[Réglé] Infecté par Navipromo • page 2

[pierreyves258]

Oki

[pierreyves258]

Voila le rapport

Code: Tout sélectionner

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Version de la base de données: 5293

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/12/2010 15:51:22
mbam-log-2010-12-11 (15-51-22).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 409761
Temps écoulé: 39 minute(s), 11 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\7F5FV2VK\gibcom[1].dll (Adware.Gibmedia) -> Quarantined and deleted successfully.


Merci !

[Del-crosseur]

ok on va vérifier si il reste des infections

* Fais un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

C:\Documents and Settings\All Users\Application Data\UAB\*
C:\Documents and Settings\All Users\Application Data\UAB\*.exe /s
%APPDATA%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*.*

* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapports va s'ouvrir "OTL.Txt"
* Copie et colle les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

[pierreyves258]

voila le rapport

Code: Tout sélectionner

OTL logfile created on: 11/12/2010 19:44:37 - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Documents and Settings\Philippe\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
1 022,00 Mb Total Physical Memory | 483,00 Mb Available Physical Memory | 47,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 113,73 Gb Total Space | 20,55 Gb Free Space | 18,07% Space Free | Partition Type: FAT32
Drive D: | 114,22 Gb Total Space | 84,70 Gb Free Space | 74,15% Space Free | Partition Type: FAT32
 
Computer Name: ACER-MERLE | User Name: Philippe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Documents and Settings\Philippe\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Kodak\MediaImpression SE\ArcMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\system32\ServoApp.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Documents and Settings\Philippe\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe (Anuman Interactive)
PRC - C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Acer\Acer eMode Management\AspireService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Acer\Acer eConsole\MediaSync.exe (Acer Inc.)
PRC - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe (Acer Inc.)
PRC - C:\Program Files\Wanadoo\PollingModule.exe ()
PRC - C:\Program Files\Wanadoo\TaskBarIcon.exe (France Télécom R&D)
PRC - C:\WINDOWS\system32\FTRTSVC.exe (France Telecom)
PRC - C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe (Ulead Systems, Inc.)
PRC - C:\WINDOWS\system32\WISPTIS.EXE (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Documents and Settings\Philippe\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ACDaemon) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (Acer Media Server) -- C:\Program Files\Acer\Acer eConsole\MediaServerService.exe (Acer Inc.)
SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (FTRTSVC) -- C:\WINDOWS\system32\FTRTSVC.exe (France Telecom)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (Trufos) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys File not found
DRV - (Profos) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys File not found
DRV - (PCAMPR5) -- C:\WINDOWS\System32\PCAMPR5.SYS File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ALIWEHCD) -- C:\WINDOWS\system32\drivers\mfpec.sys (None)
DRV - (WUSBVBus) -- C:\WINDOWS\system32\drivers\mfpvbus.sys (None)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\System32\drivers\Changer.sys (Microsoft Corporation)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (eeCtrl) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (Camav) -- C:\WINDOWS\system32\drivers\Camav.sys (Samsung electronics, Inc)
DRV - (camflt) -- C:\WINDOWS\system32\drivers\camflt.sys (Devguru Corporation, Inc)
DRV - (SQTECH913D) -- C:\WINDOWS\system32\drivers\Capt913d.sys (Service & Quality Technology.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (SQTECH905C) -- C:\WINDOWS\system32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (UBHelper) -- C:\WINDOWS\System32\drivers\UBHelper.sys ()
DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (DCamUSBSTK013) -- C:\WINDOWS\system32\drivers\stk013w2.sys (Syntek Ltd.)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (Ca533av) Icatch(IV) -- C:\WINDOWS\system32\drivers\Ca533av.sys (Digital Camera)
DRV - (USBCamera) Icatch(IV) -- C:\WINDOWS\system32\drivers\Bulk533.sys (USB BULK)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 E9 AD 31 54 48 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Wanadoo\SearchPageURL.dll ()
IE - HKCU\..\URLSearchHook: {AEEC3B59-CA98-4EBA-A140-57B94E283583} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
 
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension [2009/06/27 19:13:50 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2008/12/21 15:54:08 | 000,290,333 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 9998 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (Orange)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (Orange)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression SE\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe (Acer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Controleur de calendrier pour Ulead Photo Express] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe (Acer Inc.)
O4 - HKLM..\Run: [MFP Manager] C:\Program Files\MFP Server\MFPAgent.exe File not found
O4 - HKLM..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Server Application] C:\WINDOWS\system32\ServoApp.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe File not found
O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\Wanadoo\Watch.exe (France Télécom R&D)
O4 - HKCU..\Run: [AnumanLive] C:\Documents and Settings\Philippe\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe (Anuman Interactive)
O4 - HKCU..\Run: [EPSON Stylus DX7000F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON Stylus SX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\STK013 PNP Monitor.lnk = C:\Program Files\STK013\STK013M.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BDARemote.lnk = C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
O4 - Startup: C:\Documents and Settings\Philippe\Menu Démarrer\Programmes\Démarrage\ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe (Ubi Soft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00  [binary data]
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.17\AMVConverter\grab.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O15 - HKCU\..Trusted Domains: orange.fr ([logicielsgratuits] http in Trusted sites)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} http://qp1.orion.education.fr/qp2.cab (QuickPlace Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {5A779DC0-837B-4590-AC42-C7C0847478C5} http://logicielsgratuits.orange.fr/download_service/Install/OrangeInstaller.cab (OrangeInstaller_ModuleIE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156283514093 (WUWebControl Class)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} http://webtv.guidetv.orange.fr/resources/OCS_8971.cab (FTMediaPlayer Class)
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} http://orange.securitoo.com/pchc/fscax.cab (F-Secure Health Check 1.1)
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Philippe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Philippe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/23 12:12:06 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/12/11 19:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Mes documents\microsoft imaging
[2010/12/11 16:10:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/11 16:10:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/11 16:10:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/11 13:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Application Data\Malwarebytes
[2010/12/11 13:40:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/11 13:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/11 13:40:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/11 13:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/11 13:34:01 | 007,622,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Philippe\Bureau\mbam-setup.exe
[2010/12/11 13:06:00 | 000,000,000 | ---D | C] -- C:\Navilog1
[2010/12/11 12:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2010/12/11 10:25:11 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\OTL.exe
[2010/12/06 16:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/12/06 15:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Local Settings\Application Data\ArcSoft
[2010/12/06 15:50:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010/12/06 15:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2010/12/06 15:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Application Data\ArcSoft
[2010/12/06 15:43:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2010/12/06 15:43:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dc210_32.dll
[2010/12/06 15:43:43 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2010/12/06 15:43:42 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2010/12/06 15:43:42 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dc210usd.dll
[2010/12/04 18:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Local Settings\Application Data\DOSBox
[2010/12/04 18:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74
[2010/12/04 18:06:21 | 001,448,809 | ---- | C] (DOSBox Team) -- C:\Documents and Settings\Philippe\Bureau\DOSBox0.74-win32-installer.exe
[2010/12/01 16:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Bureau\Lemmings (vrai ICI°
[2010/12/01 15:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Bureau\lemmings (FAUX demo)
[2010/11/23 18:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Bureau\Pascal
[2010/11/14 13:55:34 | 000,000,000 | -HSD | C] -- C:\FOUND.079
[2010/11/13 20:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Application Data\Avira
[2009/12/27 15:13:46 | 001,164,624 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-custom.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[533 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/12/11 19:34:46 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7F2F80B7-7154-4694-86E9-589AC889E5BD}.job
[2010/12/11 19:18:26 | 000,002,841 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\Microsoft Office Document Imaging.lnk
[2010/12/11 19:01:02 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/11 18:37:32 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2010/12/11 18:35:26 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\Microsoft Office Word 2003.lnk
[2010/12/11 16:08:14 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/12/11 16:02:20 | 000,000,682 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2010/12/11 16:01:00 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/11 16:00:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/11 16:00:34 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/11 13:40:32 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/12/11 13:34:02 | 007,622,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Philippe\Bureau\mbam-setup.exe
[2010/12/11 12:11:58 | 000,001,462 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\AD-R.lnk
[2010/12/11 10:25:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\OTL.exe
[2010/12/11 10:23:02 | 000,003,503 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\ggbmam.ggb
[2010/12/08 22:20:44 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\Nouveau Document Microsoft Word.doc
[2010/12/08 22:18:46 | 000,929,720 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\ds2.jpg
[2010/12/07 11:31:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/06 16:11:16 | 000,223,744 | ---- | M] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/06 16:01:38 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk
[2010/12/06 15:50:12 | 000,001,691 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Media Impression SE for Kodak.lnk
[2010/12/04 18:06:30 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DOSBox 0.74.lnk
[2010/12/04 18:06:22 | 001,448,809 | ---- | M] (DOSBox Team) -- C:\Documents and Settings\Philippe\Bureau\DOSBox0.74-win32-installer.exe
[2010/12/01 21:40:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\sauvegarde.job
[2010/12/01 16:26:14 | 000,396,495 | ---- | M] () -- C:\Documents and Settings\Philippe\Mes documents\Lemmings.zip
[2010/12/01 15:02:20 | 000,244,157 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\lemmings.zip
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/28 20:58:54 | 000,449,848 | ---- | M] () -- C:\Documents and Settings\Philippe\Mes documents\org166.pdf
[2010/11/28 20:56:18 | 000,435,606 | ---- | M] () -- C:\Documents and Settings\Philippe\Mes documents\org165.pdf
[2010/11/25 22:41:40 | 000,001,164 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\Meteo en France.lnk
[2010/11/25 22:41:40 | 000,001,164 | ---- | M] () -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Internet Explorer\Quick Launch\Meteo en France.lnk
[2010/11/24 21:52:38 | 000,051,754 | ---- | M] () -- C:\Documents and Settings\Philippe\Mes documents\org164.pdf
[2010/11/23 21:58:10 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\Nouveau Présentation Microsoft PowerPoint.ppt
[2010/11/23 19:01:18 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\Raccourci vers pymclaire.lnk
[2010/11/21 18:56:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/13 20:11:24 | 054,115,280 | ---- | M] () -- C:\Program Files\avira_antivir_personal_free.exe
[2010/11/12 18:33:00 | 000,165,956 | ---- | M] () -- C:\Documents and Settings\Philippe\Mes documents\anniv tet.pds
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[533 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/12/11 19:02:26 | 000,002,841 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\Microsoft Office Document Imaging.lnk
[2010/12/11 13:40:30 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/12/11 12:11:57 | 000,001,462 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\AD-R.lnk
[2010/12/11 10:23:01 | 000,003,503 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\ggbmam.ggb
[2010/12/08 22:20:42 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\Nouveau Document Microsoft Word.doc
[2010/12/08 22:18:43 | 000,929,720 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\ds2.jpg
[2010/12/06 16:01:37 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk
[2010/12/06 15:50:11 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Media Impression SE for Kodak.lnk
[2010/12/04 18:06:28 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DOSBox 0.74.lnk
[2010/12/01 16:26:10 | 000,396,495 | ---- | C] () -- C:\Documents and Settings\Philippe\Mes documents\Lemmings.zip
[2010/12/01 15:02:15 | 000,244,157 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\lemmings.zip
[2010/11/28 20:58:52 | 000,449,848 | ---- | C] () -- C:\Documents and Settings\Philippe\Mes documents\org166.pdf
[2010/11/28 20:56:16 | 000,435,606 | ---- | C] () -- C:\Documents and Settings\Philippe\Mes documents\org165.pdf
[2010/11/25 22:41:38 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\Meteo en France.lnk
[2010/11/25 22:41:38 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Internet Explorer\Quick Launch\Meteo en France.lnk
[2010/11/24 21:52:37 | 000,051,754 | ---- | C] () -- C:\Documents and Settings\Philippe\Mes documents\org164.pdf
[2010/11/23 21:58:09 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\Nouveau Présentation Microsoft PowerPoint.ppt
[2010/11/23 19:01:17 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\Raccourci vers pymclaire.lnk
[2010/11/13 20:11:22 | 054,115,280 | ---- | C] () -- C:\Program Files\avira_antivir_personal_free.exe
[2010/11/12 18:32:58 | 000,165,956 | ---- | C] () -- C:\Documents and Settings\Philippe\Mes documents\anniv tet.pds
[2010/09/20 14:26:29 | 000,002,034 | ---- | C] () -- C:\WINDOWS\geom3D.ini
[2010/05/13 15:54:41 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Philippe\Application Data\qvjsge.dat
[2010/01/20 13:44:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/12/22 16:26:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/03/18 12:40:42 | 000,000,571 | ---- | C] () -- C:\WINDOWS\System32\FeMakro.ini
[2009/03/18 12:40:42 | 000,000,497 | ---- | C] () -- C:\WINDOWS\System32\FeAnim.ini
[2009/01/20 18:04:19 | 000,000,540 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/12/21 16:15:49 | 000,000,087 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/12 17:07:52 | 000,450,560 | R--- | C] () -- C:\WINDOWS\System32\mcs_cor1.dll
[2008/12/12 17:07:52 | 000,172,032 | R--- | C] () -- C:\WINDOWS\System32\mcs_cor2.dll
[2008/12/11 17:05:27 | 000,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2008/10/25 14:50:07 | 000,008,133 | ---- | C] () -- C:\WINDOWS\System32\MFPScript.ini
[2008/10/25 14:50:05 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ddschk.dll
[2008/10/25 14:50:05 | 000,000,548 | ---- | C] () -- C:\WINDOWS\System32\cliktext.ini
[2008/10/25 14:50:04 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\mfpcoins.dll
[2008/10/25 14:45:52 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX400DEFGIPSDaFiNoSv.ini
[2008/09/21 15:26:31 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/09/03 15:08:48 | 000,001,861 | ---- | C] () -- C:\WINDOWS\System32\MSMINI.DLL
[2008/08/25 14:15:19 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/04/21 12:50:09 | 000,005,140 | ---- | C] () -- C:\WINDOWS\DfCache.ini
[2008/04/21 12:49:51 | 000,002,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\UNINST2K.SYS
[2008/04/21 12:49:05 | 000,003,083 | ---- | C] () -- C:\WINDOWS\System32\Dfusbpdr.ini
[2008/01/10 16:25:33 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2008/01/02 21:55:17 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/01/02 21:55:17 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/12/25 10:05:15 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/01 11:37:02 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2007/09/26 12:09:16 | 000,021,036 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/09/26 12:09:16 | 000,015,132 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/09/26 12:09:16 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/09/12 11:04:55 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2007/09/12 11:01:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
[2007/08/29 19:08:40 | 000,001,888 | ---- | C] () -- C:\WINDOWS\CA533A.INI
[2007/08/29 19:08:39 | 000,001,325 | ---- | C] () -- C:\WINDOWS\Remove.ini
[2007/06/26 19:45:48 | 000,000,167 | ---- | C] () -- C:\WINDOWS\ASYM.ini
[2007/06/24 21:53:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/06/24 20:09:30 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX7000FEFDG.ini
[2007/04/17 22:34:04 | 000,104,593 | ---- | C] () -- C:\WINDOWS\System32\drivers\MPIXVID.SYS
[2007/02/04 17:37:52 | 000,032,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\STK013W1.sys
[2007/01/13 19:23:56 | 000,001,394 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2007/01/07 12:06:31 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/01/07 12:06:31 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/12/18 18:13:08 | 000,001,039 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/10/28 11:43:00 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2006/10/11 16:07:18 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2006/09/09 16:14:34 | 000,223,744 | ---- | C] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/09 16:12:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\pex.INI
[2006/08/29 22:09:01 | 000,000,151 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/08/28 22:05:23 | 000,000,112 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/08/28 21:41:28 | 000,000,287 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/08/28 21:40:54 | 000,000,033 | ---- | C] () -- C:\WINDOWS\AMT.INI
[2006/08/26 17:07:11 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2006/08/23 22:40:55 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2006/08/23 22:39:58 | 000,001,682 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2006/08/23 22:39:58 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2006/08/23 22:39:58 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2006/08/23 00:11:12 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\fusioncache.dat
[2006/08/22 21:58:11 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/22 20:45:39 | 000,278,528 | ---- | C] () -- C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[2006/08/22 19:30:53 | 000,000,682 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2006/08/22 19:25:08 | 000,000,294 | ---- | C] () -- C:\WINDOWS\PowerOption.ini
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/10/20 12:50:20 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2005/09/16 14:14:00 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/02/03 11:11:40 | 000,008,073 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/23 12:37:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/23 12:12:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/01/23 12:11:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/01/23 12:11:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/01/23 12:11:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/01/23 12:11:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/01/23 11:57:50 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/08/05 05:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004352_.tmp.dll
[2004/08/05 05:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004320_.tmp.dll
[2004/08/05 05:00:00 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/01 10:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/07/06 00:19:00 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[1997/06/14 12:56:08 | 000,056,320 | R--- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2006/08/29 22:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/06/24 20:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2007/06/24 21:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2007/07/11 11:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eConsole
[2007/11/24 11:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
[2008/05/02 20:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/05/02 20:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2008/08/25 14:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2008/10/01 13:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/10/01 13:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/01/17 21:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aplusix
[2009/04/11 08:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2009/10/31 21:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/31 21:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2006/08/23 22:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Canon
[2006/08/29 22:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Ulead Systems
[2006/09/04 16:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\MSNInstaller
[2007/06/25 19:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\EPSON
[2008/10/10 14:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\IndexEducation
[2008/11/27 13:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\OpenOffice.org
[2009/07/09 17:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Icones
[2009/10/21 08:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\bayardKids.08AE7BFC096D057FBA48C7E4F898C35F7FA11BBA.1
[2010/02/06 11:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Sony
[2010/02/06 11:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Sony Setup
[2010/07/08 19:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Foxit
[2010/07/08 19:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Foxit Software
[2010/08/30 17:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Anuman Interactive
[2010/12/01 21:40:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\sauvegarde.job
[2010/12/11 19:34:46 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7F2F80B7-7154-4694-86E9-589AC889E5BD}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< C:\Documents and Settings\All Users\Application Data\UAB\* >[/color]
 
[color=#A23BEC]< C:\Documents and Settings\All Users\Application Data\UAB\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*.* >[/color]
[2010/12/11 15:51:24 | 000,001,200 | ---- | M] () -- C:\Documents and Settings\Philippe\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-12-11 (15-51-22).txt

< End of report >

[Del-crosseur]

re,

Je te file le reste de la procédure se soir vers 22h30

Bonne soirée

[pierreyves258]

Oki merci
il y en encore quelque chose donc ?

[Del-crosseur]

Ouep

[pierreyves258]

Ok b merci en tout cas

[Del-crosseur]

re

Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:Files
C:\WINDOWS\System32\_004352_.tmp.dll
C:\WINDOWS\System32\_004320_.tmp.dll

:Commands
[emptytemp]
[EMPTYFLASH]
[PURITY]
[RESETHOSTS]

Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir "OTL.Txt" , enregistre le sur ton bureau.
* le pc risque de redémarrer, laisse faire OTL....

[pierreyves258]

Voila

Code: Tout sélectionner

All processes killed
========== FILES ==========
C:\WINDOWS\System32\_004352_.tmp.dll moved successfully.
C:\WINDOWS\System32\_004320_.tmp.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41620 bytes
 
User: All Users
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 860690 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 14286032 bytes
 
User: Philippe
->Temp folder emptied: 1392920 bytes
->Temporary Internet Files folder emptied: 246274687 bytes
->Java cache emptied: 115533511 bytes
->Flash cache emptied: 15431900 bytes
 
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2199891 bytes
%systemroot%\System32 .tmp files removed: 138872052 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 104933286 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 231564 bytes
 
Total Files Cleaned = 611,00 mb
 
 
[EMPTYFLASH]
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: NetworkService
 
User: LocalService
 
User: Philippe
->Flash cache emptied: 0 bytes
 
User: Administrateur
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.17.3 log created on 12122010_105359

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


[Del-crosseur]

Bonjour

Nous avons fini ... Sujet Réglé/Résolu !!

--Relance AD-REMOVER en choisissant l'option "Désinstaller"
--Lance "OTL" en choisissant l'option " Purge outil "
--Désinstaller navilog1 en supprimant le fichier Navilog1.Exe et le dossier C:Program FilesNavilog1

Tu peut garder Malwarebytes' en faisant une Analyse tous les 15 jours environs ...

@ ++

[pierreyves258]

Oki merci
(je télécharge CCleaner ou pas ?)

[H3bus]

Et bravo à Del Crosseur !

PierreYves, prochaine demande d'aide qui concerne un Windows illégal/non activé/piraté, il n'y aura pas d'aide.

[pierreyves258]

???? ou ait je parler de windows illegal ou piraté ?
tout mes windows sont enregistrer et légal !!!

[Del-crosseur]

H3bus, merci

re , déjà le problème que tu vient de me parler en MP peut être la cause du Windows Illégale ...
Et nous avons eu la chance que les outils utilisé ont fonctionné correctement , car un coup comme sa risque de faire
planter ton pc a jamais ...

@ ++