Publicité s'ouvre seule

sigismund

10 Mai 2010 10:19:53

Bonjour, depuis quelque temps j'ai des publicités qui s'ouvrent seules lors de mes connexions sur Internet... mon antivirus ne donne rien de concluant, si quelqu'un pourrait m'aider ce serait géniale.

J'ai fait une analyse avec Hajick, quelqu'un pourra surement le décrypter... Merci!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:49:07, on 10/05/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\RoamMgr.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Soft2PC\soft2pc.exe
C:\Documents and Settings\Frégo\Application Data\Soft2PC\Software\SoftwareHP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ADSTech Media Link\app\ADSTechMediaLink-server.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SOFT2PCBHO - {3475D2C4-BBD1-4255-A70D-4125A4D30956} - C:\Program Files\Soft2PC\soft2pcBHO.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [soft2PC] "C:\Program Files\Soft2PC\soft2pc.exe"
O4 - HKLM\..\Run: [Helper] C:\Documents and Settings\Frégo\Application Data\Soft2PC\Software\SoftwareHP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: ADSTech Media Link.lnk = C:\Program Files\ADSTech Media Link\app\ADSTechMediaLink-server.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Commutation de la carte (IntelRoam) - Intel Corporation - c:\Program Files\Intel\Switching\User\RoamSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\System32\RoamMgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

--
End of file - 6552 bytes

Autres pages sur : publicite ouvre seule

ichigo11

10 Mai 2010 10:55:11

Yop! En effet, tu as quelques infections

/!\ Pour le bon déroulement de la désinfection:

N'ouvre pas le même sujet sur des forums différents, c'est une perte de temps pour tout le monde!

Évites les manipulations hasardeuses avec ton PC, mieux vaut demander!

Prends le temps de lire corectement et de comprendre l'ensemble des procédures qui te seront demandées.

Suis à la lettre chaque procédure qui te sera fournie.

Si tu as une quelconque question ou un quelconque problème, n'hésite pas à me demander.

Dans un souci de lisibilité du sujet, merci de bien vouloir héberger tous les rapports ici, et de poster les liens dans la discussion. :clin:

=====

Télécharge sur le bureau « AD-Remover »

Double clique sur Ad-R.exe

Au menu principal choisi l'option Scanner

Un rapport s'ouvre.

Héberge le et donne son lien.

Note: le rapport se situe aussi dans « C:\Ad-Report-SCAN.log »

sigismund

10 Mai 2010 11:25:04

Désoler, je ne sais pas heberger un texte. Voici le rapport:

.
======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 07/05/10 à 16:50
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 11:16:08 le 10/05/2010 | Mode normal | Option: SCAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows XP™ Service Pack 2 - X86
Nom du PC: LLEY
Utilisateur actuel: Frégo
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
C:\Documents and Settings\Frégo\Application Data\Mozilla\FireFox\Profiles\0lko46gn.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
C:\Documents and Settings\Frégo\Application Data\Soft2PC
C:\Documents and Settings\Frégo\Local Settings\Application Data\Soft2PC
C:\Program Files\AskBarDis
C:\Program Files\Soft2PC
.
HKCU\Software\AppDataLow\AskBarDis
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
HKCU\Software\soft2PC
HKLM\Software\AskBarDis
HKLM\Software\Classes\AppID\{AB67D16D-3824-4683-B81A-D66DBA61B1AF}
HKLM\Software\Classes\AppID\Soft2PCBHO.DLL
HKLM\Software\Classes\AskIBar.PopSwatterBarButton
HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1
HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl
HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1
HKLM\Software\Classes\AskToolBar.SettingsPlugin
HKLM\Software\Classes\AskToolBar.SettingsPlugin.1
HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKLM\Software\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
HKLM\Software\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKLM\Software\Classes\CLSID\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
HKLM\Software\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
HKLM\Software\Classes\Interface\{CC883F50-95BB-4A25-9DBF-B801506F1BC4}
HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
HKLM\Software\Classes\SoftwareBHO.SOFT2PCBHO
HKLM\Software\Classes\SoftwareBHO.SOFT2PCBHO.1
HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
HKLM\Software\Classes\TypeLib\{B52F3553-49FA-4599-81A4-F98951E0B53B}
HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Soft2PC_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Soft2PC_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Software_is1
HKLM\Software\soft2PC
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|helper
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|soft2PC
.
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.5.8 (fr) *
.
C:\Documents and Settings\Frégo\..\0lko46gn.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.8
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Do404Search: 0x01000000
Enable Browser Extensions: yes
First Home Page: hxxp://y.lo.st
Search Page: hxxp://www.google.com
Show_ToolBar: yes
Start Page: hxxp://www.google.fr/
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Ad-Remover\Backup: 0 Fichier(s)
.
C:\Ad-Report-SCAN[1].txt - 5306 Octet(s)
.
Fin à: 11:20:56, 10/05/2010
.
============== E.O.F - SCAN[1] ==============

ichigo11

10 Mai 2010 11:44:26

Vu!

Relances « AD-R.exe » : au menu principal choisi l'option Nettoyer

Un rapport s'ouvre.

Héberge le et donne son lien.

Note: le rapport se situe aussi dans « C:\Ad-Report-CLEAN.log »

sigismund

10 Mai 2010 12:07:33

.
======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 07/05/10 à 16:50
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 11:54:37 le 10/05/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows XP™ Service Pack 2 - X86
Nom du PC: LLEY
Utilisateur actuel: Frégo
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
C:\Documents and Settings\Frégo\Application Data\Mozilla\FireFox\Profiles\0lko46gn.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
C:\Documents and Settings\Frégo\Application Data\Soft2PC
C:\Documents and Settings\Frégo\Local Settings\Application Data\Soft2PC
C:\Program Files\AskBarDis
C:\Program Files\Soft2PC

(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\AppDataLow\AskBarDis
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
HKCU\Software\soft2PC
HKLM\Software\AskBarDis
HKLM\Software\Classes\AppID\{AB67D16D-3824-4683-B81A-D66DBA61B1AF}
HKLM\Software\Classes\AppID\Soft2PCBHO.DLL
HKLM\Software\Classes\AskIBar.PopSwatterBarButton
HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1
HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl
HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1
HKLM\Software\Classes\AskToolBar.SettingsPlugin
HKLM\Software\Classes\AskToolBar.SettingsPlugin.1
HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKLM\Software\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
HKLM\Software\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKLM\Software\Classes\CLSID\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
HKLM\Software\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
HKLM\Software\Classes\Interface\{CC883F50-95BB-4A25-9DBF-B801506F1BC4}
HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
HKLM\Software\Classes\SoftwareBHO.SOFT2PCBHO
HKLM\Software\Classes\SoftwareBHO.SOFT2PCBHO.1
HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
HKLM\Software\Classes\TypeLib\{B52F3553-49FA-4599-81A4-F98951E0B53B}
HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Soft2PC_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Soft2PC_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Software_is1
HKLM\Software\soft2PC
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|helper
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|soft2PC
.
(Orpheline) HKCU,Run - Glary Memory Optimizer - C:\Program Files\Glary Utilities\memdefrag.exe (Fichier manquant)
(Orpheline) BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (CLSID manquant)
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.5.8 (fr) *
.
C:\Documents and Settings\Frégo\..\0lko46gn.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.8
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Ad-Remover\Backup: 13 Fichier(s)
.
C:\Ad-Report-SCAN[1].txt - 5430 Octet(s)
C:\Ad-Report-CLEAN[1].txt - 5745 Octet(s)
.
Fin à: 11:59:31, 10/05/2010
.
============== E.O.F - CLEAN[1] ==============

ichigo11

10 Mai 2010 12:14:00

Ok!

Télécharger sur le bureau Malwarebyte's Anti-Malware

Double-clic sur « mbam-setup » pour lancer l'installation.

Installer simplement sans rien modifier.

Quand le programme lancé ==> onglet « Mise à jour » cliquer sur ==> « Recherche de mise à jour. »

Onglet « Recherche » ==> cocher « Exécuter un examen complet ».

Clic « Rechercher »,

Cocher tous les disque dur,

Clic « Lancer l'examen ».

En fin de scan , si infection trouvée,

==> Clic « Afficher résultat ».

Fermer vos applications en cours,

Vérifier si tout est coché et clic « Supprimer la sélection ».

Un rapport s'ouvre l'héberger et donner son lien.

sigismund

10 Mai 2010 15:15:44

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4085

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

10/05/2010 15:05:49
mbam-log-2010-05-10 (15-05-49).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 164057
Temps écoulé: 28 minute(s), 34 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{FD24018D-A121-40DF-A143-E39AEB8F3B2A}\RP417\A0108393.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FD24018D-A121-40DF-A143-E39AEB8F3B2A}\RP417\A0108394.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.

ichigo11

10 Mai 2010 15:16:47

Fais un scan OTL maintenant:

Télécharge OTL(de OldTimer) sur ton Bureau.

Double-clique sur OTL pour le lancer.

(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.

Coche également les cases à côté de Recherche Lop et Recherche Purity.

Enfin, clique sur le bouton Analyse. Le scan ne prendra pas beaucoup de temps.

Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

Héberge les rapports, puis donne leurs liens.

sigismund

10 Mai 2010 15:54:07

OTL logfile created on: 10/05/2010 15:50:24 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Frégo\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

247,00 Mb Total Physical Memory | 77,00 Mb Available Physical Memory | 31,00% Memory free
606,00 Mb Paging File | 297,00 Mb Available in Paging File | 49,00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35,49 Gb Total Space | 20,72 Gb Free Space | 58,37% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LLEY
Current User Name: Frégo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Frégo\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
PRC - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ADSTech Media Link\app\ADSTechMediaLink-server.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\RoamMgr.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\ZCfgSvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
PRC - C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)
PRC - c:\Program Files\Intel\Switching\User\RoamSvc.exe (Intel Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Frégo\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)

========== Win32 Services (SafeList) ==========

SRV - (AVG Anti-Spyware Guard) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RoamMgr) -- C:\WINDOWS\system32\RoamMgr.exe (Intel Corporation)
SRV - (S24EventMonitor) -- C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) -- C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)
SRV - (IntelRoam) -- c:\Program Files\Intel\Switching\User\RoamSvc.exe (Intel Corporation)
SRV - (NetSvc) -- c:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation)

========== Driver Services (SafeList) ==========

DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (athr) -- C:\WINDOWS\system32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AVG Anti-Spyware Driver) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ()
DRV - (AvgAsCln) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys (GRISOFT, s.r.o.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\ar5416.sys (Atheros Communications, Inc.)
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys (ASUSTek COMPUTER INC.)
DRV - (rmedia) -- C:\WINDOWS\system32\DRIVERS\rmedia.sys (REDC)
DRV - (LucentSoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (Lucent Technologies)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (w70n51) Pilote Intel(R) -- C:\WINDOWS\system32\drivers\w70n51.sys (Intel® Corporation)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (Intel_MIPMNMP) -- C:\WINDOWS\system32\drivers\mipmnxp.sys (Intel Corporation)
DRV - (gv3) -- C:\WINDOWS\system32\drivers\gv3.sys (Microsoft Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 C5 72 84 5A C7 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/28 19:41:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/28 19:41:04 | 000,000,000 | ---D | M]

[2009/12/28 19:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\Mozilla\Extensions
[2009/12/28 19:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\Mozilla\Firefox\Profiles\0lko46gn.default\extensions
[2010/04/12 10:10:52 | 000,000,000 | ---D | M] (Softonic_France Toolbar) -- C:\Documents and Settings\Frégo\Application Data\Mozilla\Firefox\Profiles\0lko46gn.default\extensions\{4daac69c-cba7-45e2-9bc8-1044483d3352}
[2010/01/18 08:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\Mozilla\Firefox\Profiles\0lko46gn.default\extensions\illimitux@illimitux.net
[2009/12/28 19:41:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/06 00:13:14 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/12/02 09:26:34 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/12/02 09:26:34 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/12/02 09:26:34 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/12/02 09:26:34 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009/12/02 09:26:34 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2002/08/30 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\Asus\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ADSTech Media Link.lnk = C:\Program Files\ADSTech Media Link\app\ADSTechMediaLink-server.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Contro... (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common... (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Contro... (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-wind... (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-wind... (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-wind... (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-wind... (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-wind... (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash... (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\Sebring: DllName - c:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Frégo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Frégo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/22 15:22:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/12/16 13:02:06 | 000,000,121 | RHS- | M] () - C:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{38faebd4-0b4e-11df-9e69-001cf0ed6eb1}\Shell - "" = AutoRun
O33 - MountPoints2\{7f4c9000-aa2a-11db-9ce8-806d6172696f}\Shell\Open(O)\command - "" = Recycled\Recycled\ctfmon.exe
O33 - MountPoints2\{959a7670-ec57-11db-9d1a-00042366d770}\Shell - "" = AutoRun
O33 - MountPoints2\{959a7670-ec57-11db-9d1a-00042366d770}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a6c51500-e9d1-11dc-9d71-00042366d770}\Shell - "" = AutoRun
O33 - MountPoints2\{dffaf940-974e-11dc-9d49-00042366d770}\Shell\Open(0)\command - "" = Recycled\ctfmon.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/10 15:49:34 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Frégo\Bureau\OTL.exe
[2010/05/10 12:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frégo\Application Data\Malwarebytes
[2010/05/10 12:32:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/10 12:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/10 12:32:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/10 12:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/10 11:16:05 | 000,000,000 | ---D | C] -- C:\Ad-Remover
[2010/05/10 09:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/05/10 09:04:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/05/10 09:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro
[2010/04/12 10:06:58 | 000,285,696 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\cudart.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/10 15:49:48 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\Frégo\NTUSER.DAT
[2010/05/10 15:49:16 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frégo\Bureau\OTL.exe
[2010/05/10 15:34:10 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{31FDE3CA-5F58-49DF-92D1-3C1B1D51F6C0}.job
[2010/05/10 15:12:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/10 15:11:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/10 15:11:40 | 258,854,912 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/10 15:07:36 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Frégo\ntuser.ini
[2010/05/10 15:07:28 | 004,800,756 | -H-- | M] () -- C:\Documents and Settings\Frégo\Local Settings\Application Data\IconCache.db
[2010/05/10 12:32:56 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/05/10 09:06:50 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/10 09:01:16 | 000,001,484 | ---- | M] () -- C:\Documents and Settings\Frégo\Bureau\Hitman Pro.lnk
[2010/05/10 08:48:34 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\Frégo\Bureau\HijackThis.lnk
[2010/05/06 00:15:08 | 000,201,216 | ---- | M] () -- C:\Documents and Settings\Frégo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/04 23:50:30 | 000,142,848 | ---- | M] () -- C:\Documents and Settings\Frégo\Bureau\séance 8 commentaire.doc
[2010/05/04 23:12:10 | 000,002,559 | ---- | M] () -- C:\Documents and Settings\Frégo\Bureau\Microsoft Word.lnk
[2010/05/03 23:16:04 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Frégo\Bureau\séance 10 commentaire.doc
[2010/05/01 12:07:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 00:30:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/26 23:56:22 | 000,000,613 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/12 10:18:38 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/10 12:32:55 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/05/10 09:06:48 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/10 09:01:14 | 000,001,484 | ---- | C] () -- C:\Documents and Settings\Frégo\Bureau\Hitman Pro.lnk
[2010/05/10 08:48:32 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\Frégo\Bureau\HijackThis.lnk
[2010/05/04 23:50:28 | 000,142,848 | ---- | C] () -- C:\Documents and Settings\Frégo\Bureau\séance 8 commentaire.doc
[2010/05/03 14:53:15 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Frégo\Bureau\séance 10 commentaire.doc
[2010/04/12 10:18:35 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/04/12 10:06:58 | 000,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll
[2009/12/28 19:36:20 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/28 19:36:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/28 19:36:17 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/12/28 19:36:17 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/28 19:36:17 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/28 19:36:13 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/28 19:36:13 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/08/14 15:26:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/03/03 21:40:00 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/03/03 17:03:52 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/11/05 15:45:03 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/11/05 15:40:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE RX520FI.ini
[2007/07/13 02:49:33 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2007/02/04 15:22:23 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/24 02:17:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/22 16:39:27 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
[2007/01/22 16:08:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/22 15:28:57 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\ASLM75.SYS
[2007/01/22 15:28:55 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2007/01/22 15:28:41 | 000,000,072 | ---- | C] () -- C:\WINDOWS\AcrobatSetupStatus.ini
[2007/01/22 15:26:49 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2007/01/22 15:07:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/08/20 00:09:30 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/20 00:09:30 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/20 00:09:30 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/20 00:09:30 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/20 00:09:30 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2002/10/24 12:32:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\mipmnlog.dll
[2002/10/07 18:16:58 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2002/10/07 18:16:58 | 000,002,496 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/10/07 18:15:40 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2008/11/06 13:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/03/09 14:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/04/13 20:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/12/28 00:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/10 09:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2007/01/22 15:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\InterTrust
[2008/03/03 17:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\DAEMON Tools
[2008/11/07 15:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\Grisoft
[2009/03/09 14:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\Sony
[2009/04/07 22:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\Leadertech
[2010/02/06 00:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\Foxit
[2010/02/15 21:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\Uniblue
[2010/02/15 22:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\GlarySoft
[2010/03/01 20:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\Opera
[2007/02/09 23:12:34 | 000,000,106 | ---- | M] () -- C:\WINDOWS\Tasks\Low Battery Alarm Program.job
[2010/05/10 15:34:10 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{31FDE3CA-5F58-49DF-92D1-3C1B1D51F6C0}.job

========== Purity Check ==========

< End of report >

sigismund

10 Mai 2010 15:56:18

OTL Extras logfile created on: 10/05/2010 15:50:24 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Frégo\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

247,00 Mb Total Physical Memory | 77,00 Mb Available Physical Memory | 31,00% Memory free
606,00 Mb Paging File | 297,00 Mb Available in Paging File | 49,00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35,49 Gb Total Space | 20,72 Gb Free Space | 58,37% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LLEY
Current User Name: Frégo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet

isabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet

isabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\ADSTech Media Link\app\ADSTechMediaLink-server.exe" = C:\Program Files\ADSTech Media Link\app\ADSTechMediaLink-server.exe:*:Enabled:ADSTechMediaLink-server -- ()
"C:\Team17\Worms2\frontend.exe" = C:\Team17\Worms2\frontend.exe:*:Enabled:Worms 2 Frontend -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled

pera Internet Browser -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.005.00
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8552A53D-5226-462B-8E7C-B3174C04E7BD}" = Intel(R) PROSet
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage
"{9084040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B77AF57-F7B2-488F-8B75-1DDDCC447545}_is1" = Hitman Pro
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ad-Remover" = Ad-Remover By C_XX
"ADSTech Media Link_is1" = ADSTech Media Link version 1.2
"ASUS Probe V2.10" = ASUS Probe V2.10
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"Foxit Reader" = Foxit Reader
"Hcontrol" = ASUS ATK0100 ACPI UTILITY
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InterActual Player" = InterActual Player
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.5.1
"Lucent Technologies Soft Modem" = Lucent Technologies Soft Modem AMR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Power4 Gear V1.07" = Power4 Gear V1.07
"SynTPDeinstKey" = Synaptics TouchPad
"VLC media player" = VideoLAN VLC media player 0.8.4-test1a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WINFLASH V2.08" = WINFLASH V2.08
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/03/2010 20:29:51 | Computer Name = LLEY | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs 1180947459.

Error - 11/03/2010 05:07:08 | Computer Name = LLEY | Source = Application Error | ID = 1000
Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

Error - 17/03/2010 05:30:45 | Computer Name = LLEY | Source = Application Error | ID = 1000
Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

Error - 17/03/2010 19:50:40 | Computer Name = LLEY | Source = Application Error | ID = 1000
Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

Error - 18/03/2010 05:04:42 | Computer Name = LLEY | Source = Application Error | ID = 1000
Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

Error - 18/03/2010 05:11:32 | Computer Name = LLEY | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 10.0.4219.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 19/03/2010 17:50:07 | Computer Name = LLEY | Source = Application Error | ID = 1000
Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

Error - 20/03/2010 12:47:55 | Computer Name = LLEY | Source = Application Error | ID = 1000
Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

Error - 22/03/2010 20:02:36 | Computer Name = LLEY | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 10.0.4219.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 25/03/2010 06:08:49 | Computer Name = LLEY | Source = Application Error | ID = 1000
Description = Application défaillante trackseraser.exe, version 2.19.0.800, module
défaillant kernel32.dll, version 5.1.2600.3541, adresse de défaillance 0x00012a6b.

[ Application Events ]
Error - 10/03/2010 20:29:51 | Computer Name = LLEY | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs 1180947459.

Error - 11/03/2010 05:07:08 | Computer Name = LLEY | Source = Application Error | ID = 1000
Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

Error - 17/03/2010 05:30:45 | Computer Name = LLEY | Source = Application Error | ID = 1000
Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

Error - 17/03/2010 19:50:40 | Computer Name = LLEY | Source = Application Error | ID = 1000
Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

Error - 18/03/2010 05:04:42 | Computer Name = LLEY | Source = Application Error | ID = 1000
Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

Error - 18/03/2010 05:11:32 | Computer Name = LLEY | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 10.0.4219.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 19/03/2010 17:50:07 | Computer Name = LLEY | Source = Application Error | ID = 1000
Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

Error - 20/03/2010 12:47:55 | Computer Name = LLEY | Source = Application Error | ID = 1000
Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

Error - 22/03/2010 20:02:36 | Computer Name = LLEY | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 10.0.4219.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 25/03/2010 06:08:49 | Computer Name = LLEY | Source = Application Error | ID = 1000
Description = Application défaillante trackseraser.exe, version 2.19.0.800, module
défaillant kernel32.dll, version 5.1.2600.3541, adresse de défaillance 0x00012a6b.

[ System Events ]
Error - 06/05/2010 15:20:15 | Computer Name = LLEY | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
stisvc à une transaction.

Error - 08/05/2010 14:31:09 | Computer Name = LLEY | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
stisvc à une transaction.

Error - 10/05/2010 05:55:20 | Computer Name = LLEY | Source = Service Control Manager | ID = 7031
Description = Le service Spouleur d'impression s'est terminé de manière inattendue.
Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans
60000 millisecondes : Redémarrer le service.

Error - 10/05/2010 05:55:20 | Computer Name = LLEY | Source = Service Control Manager | ID = 7034
Description = Le service Spectrum24 Event Monitor s'est terminé de façon inattendue
pour la 1ème fois.

Error - 10/05/2010 05:55:20 | Computer Name = LLEY | Source = Service Control Manager | ID = 7034
Description = Le service AVG Anti-Spyware Guard s'est terminé de façon inattendue
pour la 1ème fois.

Error - 10/05/2010 05:55:20 | Computer Name = LLEY | Source = Service Control Manager | ID = 7034
Description = Le service RegSrvc s'est terminé de façon inattendue pour la 1ème
fois.

Error - 10/05/2010 05:55:20 | Computer Name = LLEY | Source = Service Control Manager | ID = 7034
Description = Le service RoamMgr s'est terminé de façon inattendue pour la 1ème
fois.

Error - 10/05/2010 05:55:20 | Computer Name = LLEY | Source = Service Control Manager | ID = 7034
Description = Le service Service de la passerelle de la couche Application s'est
terminé de façon inattendue pour la 1ème fois.

Error - 10/05/2010 05:55:20 | Computer Name = LLEY | Source = Service Control Manager | ID = 7034
Description = Le service Commutation de la carte s'est terminé de façon inattendue
pour la 1ème fois.

Error - 10/05/2010 09:12:33 | Computer Name = LLEY | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : IntelIde rmedia

< End of report >

ichigo11

10 Mai 2010 15:59:35

Ça me semble OK, par contre, tu n'as pas d'antivirus?

Et tu utilises avg anti-spyware 7.5 qui est complètement obsolète.

sigismund

10 Mai 2010 16:03:18

Ok merci beaucoup beaucoup.
En effet je n'utilise pas d'antivirus, mon PC a des capacité tres limité et souvent un antivirus alourdis le PC, il galere deja assez.

Par contre je ferais bien de mettre AVG a jour a moins que vous m'en conseiller un logiciel bien et pas lourd.

ps: comme vous avez pu le constater j'ai hcontrol qui ne fonctionne pas... vous pourriez m'aider pour ca? enfin si je poste dans la bonne partie du forum une question sur ca quelqu'un pourra m'aider ou pas pour ca?

ichigo11

10 Mai 2010 16:05:39

Oui, ouvre un nouveau sujet pour ton problème.

Y'aura bien quelqu'un pour t'aider.

sigismund

10 Mai 2010 16:10:10

et sinon AVG et bien ou il est préférable que je prenne autre chose?

ichigo11

10 Mai 2010 16:12:06

Prend un antivirus tout simplement, au lieu de faire tourner le résident d'un anti-spyware obsolète.

Si tu as envie de rester sur avg, tu peux prendre l'antivirus d'avg en version gratuite, il est pas mal.
Sinon tu as aussi antivir en version gratuite.

C'est comme tu veux.

sigismund

10 Mai 2010 16:15:12

ok Merci

c'est partis pour Antivir^^