Il y a actuellement 364 visiteurs
Mardi 05 Novembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

[Réglé] DECALAGE SON/IMAGE

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

[Réglé] DECALAGE SON/IMAGE

Message le 03 Déc 2010 20:08

Bonsoir,
voilà mon souci,j'ai un décalage entre le son et l'image notamment quand je joue au poker :wink: de plus mon pc rame a fond surtout les pagesweb j'ai lancer un scan spybot et il m'a trouvé pas mal de coockies.
Pourriez vous s'il vous plait jeter un oeil sur mon pc. D'avance merci
PS:pc portable AMD ATHLON 64
WINDOWS VISTA
LORAN59
Apprenti(e)
Apprenti(e)
 
Messages: 32
Inscription: 31 Oct 2010 21:26
 


Re: DECALAGE SON/IMAGE

Message le 03 Déc 2010 20:24

Bonsoir,

Suis ce petit tutoriel à fin de faciliter le travail aux Helpers .::ICI::.
Spybot n'es plus d'actualité désinstalle le et installe Mbam .::ICI::.
Avatar de l'utilisateur
DouDou9455
PC-Infopraticien
PC-Infopraticien
 
Messages: 9537
Inscription: 03 Nov 2007 17:50
Localisation: In Your Brain
 

Message le 03 Déc 2010 21:12

trés bonne remarque merci :oops:

EDIT :

Code: Tout sélectionner
OTL logfile created on: 03/12/2010 20:59:51 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\audrey\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101,78 Gb Total Space | 12,24 Gb Free Space | 12,02% Space Free | Partition Type: NTFS
 
Computer Name: PC-DE-AUDREY | User Name: audrey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/12/03 20:58:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\audrey\Downloads\OTL.exe
PRC - [2010/11/29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/29 17:42:14 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/10/28 17:51:29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/28 17:51:28 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/26 13:05:26 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\audrey\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2010/08/27 14:15:18 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/08/27 14:13:36 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010/08/17 12:39:03 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/17 12:38:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/17 12:38:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/01/14 21:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/07/20 21:31:47 | 000,082,005 | ---- | M] (Helper) -- C:\Windows\System32\gpcqwcxxwcfd.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/23 04:05:18 | 000,846,344 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/07/03 04:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/06/11 10:18:30 | 000,024,576 | ---- | M] () -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
PRC - [2008/04/06 21:42:36 | 000,034,040 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008/04/06 21:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/04 02:03:14 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/03/03 12:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/12/03 20:58:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\audrey\Downloads\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device)
SRV - File not found [Auto | Stopped] -- C:\Windows\System32\LEXBCES.EXE -- (LexBceS)
SRV - [2010/11/29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/10/12 15:53:37 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/08/27 14:13:36 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/08/27 14:10:46 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/08/17 12:39:03 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/17 12:38:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/20 21:31:47 | 000,082,005 | ---- | M] (Helper) [Auto | Running] -- C:\Windows\System32\gpcqwcxxwcfd.exe -- (mthglibqoipqmv)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/06/11 10:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/04/06 21:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/04 02:03:14 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/03 12:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgvmodem.sys -- (LGVMODEM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgbtbus.sys -- (lgbusenum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgbtport.sys -- (LgBttPort)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\audrey\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\audrey\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\lgandadb.sys -- (androidusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgandmodem.sys -- (ANDModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgandgps.sys -- (AndGps)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lganddiag.sys -- (AndDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgandbus.sys -- (Andbus)
DRV - [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/08/17 12:39:11 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/08/17 12:39:11 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/25 10:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/11/19 14:32:02 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/08/07 03:40:40 | 000,129,552 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008/07/28 08:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/04 07:35:38 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/07/03 10:03:48 | 002,152,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/01 06:16:38 | 000,388,096 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2008/06/11 10:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/06/10 11:54:36 | 000,123,904 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/28 14:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/02/22 04:50:48 | 000,198,064 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/30 10:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/30 10:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/04/17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/02 14:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3414321035-3588275162-2481999209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3414321035-3588275162-2481999209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3414321035-3588275162-2481999209-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "IMBooster4web-en Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: fsonlinescanner@f-secure.com:1.00
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=15627&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 17:51:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/22 10:09:23 | 000,000,000 | ---D | M]
 
[2009/02/16 20:18:56 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\mozilla\Extensions
[2010/12/03 17:54:48 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\mozilla\Firefox\Profiles\2xyb2lss.default\extensions
[2010/08/18 16:10:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\audrey\AppData\Roaming\mozilla\Firefox\Profiles\2xyb2lss.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/26 09:04:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\audrey\AppData\Roaming\mozilla\Firefox\Profiles\2xyb2lss.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/11/04 10:45:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\audrey\AppData\Roaming\mozilla\Firefox\Profiles\2xyb2lss.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/09 00:18:28 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\audrey\AppData\Roaming\mozilla\Firefox\Profiles\2xyb2lss.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/11/18 19:06:13 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\mozilla\Firefox\Profiles\2xyb2lss.default\extensions\ffxtlbr@babylon.com
[2010/03/03 16:47:17 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\mozilla\Firefox\Profiles\2xyb2lss.default\extensions\fsonlinescanner@f-secure.com
[2010/09/11 21:47:11 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\mozilla\Firefox\Profiles\2xyb2lss.default\extensions\personas@christopher.beard
[2010/11/18 18:56:12 | 000,005,201 | ---- | M] () -- C:\Users\audrey\AppData\Roaming\Mozilla\FireFox\Profiles\2xyb2lss.default\searchplugins\gfxtbsearch.xml
[2009/04/28 20:22:18 | 000,001,632 | ---- | M] () -- C:\Users\audrey\AppData\Roaming\Mozilla\FireFox\Profiles\2xyb2lss.default\searchplugins\live-search.xml
[2010/03/27 15:40:52 | 000,002,119 | ---- | M] () -- C:\Users\audrey\AppData\Roaming\Mozilla\FireFox\Profiles\2xyb2lss.default\searchplugins\MyStart Search.xml
[2010/11/03 10:29:46 | 000,002,306 | ---- | M] () -- C:\Users\audrey\AppData\Roaming\Mozilla\FireFox\Profiles\2xyb2lss.default\searchplugins\wot-safe-search.xml
[2010/10/27 11:39:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/27 11:39:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/27 11:39:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/30 12:46:24 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/11/18 18:56:11 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/07/30 12:46:24 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/07/30 12:46:24 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/07/30 12:46:24 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/07/30 12:46:24 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2010/10/22 14:40:52 | 000,000,794 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3414321035-3588275162-2481999209-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\EMACHINES\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: []  File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\audrey\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\audrey\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/22 15:00:11 | 000,000,004 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/12/03 20:57:17 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0957aea7-e345-11dd-9378-001eecc84c69}\Shell - "" = AutoRun
O33 - MountPoints2\{0957aea7-e345-11dd-9378-001eecc84c69}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/12/03 20:57:17 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2010/12/03 20:56:55 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010/12/01 14:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\Winamax Poker
[2010/11/18 19:15:39 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6FR.DLL
[2010/11/18 19:15:39 | 000,000,000 | ---D | C] -- C:\Users\audrey\AppData\Roaming\FreeVideoConverter
[2010/11/18 19:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\Free Video Converter
[2010/11/18 18:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2010/11/18 18:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabVideoConverter
[2010/11/18 18:03:23 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/11/10 16:35:00 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/11/09 11:16:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/11/09 10:43:59 | 000,000,000 | ---D | C] -- C:\Users\audrey\AppData\Roaming\DivX
[2010/11/08 21:09:42 | 000,000,000 | ---D | C] -- C:\Users\audrey\Documents\LG OSP
[2010/11/08 21:04:45 | 000,000,000 | ---D | C] -- C:\Users\audrey\Documents\LG PC Suite IV
[2010/11/08 21:04:45 | 000,000,000 | ---D | C] -- C:\Users\audrey\AppData\Local\LG Electronics
[2010/11/08 20:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/11/08 20:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/11/08 13:43:37 | 000,000,000 | ---D | C] -- C:\Users\audrey\Documents\DriverGenius
[2010/11/08 13:15:36 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdfcoinstaller01005.dll
[2010/11/08 13:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2010/11/08 13:10:12 | 000,000,000 | ---D | C] -- C:\GT540
[2010/11/08 13:04:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2010/11/08 13:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
[2010/11/08 12:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/12/03 20:40:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/03 19:43:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/03 19:43:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/03 18:55:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/03 15:48:42 | 000,681,658 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/12/03 15:48:42 | 000,598,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/03 15:48:42 | 000,127,840 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/12/03 15:48:42 | 000,105,284 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/03 15:43:00 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/12/03 15:42:58 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/02 13:47:43 | 000,093,696 | ---- | M] () -- C:\Users\audrey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/01 17:39:44 | 000,000,892 | ---- | M] () -- C:\Users\audrey\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/01 14:11:33 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\Winamax Poker.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/22 10:09:23 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/20 20:12:16 | 000,002,413 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2010/11/19 15:42:28 | 000,306,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/18 19:15:45 | 000,000,924 | ---- | M] () -- C:\Users\audrey\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk
[2010/11/18 19:15:45 | 000,000,900 | ---- | M] () -- C:\Users\audrey\Desktop\Free Video Converter.lnk
[2010/11/10 19:30:16 | 000,000,000 | ---- | M] () -- C:\Users\audrey\Documents\vlc-1.1.4-win32.exe
[2010/11/09 11:20:10 | 000,000,769 | ---- | M] () -- C:\Users\audrey\Desktop\LGMobile update.lnk
[2010/11/08 20:50:19 | 000,001,397 | ---- | M] () -- C:\Users\audrey\Desktop\DivX Movies.lnk
[2010/11/08 20:41:36 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/11/08 13:17:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_lgandadb_01005.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/11/18 19:15:45 | 000,000,924 | ---- | C] () -- C:\Users\audrey\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk
[2010/11/18 19:15:45 | 000,000,900 | ---- | C] () -- C:\Users\audrey\Desktop\Free Video Converter.lnk
[2010/11/08 20:50:19 | 000,001,397 | ---- | C] () -- C:\Users\audrey\Desktop\DivX Movies.lnk
[2010/11/08 13:17:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_lgandadb_01005.Wdf
[2010/11/08 13:09:16 | 000,000,769 | ---- | C] () -- C:\Users\audrey\Desktop\LGMobile update.lnk
[2010/11/08 13:04:07 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010/11/08 13:04:07 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010/06/29 05:34:58 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys
[2010/05/05 14:00:27 | 000,000,109 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010/02/21 20:39:06 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/30 20:01:22 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/11/23 00:53:17 | 000,000,674 | ---- | C] () -- C:\Windows\wininit.ini
[2009/10/21 22:38:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/04 11:49:08 | 000,024,206 | ---- | C] () -- C:\Users\audrey\AppData\Roaming\UserTile.png
[2009/01/27 17:48:39 | 000,012,619 | ---- | C] () -- C:\Windows\eck8324.dll
[2009/01/27 16:45:54 | 000,000,032 | ---- | C] () -- C:\Windows\System32\tgfsdsd.dll
[2009/01/18 13:18:56 | 000,000,000 | ---- | C] () -- C:\Users\audrey\AppData\Roaming\wklnhst.dat
[2008/12/16 16:10:44 | 000,093,696 | ---- | C] () -- C:\Users\audrey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/24 19:37:30 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/09/24 19:30:40 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/09/19 22:24:39 | 000,009,846 | ---- | C] () -- C:\Windows\System32\mswdn-oue.dll
[2008/08/25 21:55:54 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/08/25 21:55:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/08/25 13:03:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/08/25 13:03:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2007/02/07 16:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/09/13 15:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll
[2002/09/13 16:40:06 | 000,000,266 | ---- | C] () -- C:\Windows\System32\lxbkcoin.ini
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/01/30 20:01:52 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\Canneverbe Limited
[2009/02/05 15:44:00 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\F-Secure
[2010/11/18 19:47:29 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\FreeVideoConverter
[2010/03/14 20:34:43 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\igraal
[2010/03/25 16:06:12 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\LiveCAD3
[2010/11/18 13:09:46 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\Partouche
[2010/11/18 13:01:27 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\Partouche Poker
[2010/06/19 19:59:02 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\QUAD Utilities
[2009/01/18 13:19:00 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\Template
[2010/01/29 16:21:16 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\TuneUp Software
[2010/10/29 10:57:36 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\Uniblue
[2010/12/03 20:56:19 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\uTorrent
[2010/06/11 15:37:41 | 000,000,000 | ---D | M] -- C:\Users\audrey\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
[2010/12/02 22:55:25 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:8927A071

< End of report >


EDIT Bis :

Code: Tout sélectionner
OTL Extras logfile created on: 03/12/2010 20:59:51 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\audrey\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101,78 Gb Total Space | 12,24 Gb Free Space | 12,02% Space Free | Partition Type: NTFS
 
Computer Name: PC-DE-AUDREY | User Name: audrey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3414321035-3588275162-2481999209-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EB25F93-1EA9-430D-8382-77747EA23FE2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{49593C91-F350-4F44-8097-CDFF9BE54D95}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5F2C288E-EB1C-4E77-8666-5D0D3D45CE94}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AD9BB402-899F-4B5C-BEC6-D221BF31B662}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{294D3A99-81CF-4CD4-BA19-9E1FE1C73C5F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{2F3F9190-679A-4F2E-BD77-AAEF4E7228C0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4A681DF7-871D-4546-908E-15027009528C}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{53864352-6E09-478E-A0F5-C23B25A1A57C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{58345B82-0CB4-4DB2-9A1E-78ED67C2D8B8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{74C90EA4-AA11-4604-88D8-634024084FE7}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{78A9C1F2-489E-4D79-8100-55431DE3B3C2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{98206F32-5BE4-41F9-AB52-1F2AA5AE7A9C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A64703F0-4D85-4367-88D3-09F9329E9322}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{E99742A2-AA41-4925-B081-FE8668CF4727}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{FCF18725-B5BE-4D54-AFE1-5A1A3093EA65}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{FD381DE4-6E63-48AF-9C34-1A9CB1E17AAC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{FCA0ED86-D833-49E0-A1BD-7CA6B9363E78}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{53042930-C566-4C70-99F2-3369C3866946}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0214A441-A4AB-43A8-8DEF-2F73C5364673}" = Microsoft Works
"{08715547-A3E5-D54A-C7C3-84348C0624EE}" = Catalyst Control Center Localization Portuguese
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B473FE5-A37A-FAEC-375A-DF7FACB974C2}" = Catalyst Control Center Localization Swedish
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1985865F-013F-E7E0-64C1-D426A0AE2C8E}" = CCC Help Czech
"{1D25EB8B-61CD-2936-D6F6-596C9278F2F0}" = Catalyst Control Center InstallProxy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D7D0A-5696-F1AA-8967-C780DA8C3536}" = Catalyst Control Center Localization Chinese Traditional
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20385C16-2E18-7874-A4F6-68D0B14CFD2D}" = Catalyst Control Center Graphics Light
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{223CADD2-5E02-350D-C7D9-1092D38CF049}" = CCC Help Dutch
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{27E957E9-D6DF-1C12-EA88-81DDA54508FB}" = Catalyst Control Center Localization Italian
"{27FB1657-2F26-955B-34D3-381323E159B6}" = Catalyst Control Center Graphics Full Existing
"{2893110C-5623-20C0-4D99-4F717F16FC81}" = Catalyst Control Center Graphics Full New
"{29BC0BC3-CCC0-39C5-21F9-F17230F1F4F3}" = ccc-core-static
"{2B9FEAEC-EB33-99FE-B582-33A45D272F03}" = Catalyst Control Center Localization Russian
"{2D8E1E31-5B41-11C8-C88C-E69106AA5EC1}" = CCC Help Spanish
"{2E9A0D49-B758-638C-3639-896041E683F8}" = Catalyst Control Center Localization Finnish
"{31BAC22A-0717-F8CE-FC67-F74B57C71460}" = CCC Help German
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{3A2CC72F-DDE4-A81E-475D-DA286113652C}" = Catalyst Control Center Graphics Previews Vista
"{3AC21843-7DB1-8BF6-88AC-330BC2B7DA8E}" = CCC Help Japanese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{44454932-7EE9-2903-549F-45CFF97D2B82}" = CCC Help Korean
"{44D077C3-A31F-CD46-499B-7BF1D8B2C4ED}" = CCC Help Thai
"{463E4C5C-77EE-EBD6-7798-5FB2DB3DA5CC}" = CCC Help Danish
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47A0A904-290D-315F-F90D-8CCDA69B18F9}" = Catalyst Control Center Localization Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E4F8163-9889-4BAB-B2E7-DBAAE248C1EB}" = LG Android Driver
"{513BA0B0-248A-A705-89EF-866C4D3B86A7}" = Catalyst Control Center Localization Turkish
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{608E2E77-C78D-072A-28E2-71E62BF54592}" = Catalyst Control Center Localization Dutch
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6251545D-5058-CB7F-D93A-F87A192A4378}" = CCC Help Portuguese
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A0BE0CF-B901-4C81-B308-6C08B393C2AC}" = Catalyst Control Center Localization Hungarian
"{6FC25653-65CC-0B75-1C14-676342A15259}" = Catalyst Control Center Localization Chinese Standard
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73706EE4-90E4-A65B-40BD-86672156A626}" = Skins
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7766AA5D-3DB1-A633-92A2-0CA13E2568DD}" = CCC Help French
"{78386976-46A3-F5C3-36B4-98280F3B81E7}" = CCC Help Turkish
"{796F53F9-A098-3ED2-A4FC-E1C24430A243}" = Catalyst Control Center Localization Japanese
"{7B0A8F0E-3672-4DA5-9540-A8D0171C38D8}" = TuneUp Utilities Language Pack (fr-FR)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7ECB1FE2-408E-D314-D812-0FC3FA048C61}" = CCC Help Hungarian
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{7F9ADEE3-E5E0-34A5-345A-590BC90D4E33}" = CCC Help Italian
"{81E55AB8-83FC-C7D7-F599-B8C9AA9BD207}" = CCC Help Russian
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}" = Diner Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}" = Luxor
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}" = Build-a-lot
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11386547}" = Farm Frenzy
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE5A7A2-BC80-EFD3-6489-E92A2BCB1BF2}" = ccc-utility
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A2DB513F-A9AA-D30F-B00D-B6C3056F5608}" = Catalyst Control Center Localization Norwegian
"{A68341CE-7AB6-3984-420A-D197E6BB72E7}" = CCC Help Greek
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA5D6036-96DD-4613-BC59-3E00A23545C3}" = Winamax Poker
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français
"{ADF34BD2-879C-63EA-1C7E-2F2CDA9E5950}" = CCC Help Chinese Standard
"{AEEDFE42-D580-54D6-6947-E805FD5CECCB}" = CCC Help English
"{AF18FA75-1239-B316-AED9-08151CB34737}" = Catalyst Control Center Localization Korean
"{AF7AA100-3160-480B-DB62-BABE42A6B618}" = CCC Help Norwegian
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0C037F9-7BD7-6417-6ADF-A08EEC011AF0}" = CCC Help Swedish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD7D29B1-903C-45DB-2685-C154C17FDDA5}" = ATI Catalyst Install Manager
"{BF7AB326-92C8-C250-5B99-0DB96A2634D9}" = Catalyst Control Center Localization Greek
"{C17F7063-4BBC-EC05-4312-7F33DA5641E0}" = Catalyst Control Center Localization Spanish
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95159F2-6A71-C74D-855A-22943F1016C3}" = Catalyst Control Center Localization French
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D513B90E-92C9-2A48-044C-6F6264E5AF6A}" = Catalyst Control Center Core Implementation
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE8456-CCFE-46C0-8629-71CC507660FC}" = LG SP USB Driver
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B4B94E-AFE8-3635-857A-8AE7F90E9DDD}" = Catalyst Control Center Localization Thai
"{E863E701-B897-C5BC-5F9B-5F3E7484E81C}" = CCC Help Finnish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4D0FC65-E6D0-0AC3-F87B-06BF11435DE0}" = Catalyst Control Center Localization Czech
"{F719C40B-FDE9-402B-8F9C-2D47517DC813}" = Catalyst Control Center Localization German
"{F9015FF1-09EB-4A43-8E69-0136F890C656}" = CCC Help Chinese Traditional
"{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver
"{FC67D87A-ABDB-69BE-2988-3CDCCD84B211}" = Catalyst Control Center Localization Danish
"{FDD357D8-A4EB-1DBB-1CB2-74E9F259817B}" = CCC Help Polish
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Free Video Converter_is1" = Free Video Converter V 2.9
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"INFORAD MANAGER_is1" = INFORAD MANAGER 3.6
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"PcjC9-suv_is1" = All In One
"PokerStars" = PokerStars
"PokerStars.fr" = PokerStars.fr
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"Usbfix" = UsbFix By El Desaparecido & C_XX
"VLC media player" = VLC media player 1.0.3
"wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1" = Winamax Poker
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinLiveSuite" = Windows Live
"ZHPDiag_is1" = ZHPDiag 1.27
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-3414321035-3588275162-2481999209-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Partouche" = Partouche
"Partouche Poker" = Partouche Poker
"uTorrent" = µTorrent
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 09/11/2010 05:09:35 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksss.exe ».
Assembly
 dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 introuvable.  Utilisez sxstrace.exe pour un diagnostic détaillé.
 
Error - 09/11/2010 05:09:35 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksss.exe ».
Assembly
 dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 introuvable.  Utilisez sxstrace.exe pour un diagnostic détaillé.
 
Error - 09/11/2010 05:09:35 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksWP.exe ».
Assembly
 dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 introuvable.  Utilisez sxstrace.exe pour un diagnostic détaillé.
 
Error - 09/11/2010 05:09:35 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksWP.exe ».
Assembly
 dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 introuvable.  Utilisez sxstrace.exe pour un diagnostic détaillé.
 
Error - 09/11/2010 06:06:38 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksdb.exe ».
Assembly
 dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 introuvable.  Utilisez sxstrace.exe pour un diagnostic détaillé.
 
Error - 09/11/2010 06:06:38 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksdb.exe ».
Assembly
 dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 introuvable.  Utilisez sxstrace.exe pour un diagnostic détaillé.
 
Error - 09/11/2010 06:06:38 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksCal.exe ».
Assembly
 dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 introuvable.  Utilisez sxstrace.exe pour un diagnostic détaillé.
 
Error - 09/11/2010 06:06:38 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksss.exe ».
Assembly
 dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 introuvable.  Utilisez sxstrace.exe pour un diagnostic détaillé.
 
Error - 09/11/2010 06:06:38 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksss.exe ».
Assembly
 dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 introuvable.  Utilisez sxstrace.exe pour un diagnostic détaillé.
 
Error - 09/11/2010 06:06:38 | Computer Name = PC-de-audrey | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksWP.exe ».
Assembly
 dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
 introuvable.  Utilisez sxstrace.exe pour un diagnostic détaillé.
 
[ System Events ]
Error - 02/12/2010 04:35:25 | Computer Name = PC-de-audrey | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02/12/2010 04:35:25 | Computer Name = PC-de-audrey | Source = Service Control Manager | ID = 7001
Description =
 
Error - 02/12/2010 04:35:25 | Computer Name = PC-de-audrey | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02/12/2010 04:35:25 | Computer Name = PC-de-audrey | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02/12/2010 04:35:25 | Computer Name = PC-de-audrey | Source = Service Control Manager | ID = 7001
Description =
 
Error - 03/12/2010 10:42:59 | Computer Name = PC-de-audrey | Source = NETLOGON | ID = 3095
Description = Cet ordinateur est configuré en tant que membre d'un groupe de travail,
et
 non en tant que membre d'un domaine. Il n'est pas nécessaire  d'exécuter le service
 Accès réseau dans cette configuration.
 
Error - 03/12/2010 10:43:07 | Computer Name = PC-de-audrey | Source = Service Control Manager | ID = 7000
Description =
 
Error - 03/12/2010 10:43:07 | Computer Name = PC-de-audrey | Source = Service Control Manager | ID = 7001
Description =
 
Error - 03/12/2010 10:43:07 | Computer Name = PC-de-audrey | Source = Service Control Manager | ID = 7000
Description =
 
Error - 03/12/2010 10:43:07 | Computer Name = PC-de-audrey | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of repor


EDIT Ter :

merci pour les sujet similaire mais ca ne m'aide pas que puis je faire d'autre
Dernière édition par Skynet le 06 Déc 2010 00:00, édité 2 fois.
Raison: Messages fusionnés.
LORAN59
Apprenti(e)
Apprenti(e)
 
Messages: 32
Inscription: 31 Oct 2010 21:26
 

Re: DECALAGE SON/IMAGE

Message le 05 Déc 2010 00:20

Hello :)

Tu a une infection USB --> Worm.Mabezat on va tenter de la tué avec MBAM , si pas on va utiliser USBFix ;)

Installe:

Image Malwarebytes' Antimalware

*** Met-le à jour puis choisi, Exécuter un examen complet

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

Poste le rapport final.

*** il est conseillé de désactivé Tea-Timer si tu as Spybot-S&D juste le temps du scan.

Voici comment faire: Lancez Spybot-S&D, passez en Mode avancé via le Menu Mode (en haut) ? cliquez sur Oui--> choisissez Outils dans la barre de navigation sur la gauche -->Résident et là vous pouvez décocher les cases situées devant les deux outils.
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Message le 05 Déc 2010 05:53

merci de ton aide voici le rapport

Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.50
http://www.malwarebytes.org

Version de la base de données: 5245

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

05/12/2010 02:07:29
mbam-log-2010-12-05 (02-07-29).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 250016
Temps écoulé: 1 heure(s), 23 minute(s), 51 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Dernière édition par Skynet le 05 Déc 2010 23:55, édité 1 fois.
Raison: Balises [code] ajoutées, merci de lire les consignes en haut du sujet.
LORAN59
Apprenti(e)
Apprenti(e)
 
Messages: 32
Inscription: 31 Oct 2010 21:26
 

Re: DECALAGE SON/IMAGE

Message le 05 Déc 2010 19:14

Hello , on va utiliser USBFix .

Télécharge USBFix

Et suit se TUTO

Poste moi le rapport ;)
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Message le 05 Déc 2010 19:55

bonsoir del-crosseur voici le rapport

Code: Tout sélectionner
############################## | UsbFix 7.035 | [Recherche]

Utilisateur: audrey (Administrateur) # PC-DE-AUDREY [eMachines eMachines E620]
Mis à jour le 05/12/10 par El Desaparecido / C_XX
Lancé à 19:51:07 | 05/12/2010
Site Web: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org

CPU: AMD Athlon(tm) Processor 2650e
Microsoft® Windows Vista™ Édition Familiale Basique  (6.0.6002 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.18975

Pare-feu Windows: Activé
RAM -> 1789 Mo
C:\ (%systemdrive%) -> Disque fixe # 102 Go (11 Go libre(s) - 11%) [OS] # NTFS
D:\ -> CD-ROM

################## | Éléments infectieux |



################## | Registre |


################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{0957aea7-e345-11dd-9378-001eecc84c69}
Shell\AutoRun\Command = F:\LaunchU3.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{b6c38f21-3789-11df-a8fd-001eecc84c69}
Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RtJeuD.Exe

HKCU\.\.\.\.\Explorer\MountPoints2\{e56966ff-3eff-11df-ab13-001eecc84c69}
Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RtJEud.EXE
Dernière édition par Skynet le 05 Déc 2010 23:55, édité 1 fois.
Raison: Balises [code] ajoutées, merci de lire les consignes en haut du sujet.
LORAN59
Apprenti(e)
Apprenti(e)
 
Messages: 32
Inscription: 31 Oct 2010 21:26
 

Re: DECALAGE SON/IMAGE

Message le 05 Déc 2010 21:07

re, Mabezat est un virus assez coriace ... et difficile à Supprimer dans certains cas comme le notre...
:S

On va essayer avec ComBofix vu qu'avec MBAM et USBFix sa n'a pas fonctionner.
Si pas ; j'ai d'autres solutions.. ;)

Télécharge ComBoFix de sUBs sur ton Bureau et pas ailleurs!

-Désactive les logiciels de protection (Antivirus, Antispywares).

-Double-clic sur combofix.exe, accepte la licence d'utilisation et laisse toi guider.

-Si l'installation de la console de récupération t'es proposée <-- Accepte là.

-Lorsque Combofix travaillera , ne clique pas sur le fenêtre , il pourrait y avoir un Gel du programme...

-Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.

Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuie sur la touche entrée du clavier.
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Message le 05 Déc 2010 22:49

voici

Code: Tout sélectionner
ComboFix 10-12-04.02 - audrey 05/12/2010  22:23:11.1.1 - x86
Microsoft® Windows Vista™ Édition Familiale Basique   6.0.6002.2.1252.33.1036.18.1789.973 [GMT 1:00]
Lancé depuis: c:\users\audrey\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((   Fichiers créés du 2010-11-05 au 2010-12-05  ))))))))))))))))))))))))))))))))))))
.

2010-12-03 19:56 . 2010-12-05 18:53   --------   d-----w-   C:\UsbFix
2010-12-03 14:51 . 2010-11-10 04:33   6273872   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C6047C4-AD7C-485B-972C-8B017C20A9F0}\mpengine.dll
2010-12-01 13:11 . 2010-12-01 13:11   --------   d-----w-   c:\program files\Winamax Poker
2010-11-24 05:33 . 2010-10-19 04:27   7680   ----a-w-   c:\program files\Internet Explorer\iecompat.dll
2010-11-18 18:15 . 2010-11-18 18:47   --------   d-----w-   c:\users\audrey\AppData\Roaming\FreeVideoConverter
2010-11-18 18:15 . 2010-11-18 18:15   --------   d-----w-   c:\program files\Free Video Converter
2010-11-18 18:15 . 2009-06-19 17:51   119568   ----a-w-   c:\windows\system32\VB6FR.DLL
2010-11-18 17:10 . 2010-11-18 18:04   --------   d-----w-   c:\program files\Babylon
2010-11-18 17:10 . 2010-11-18 18:13   --------   d-----w-   c:\program files\FoxTabVideoConverter
2010-11-10 15:35 . 2010-11-10 15:35   --------   d-sh--w-   c:\windows\system32\%APPDATA%
2010-11-10 15:24 . 2010-10-07 11:37   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2010-11-09 10:27 . 2004-04-18 22:40   69715   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2010-11-09 10:27 . 2004-04-18 22:39   266240   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2010-11-09 10:27 . 2004-04-18 22:39   172032   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2010-11-09 10:27 . 2010-11-09 10:27   180356   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2010-11-09 10:27 . 2004-04-18 22:42   733184   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2010-11-09 10:27 . 2004-04-18 22:39   5632   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2010-11-09 10:27 . 2010-11-09 10:27   303236   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2010-11-09 09:43 . 2010-11-09 09:43   --------   d-----w-   c:\users\audrey\AppData\Roaming\DivX
2010-11-08 20:04 . 2010-11-09 10:03   --------   d-----w-   c:\users\audrey\AppData\Local\LG Electronics
2010-11-08 19:51 . 2010-11-09 10:01   --------   d-----w-   c:\program files\Common Files\PX Storage Engine
2010-11-08 19:50 . 2010-11-09 10:06   --------   d-----w-   c:\program files\DivX
2010-11-08 12:15 . 2010-01-11 09:29   1419232   ----a-w-   c:\windows\system32\wdfcoinstaller01005.dll
2010-11-08 12:14 . 2010-11-09 10:30   --------   d-----w-   c:\program files\LG Electronics
2010-11-08 12:10 . 2010-11-09 10:21   --------   d-----w-   C:\GT540
2010-11-08 12:04 . 2006-05-04 07:33   53248   ----a-w-   c:\windows\system32\CommonDL.dll
2010-11-08 12:04 . 2005-10-04 00:39   44544   ----a-w-   c:\windows\system32\msxml4a.dll
2010-11-08 12:03 . 2010-11-08 12:09   --------   d-----w-   c:\programdata\LGMOBILEAX
2010-11-08 11:58 . 2010-11-08 11:58   --------   d-----w-   c:\programdata\PC Drivers HeadQuarters
2010-11-06 10:37 . 2010-11-06 10:37   103864   ----a-w-   c:\program files\Mozilla Firefox\plugins\nppdf32.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:42 . 2009-02-04 18:04   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 16:42 . 2009-02-04 18:04   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-11-01 19:11 . 2010-11-01 19:11   2560   ----a-w-   c:\windows\_MSRSTRT.EXE
2010-10-27 10:39 . 2010-10-27 10:39   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2010-10-19 09:41 . 2009-10-19 12:54   222080   ------w-   c:\windows\system32\MpSigStub.exe
2010-09-22 22:47 . 2010-09-22 22:47   49016   ----a-w-   c:\windows\system32\sirenacm.dll
2010-09-13 13:56 . 2010-10-13 18:34   8147456   ----a-w-   c:\windows\system32\wmploc.DLL
2010-09-08 06:01 . 2010-10-22 14:22   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-22 14:22   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-22 14:22   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-22 14:22   71680   ----a-w-   c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-22 14:22   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-22 14:22   385024   ----a-w-   c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-22 14:22   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-22 14:22   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-23 846344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"WarReg_PopUp"="c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe" [2008-05-09 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2010-09-27 391096]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-11-29 443728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^audrey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\users\audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 135664]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [x]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 Andbus;LGE Android Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x]
R3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x]
R3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x]
R3 ANDModem;LGE Android USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-07-01 388096]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-11-29 363344]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-08-27 1051968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-29 20952]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 18:10]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 18:10]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\audrey\AppData\Roaming\Mozilla\Firefox\Profiles\2xyb2lss.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=15627&q=
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Personas: personas@christopher.beard - c:\users\audrey\AppData\Roaming\Mozilla\Firefox\Profiles\2xyb2lss.default\extensions\personas@christopher.beard
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\audrey\AppData\Roaming\Mozilla\Firefox\Profiles\2xyb2lss.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\users\audrey\AppData\Roaming\Mozilla\Firefox\Profiles\2xyb2lss.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\audrey\AppData\Roaming\Mozilla\Firefox\Profiles\2xyb2lss.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - c:\users\audrey\AppData\Roaming\Mozilla\Firefox\Profiles\2xyb2lss.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 22:36
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3160)
c:\progra~1\SPYBOT~1\SDHelper.dll
.
Heure de fin: 2010-12-05  22:40:35
ComboFix-quarantined-files.txt  2010-12-05 21:40

Avant-CF: 11 210 514 432 octets libres
Après-CF: 12 081 520 640 octets libres

- - End Of File - - 2D419AB91706D92E346BC9F9E59A927D
Dernière édition par Skynet le 05 Déc 2010 23:54, édité 1 fois.
Raison: Balises [code] ajoutées, merci de lire les consignes en haut du sujet.
LORAN59
Apprenti(e)
Apprenti(e)
 
Messages: 32
Inscription: 31 Oct 2010 21:26
 

Re: DECALAGE SON/IMAGE

Message le 06 Déc 2010 18:34

salut,

tu es toujours infecté, on va finir le nettoyage :wink:

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"
:files
C:\Windows\System32\gpcqwcxxwcfd.exe




:OTL
PRC - [2009/07/20 21:31:47 | 000,082,005 | ---- | M] (Helper) -- C:\Windows\System32\gpcqwcxxwcfd.exe
SRV - [2009/07/20 21:31:47 | 000,082,005 | ---- | M] (Helper) [Auto | Running] -- C:\Windows\System32\gpcqwcxxwcfd.exe -- (mthglibqoipqmv)
IE - HKU\S-1-5-21-3414321035-3588275162-2481999209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3414321035-3588275162-2481999209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
O4 - HKLM..\RunOnce: [] File not found
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:Commands
[emptytemp]
[EMPTYFLASH]
[PURITY]
[RESETHOSTS]


* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir "OTL.Txt"
* Copie et colle le rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés


ensuite,

rend toi sur Virus Total

une fois sur la page d'accueil....

1:Clique sur "Parcourir" > dans la fenêtre d'explorateur qui s'ouvre choisie le fichier a analyser et cliques sur "Ouvrir".

pour toi,c'est C:\Windows\eck8324.dll


2:Le chemin complet du fichier a analyser doit apparaitre dans la fenêtre

3:Cliques sur "Envoyer le fichier"

ensuite patiente le temps du scan et poste un copier/coller du rapport qui apparait à l'écran

Image
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Message le 06 Déc 2010 18:56

bonsoir et merci de prendre la suite jeanmimigab
voici OTL je t envoi la suite

Code: Tout sélectionner
All processes killed
========== FILES ==========
C:\Windows\System32\gpcqwcxxwcfd.exe moved successfully.
========== OTL ==========
No active process named gpcqwcxxwcfd.exe was found!
Service mthglibqoipqmv stopped successfully!
Service mthglibqoipqmv deleted successfully!
File C:\Windows\System32\gpcqwcxxwcfd.exe not found.
HKU\S-1-5-21-3414321035-3588275162-2481999209-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-3414321035-3588275162-2481999209-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
C:\Windows\msdownld.tmp folder deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: audrey
->Temp folder emptied: 379840 bytes
->Temporary Internet Files folder emptied: 492132 bytes
->Java cache emptied: 666227 bytes
->FireFox cache emptied: 95998734 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 62663 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes


EDIT :

j'espere que je ne me suis pas trompé voici


Code: Tout sélectionner
Virus Total    
Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
eck8324.dll
Submission date:
2010-12-06 17:59:00 (UTC)
Current status:
queued (#14) queued (#4) analysing finished
Result:
6/ 43 (14.0%)
   
VT Community

not reviewed
 Safety score: -
Compact
Print results
Antivirus    Version    Last Update    Result
AhnLab-V3   2010.12.06.01   2010.12.06   -
AntiVir   7.10.14.201   2010.12.06   -
Antiy-AVL   2.0.3.7   2010.12.06   -
Avast   4.8.1351.0   2010.12.06   -
Avast5   5.0.677.0   2010.12.06   -
AVG   9.0.0.851   2010.12.06   -
BitDefender   7.2   2010.12.06   -
CAT-QuickHeal   11.00   2010.12.06   -
ClamAV   0.96.4.0   2010.12.06   -
Command   5.2.11.5   2010.12.06   W32/Heuristic-MU2!Eldorado
Comodo   6970   2010.12.06   -
DrWeb   5.0.2.03300   2010.12.06   -
Emsisoft   5.0.0.50   2010.12.06   -
eSafe   7.0.17.0   2010.12.05   -
eTrust-Vet   36.1.8018   2010.12.05   -
F-Prot   4.6.2.117   2010.12.06   W32/Heuristic-MU2!Eldorado
F-Secure   9.0.16160.0   2010.12.06   -
Fortinet   4.2.254.0   2010.12.06   -
GData   21   2010.12.06   -
Ikarus   T3.1.1.90.0   2010.12.06   -
Jiangmin   13.0.900   2010.12.06   Trojan/BHO.ejp
K7AntiVirus   9.70.3174   2010.12.06   -
Kaspersky   7.0.0.125   2010.12.06   -
McAfee   5.400.0.1158   2010.12.06   Corrupt-AG!663AF49B196A
McAfee-GW-Edition   2010.1C   2010.12.06   -
Microsoft   1.6402   2010.12.06   -
NOD32   5679   2010.12.06   -
Norman   6.06.10   2010.12.06   W32/Bancos.AGQA
nProtect   2010-12-06.01   2010.12.06   -
Panda   10.0.2.7   2010.12.06   -
PCTools   7.0.3.5   2010.12.06   -
Prevx   3.0   2010.12.06   -
Rising   22.76.06.04   2010.12.06   -
Sophos   4.60.0   2010.12.06   -
SUPERAntiSpyware   4.40.0.1006   2010.12.06   -
Symantec   20101.2.0.161   2010.12.06   -
TheHacker   6.7.0.1.096   2010.12.06   W32/Behav-Heuristic-CorruptFile-EP
TrendMicro   9.120.0.1004   2010.12.06   -
TrendMicro-HouseCall   9.120.0.1004   2010.12.06   -
VBA32   3.12.14.2   2010.12.06   -
VIPRE   7535   2010.12.06   -
ViRobot   2010.12.6.4187   2010.12.06   -
VirusBuster   13.6.76.0   2010.12.06   -
Additional information
Show all
MD5   : 663af49b196a4aa18e617406168e6479
SHA1  : 1fda0c10cf041a0a32e319d33861571eb09cc61f
SHA256: 54a69f80a8f8f7683e42b866b81aaa426cfb2e9b4a1a6a64589e3f6944402b06
Dernière édition par Skynet le 07 Déc 2010 09:55, édité 2 fois.
Raison: Balises [code] ajoutées, merci de lire les consignes en haut du sujet. Et messages fusionnés.
LORAN59
Apprenti(e)
Apprenti(e)
 
Messages: 32
Inscription: 31 Oct 2010 21:26
 

Message le 06 Déc 2010 19:04

hello,

tu fais le scan virus total du fichier demander stp :wink:

oup on c'est croisés :lol:

EDIT :

ok,

clique droit sur ce fichier en rouge >> C:\Windows\eck8324.dll et choisis "supprimer" >> vide ta corbeille.

Si tu n'y arrive pas dis le moi :wink:
Dernière édition par Skynet le 07 Déc 2010 09:56, édité 1 fois.
Raison: Messages fusionnés.
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: DECALAGE SON/IMAGE

Message le 06 Déc 2010 19:09

lol c'est bon je l est copier dans la barre de recherche je l'est supprimé et vider la corbeille voila c'est fait
LORAN59
Apprenti(e)
Apprenti(e)
 
Messages: 32
Inscription: 31 Oct 2010 21:26
 

Re: DECALAGE SON/IMAGE

Message le 06 Déc 2010 19:24

J'ai un gros doute sur un dossier cacher qui est nommé comme une varialble d'environnement, fais cela stp...

Lance OTL, clique sur "Aucun" (à droite de "correction")

copie cette citation dans la fenêtre d'OTL
c:\windows\system32\%APPDATA%\*

et clique sur "Annalyse"

poste le rapport stp... :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Message le 06 Déc 2010 19:27

voila

Code: Tout sélectionner
OTL logfile created on: 06/12/2010 19:26:51 - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\audrey\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101,78 Gb Total Space | 3,79 Gb Free Space | 3,73% Space Free | Partition Type: NTFS
 
Computer Name: PC-DE-AUDREY | User Name: audrey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< c:\windows\system32\%APPDATA%\* >[/color]

< End of report
Dernière édition par Skynet le 07 Déc 2010 09:57, édité 1 fois.
Raison: Balises [code] ajoutées, merci de lire les consignes en haut du sujet.
LORAN59
Apprenti(e)
Apprenti(e)
 
Messages: 32
Inscription: 31 Oct 2010 21:26
 

Suivante


Sujets similaires

Message [Réglé] android auto
Bonjour Je possede un tel. samsung S7 . Je viens d'intaller android auto et chaque fois que je branche mon tel. sur mon vehicule , mon telephone me dit de mettre android à jour. En fouillant un peu sur le net j'ai cru voir que samsung avait arreté les mises à jour sur les S7 . Est ce vrai , sinon co ...
Réponses: 3

Message [Réglé] Mauvaise performance SSD NVME
Bonjour, j'ai un WDC PC SN530 SDBPNPZ-512G, et quand je fais des benchmark où je ne comprends rien, ils m'indiquent dès résultat pas terrible, y a t'il moyen d'arranger ça ?https://www.userbenchmark.com/UserRun/68904129Merci de votre aide.
Réponses: 5

Message récupération d'une image windows
Bonjour à tous !Après plusieurs jours (eh oui !) à tenter de sauver mon D.D. je l'ai en finale effacé avec Killdisk (6 h pour 1,5 To)...Je lui réinstalle Win 10 (c'est en cours)Quand il était en état j'avais créé une image disque et un backup sur un D.D. amovible.J'espère récupérer ma précédente in ...
Réponses: 8

Message [Réglè] HELP
Bonjour a tous,j'ai voulu désinstaller les pilotes AMD high définition audio device dans le gestionnaire croyant que les pilotes realtek prendraient la place j'ai redémarré mon PC et depuis je n'ai plus de son l?icône est affublée d'une belle croix rouge (aucun haut parleur ou casque n'est branché) ...
Réponses: 7

Message Son 5.1 [Réglé]
Bonjour,J'ouvre un autre post concernant mon souci de sortie son qui est désespérément figé sur "Stéréo". Mon PC Assemblé par mes soins possède une Carte Mère Gigabyte B550M DS3H "affublée" d'une carte Graphique AMD RX6600 Pulse. Mon PC est relié de ma carte graphique à mon TV à ...
Réponses: 3

Message [Réglé] Fenêtre intempestive Powershell au démarrage
Bonjour,Je m'ajoute à la longue liste des victimes de la fenêtre pop-up bleue qui s'ouvre et qui se ferme à chaque connexion de session, et quelques fois après.J'ai passé les antimalware et ESET... mais rien à faire.Je possède un Lenovo TrigKey AZW S3 en AMD Ryzen 7 qui tourne sur W11 64bits.je vous ...
Réponses: 11

Message [Réglé] Suite de mon sujet Démarrage PC parfois difficile
Bonjour,j'avais ouvert un sujet suite au démarrage très lent de mon PC. Votre aide m'a permis d'améliorer la situation mais ce n'est pas parfait (plus de 2 minutes avant la fenêtre de saisie du code d'accès Windows).On m'a conseillé de demander une désinfection. J'ai suivi la procédure et je joins l ...
Réponses: 12


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 16 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.