Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksss.exe ». Assembly dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error - 09/11/2010 05:09:35 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785 Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksss.exe ». Assembly dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error - 09/11/2010 05:09:35 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785 Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksWP.exe ». Assembly dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error - 09/11/2010 05:09:35 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785 Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksWP.exe ». Assembly dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error - 09/11/2010 06:06:38 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785 Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksdb.exe ». Assembly dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error - 09/11/2010 06:06:38 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785 Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksdb.exe ». Assembly dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error - 09/11/2010 06:06:38 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785 Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksCal.exe ». Assembly dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error - 09/11/2010 06:06:38 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785 Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksss.exe ». Assembly dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error - 09/11/2010 06:06:38 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785 Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksss.exe ». Assembly dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error - 09/11/2010 06:06:38 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785 Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksWP.exe ». Assembly dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. [ System Events ] Error - 02/12/2010 04:35:25 | Computer Name = PC-de-audrey | Source = Service Control Manager | ID = 7000 Description = Error - 02/12/2010 04:35:25 | Computer Name = PC-de-audrey | Source = Service Control Manager | ID = 7001 Description = Error - 02/12/2010 04:35:25 | Computer Name = PC-de-audrey | Source = Service Control Manager | ID = 7000 Description = Error - 02/12/2010 04:35:25 | Computer Name = PC-de-audrey | Source = Service Control Manager | ID = 7000 Description = Error - 02/12/2010 04:35:25 | Computer Name = PC-de-audrey | Source = Service Control Manager | ID = 7001 Description = Error - 03/12/2010 10:42:59 | Computer Name = PC-de-audrey | Source = NETLOGON | ID = 3095 Description = Cet ordinateur est configuré en tant que membre d'un groupe de travail, et non en tant que membre d'un domaine. Il n'est pas nécessaire d'exécuter le service Accès réseau dans cette configuration. Error - 03/12/2010 10:43:07 | Computer Name = PC-de-audrey | Source = Service Control Manager | ID = 7000 Description = Error - 03/12/2010 10:43:07 | Computer Name = PC-de-audrey | Source = Service Control Manager | ID = 7001 Description = Error - 03/12/2010 10:43:07 | Computer Name = PC-de-audrey | Source = Service Control Manager | ID = 7000 Description = Error - 03/12/2010 10:43:07 | Computer Name = PC-de-audrey | Source = Service Control Manager | ID = 7000 Description = < End of repor

EDIT Ter :

merci pour les sujet similaire mais ca ne m'aide pas que puis je faire d'autre

Del-crosseur · le 05 Déc 2010 00:20

Hello

Tu a une infection USB --> Worm.Mabezat on va tenter de la tué avec MBAM , si pas on va utiliser USBFix

Installe:

Malwarebytes' Antimalware

*** Met-le à jour puis choisi, Exécuter un examen complet

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

Poste le rapport final.

*** il est conseillé de désactivé Tea-Timer si tu as Spybot-S&D juste le temps du scan.

Voici comment faire: Lancez Spybot-S&D, passez en Mode avancé via le Menu Mode (en haut) ? cliquez sur Oui--> choisissez Outils dans la barre de navigation sur la gauche -->Résident et là vous pouvez décocher les cases situées devant les deux outils.

Skynet · le 05 Déc 2010 05:53

merci de ton aide voici le rapport

Code: Tout sélectionner: Malwarebytes' Anti-Malware 1.50 http://www.malwarebytes.org Version de la base de données: 5245 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 05/12/2010 02:07:29 mbam-log-2010-12-05 (02-07-29).txt Type d'examen: Examen complet (C:\|D:\|) Elément(s) analysé(s): 250016 Temps écoulé: 1 heure(s), 23 minute(s), 51 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Del-crosseur · le 05 Déc 2010 19:14

Hello , on va utiliser USBFix .

Télécharge USBFix

Et suit se TUTO

Poste moi le rapport

Skynet · le 05 Déc 2010 19:55

bonsoir del-crosseur voici le rapport

Code: Tout sélectionner: ############################## | UsbFix 7.035 | [Recherche] Utilisateur: audrey (Administrateur) # PC-DE-AUDREY [eMachines eMachines E620] Mis à jour le 05/12/10 par El Desaparecido / C_XX Lancé à 19:51:07 | 05/12/2010 Site Web: http://www.teamxscript.org Contact: eldesaparecido@teamxscript.org CPU: AMD Athlon(tm) Processor 2650e Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-Bit) # Service Pack 2 Internet Explorer 8.0.6001.18975 Pare-feu Windows: Activé RAM -> 1789 Mo C:\ (%systemdrive%) -> Disque fixe # 102 Go (11 Go libre(s) - 11%) [OS] # NTFS D:\ -> CD-ROM ################## | Éléments infectieux | ################## | Registre | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{0957aea7-e345-11dd-9378-001eecc84c69} Shell\AutoRun\Command = F:\LaunchU3.exe HKCU\.\.\.\.\Explorer\MountPoints2\{b6c38f21-3789-11df-a8fd-001eecc84c69} Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RtJeuD.Exe HKCU\.\.\.\.\Explorer\MountPoints2\{e56966ff-3eff-11df-ab13-001eecc84c69} Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RtJEud.EXE

Del-crosseur · le 05 Déc 2010 21:07

re, Mabezat est un virus assez coriace ... et difficile à Supprimer dans certains cas comme le notre...
:S

On va essayer avec ComBofix vu qu'avec MBAM et USBFix sa n'a pas fonctionner.
Si pas ; j'ai d'autres solutions..

Télécharge ComBoFix de sUBs sur ton Bureau et pas ailleurs!

-Désactive les logiciels de protection (Antivirus, Antispywares).

-Double-clic sur combofix.exe, accepte la licence d'utilisation et laisse toi guider.

-Si l'installation de la console de récupération t'es proposée <-- Accepte là.

-Lorsque Combofix travaillera , ne clique pas sur le fenêtre , il pourrait y avoir un Gel du programme...

-Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.

Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuie sur la touche entrée du clavier.

Skynet · le 05 Déc 2010 22:49

voici

Code: Tout sélectionner: ComboFix 10-12-04.02 - audrey 05/12/2010 22:23:11.1.1 - x86 Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.1789.973 [GMT 1:00] Lancé depuis: c:\users\audrey\Downloads\ComboFix.exe SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-11-05 au 2010-12-05 )))))))))))))))))))))))))))))))))))) . 2010-12-03 19:56 . 2010-12-05 18:53 -------- d-----w- C:\UsbFix 2010-12-03 14:51 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C6047C4-AD7C-485B-972C-8B017C20A9F0}\mpengine.dll 2010-12-01 13:11 . 2010-12-01 13:11 -------- d-----w- c:\program files\Winamax Poker 2010-11-24 05:33 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2010-11-18 18:15 . 2010-11-18 18:47 -------- d-----w- c:\users\audrey\AppData\Roaming\FreeVideoConverter 2010-11-18 18:15 . 2010-11-18 18:15 -------- d-----w- c:\program files\Free Video Converter 2010-11-18 18:15 . 2009-06-19 17:51 119568 ----a-w- c:\windows\system32\VB6FR.DLL 2010-11-18 17:10 . 2010-11-18 18:04 -------- d-----w- c:\program files\Babylon 2010-11-18 17:10 . 2010-11-18 18:13 -------- d-----w- c:\program files\FoxTabVideoConverter 2010-11-10 15:35 . 2010-11-10 15:35 -------- d-sh--w- c:\windows\system32\%APPDATA% 2010-11-10 15:24 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2010-11-09 10:27 . 2004-04-18 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll 2010-11-09 10:27 . 2004-04-18 22:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll 2010-11-09 10:27 . 2004-04-18 22:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll 2010-11-09 10:27 . 2010-11-09 10:27 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll 2010-11-09 10:27 . 2004-04-18 22:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll 2010-11-09 10:27 . 2004-04-18 22:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe 2010-11-09 10:27 . 2010-11-09 10:27 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll 2010-11-09 09:43 . 2010-11-09 09:43 -------- d-----w- c:\users\audrey\AppData\Roaming\DivX 2010-11-08 20:04 . 2010-11-09 10:03 -------- d-----w- c:\users\audrey\AppData\Local\LG Electronics 2010-11-08 19:51 . 2010-11-09 10:01 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2010-11-08 19:50 . 2010-11-09 10:06 -------- d-----w- c:\program files\DivX 2010-11-08 12:15 . 2010-01-11 09:29 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll 2010-11-08 12:14 . 2010-11-09 10:30 -------- d-----w- c:\program files\LG Electronics 2010-11-08 12:10 . 2010-11-09 10:21 -------- d-----w- C:\GT540 2010-11-08 12:04 . 2006-05-04 07:33 53248 ----a-w- c:\windows\system32\CommonDL.dll 2010-11-08 12:04 . 2005-10-04 00:39 44544 ----a-w- c:\windows\system32\msxml4a.dll 2010-11-08 12:03 . 2010-11-08 12:09 -------- d-----w- c:\programdata\LGMOBILEAX 2010-11-08 11:58 . 2010-11-08 11:58 -------- d-----w- c:\programdata\PC Drivers HeadQuarters 2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-29 16:42 . 2009-02-04 18:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-29 16:42 . 2009-02-04 18:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-01 19:11 . 2010-11-01 19:11 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2010-10-27 10:39 . 2010-10-27 10:39 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-10-19 09:41 . 2009-10-19 12:54 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll 2010-09-13 13:56 . 2010-10-13 18:34 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2010-09-08 06:01 . 2010-10-22 14:22 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-08 05:57 . 2010-10-22 14:22 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-08 05:57 . 2010-10-22 14:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-08 05:56 . 2010-10-22 14:22 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-09-08 05:56 . 2010-10-22 14:22 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-09-08 05:04 . 2010-10-22 14:22 385024 ----a-w- c:\windows\system32\html.iec 2010-09-08 04:26 . 2010-10-22 14:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-09-08 04:25 . 2010-10-22 14:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-23 846344] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "WarReg_PopUp"="c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe" [2008-05-09 49152] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768] "B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2010-09-27 391096] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-11-29 443728] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKLM\~\startupfolder\C:^Users^audrey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk] path=c:\users\audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 135664] R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [x] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072] R3 Andbus;LGE Android Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x] R3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x] R3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x] R3 ANDModem;LGE Android USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x] R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x] R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x] R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x] R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x] R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-07-01 388096] R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336] S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-11-29 363344] S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-08-27 1051968] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-29 20952] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Tâches planifiées' 2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 18:10] 2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 18:10] . . ------- Examen supplémentaire ------- . mWindow Title = IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\audrey\AppData\Roaming\Mozilla\Firefox\Profiles\2xyb2lss.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627 FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=15627&q= FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Extension: Personas: personas@christopher.beard - c:\users\audrey\AppData\Roaming\Mozilla\Firefox\Profiles\2xyb2lss.default\extensions\personas@christopher.beard FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\audrey\AppData\Roaming\Mozilla\Firefox\Profiles\2xyb2lss.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\users\audrey\AppData\Roaming\Mozilla\Firefox\Profiles\2xyb2lss.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\audrey\AppData\Roaming\Mozilla\Firefox\Profiles\2xyb2lss.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Extension: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - c:\users\audrey\AppData\Roaming\Mozilla\Firefox\Profiles\2xyb2lss.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension ---- PARAMETRES FIREFOX ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: yahoo.homepage.dontask - true . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-05 22:36 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(3160) c:\progra~1\SPYBOT~1\SDHelper.dll . Heure de fin: 2010-12-05 22:40:35 ComboFix-quarantined-files.txt 2010-12-05 21:40 Avant-CF: 11 210 514 432 octets libres Après-CF: 12 081 520 640 octets libres - - End Of File - - 2D419AB91706D92E346BC9F9E59A927D

jeanmimigab · le 06 Déc 2010 18:34

salut,

tu es toujours infecté, on va finir le nettoyage :wink:

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:files
C:\Windows\System32\gpcqwcxxwcfd.exe

:OTL
PRC - [2009/07/20 21:31:47 | 000,082,005 | ---- | M] (Helper) -- C:\Windows\System32\gpcqwcxxwcfd.exe
SRV - [2009/07/20 21:31:47 | 000,082,005 | ---- | M] (Helper) [Auto | Running] -- C:\Windows\System32\gpcqwcxxwcfd.exe -- (mthglibqoipqmv)
IE - HKU\S-1-5-21-3414321035-3588275162-2481999209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3414321035-3588275162-2481999209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
O4 - HKLM..\RunOnce: [] File not found
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:Commands
[emptytemp]
[EMPTYFLASH]
[PURITY]
[RESETHOSTS]

* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir "OTL.Txt"
* Copie et colle le rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

ensuite,

rend toi sur Virus Total

une fois sur la page d'accueil....

1:Clique sur "Parcourir" > dans la fenêtre d'explorateur qui s'ouvre choisie le fichier a analyser et cliques sur "Ouvrir".

pour toi,c'est C:\Windows\eck8324.dll

2:Le chemin complet du fichier a analyser doit apparaitre dans la fenêtre

3:Cliques sur "Envoyer le fichier"

ensuite patiente le temps du scan et poste un copier/coller du rapport qui apparait à l'écran

Skynet · le 06 Déc 2010 18:56

bonsoir et merci de prendre la suite jeanmimigab
voici OTL je t envoi la suite

Code: Tout sélectionner: All processes killed ========== FILES ========== C:\Windows\System32\gpcqwcxxwcfd.exe moved successfully. ========== OTL ========== No active process named gpcqwcxxwcfd.exe was found! Service mthglibqoipqmv stopped successfully! Service mthglibqoipqmv deleted successfully! File C:\Windows\System32\gpcqwcxxwcfd.exe not found. HKU\S-1-5-21-3414321035-3588275162-2481999209-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully! HKU\S-1-5-21-3414321035-3588275162-2481999209-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found. C:\Windows\msdownld.tmp folder deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: audrey ->Temp folder emptied: 379840 bytes ->Temporary Internet Files folder emptied: 492132 bytes ->Java cache emptied: 666227 bytes ->FireFox cache emptied: 95998734 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 62663 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes

EDIT :

j'espere que je ne me suis pas trompé voici

Code: Tout sélectionner: Virus Total Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information... 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: eck8324.dll Submission date: 2010-12-06 17:59:00 (UTC) Current status: queued (#14) queued (#4) analysing finished Result: 6/ 43 (14.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.12.06.01 2010.12.06 - AntiVir 7.10.14.201 2010.12.06 - Antiy-AVL 2.0.3.7 2010.12.06 - Avast 4.8.1351.0 2010.12.06 - Avast5 5.0.677.0 2010.12.06 - AVG 9.0.0.851 2010.12.06 - BitDefender 7.2 2010.12.06 - CAT-QuickHeal 11.00 2010.12.06 - ClamAV 0.96.4.0 2010.12.06 - Command 5.2.11.5 2010.12.06 W32/Heuristic-MU2!Eldorado Comodo 6970 2010.12.06 - DrWeb 5.0.2.03300 2010.12.06 - Emsisoft 5.0.0.50 2010.12.06 - eSafe 7.0.17.0 2010.12.05 - eTrust-Vet 36.1.8018 2010.12.05 - F-Prot 4.6.2.117 2010.12.06 W32/Heuristic-MU2!Eldorado F-Secure 9.0.16160.0 2010.12.06 - Fortinet 4.2.254.0 2010.12.06 - GData 21 2010.12.06 - Ikarus T3.1.1.90.0 2010.12.06 - Jiangmin 13.0.900 2010.12.06 Trojan/BHO.ejp K7AntiVirus 9.70.3174 2010.12.06 - Kaspersky 7.0.0.125 2010.12.06 - McAfee 5.400.0.1158 2010.12.06 Corrupt-AG!663AF49B196A McAfee-GW-Edition 2010.1C 2010.12.06 - Microsoft 1.6402 2010.12.06 - NOD32 5679 2010.12.06 - Norman 6.06.10 2010.12.06 W32/Bancos.AGQA nProtect 2010-12-06.01 2010.12.06 - Panda 10.0.2.7 2010.12.06 - PCTools 7.0.3.5 2010.12.06 - Prevx 3.0 2010.12.06 - Rising 22.76.06.04 2010.12.06 - Sophos 4.60.0 2010.12.06 - SUPERAntiSpyware 4.40.0.1006 2010.12.06 - Symantec 20101.2.0.161 2010.12.06 - TheHacker 6.7.0.1.096 2010.12.06 W32/Behav-Heuristic-CorruptFile-EP TrendMicro 9.120.0.1004 2010.12.06 - TrendMicro-HouseCall 9.120.0.1004 2010.12.06 - VBA32 3.12.14.2 2010.12.06 - VIPRE 7535 2010.12.06 - ViRobot 2010.12.6.4187 2010.12.06 - VirusBuster 13.6.76.0 2010.12.06 - Additional information Show all MD5 : 663af49b196a4aa18e617406168e6479 SHA1 : 1fda0c10cf041a0a32e319d33861571eb09cc61f SHA256: 54a69f80a8f8f7683e42b866b81aaa426cfb2e9b4a1a6a64589e3f6944402b06

Skynet · le 06 Déc 2010 19:04

hello,

tu fais le scan virus total du fichier demander stp :wink:

oup on c'est croisés :lol:

EDIT :

ok,

clique droit sur ce fichier en rouge >> C:\Windows\eck8324.dll et choisis "supprimer" >> vide ta corbeille.

Si tu n'y arrive pas dis le moi :wink:

LORAN59 · le 06 Déc 2010 19:09

lol c'est bon je l est copier dans la barre de recherche je l'est supprimé et vider la corbeille voila c'est fait

jeanmimigab · le 06 Déc 2010 19:24

J'ai un gros doute sur un dossier cacher qui est nommé comme une varialble d'environnement, fais cela stp...

Lance OTL, clique sur "Aucun" (à droite de "correction")

copie cette citation dans la fenêtre d'OTL

c:\windows\system32\%APPDATA%\*

et clique sur "Annalyse"

poste le rapport stp... :wink:

Skynet · le 06 Déc 2010 19:27

voila

Code: Tout sélectionner: OTL logfile created on: 06/12/2010 19:26:51 - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\audrey\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 101,78 Gb Total Space | 3,79 Gb Free Space | 3,73% Space Free | Partition Type: NTFS Computer Name: PC-DE-AUDREY | User Name: audrey | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< c:\windows\system32\%APPDATA%\* >[/color] < End of report

[Réglé] DECALAGE SON/IMAGE

[Réglé] DECALAGE SON/IMAGE

Re: DECALAGE SON/IMAGE

Re: DECALAGE SON/IMAGE

Re: DECALAGE SON/IMAGE

Re: DECALAGE SON/IMAGE

Re: DECALAGE SON/IMAGE

Re: DECALAGE SON/IMAGE

Re: DECALAGE SON/IMAGE

Sujets similaires

Qui est en ligne