Se connecter / S'enregistrer
Votre question

Publicité s'ouvre seule

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
10 Mai 2010 10:19:53

Bonjour, depuis quelque temps j'ai des publicités qui s'ouvrent seules lors de mes connexions sur Internet... mon antivirus ne donne rien de concluant, si quelqu'un pourrait m'aider ce serait géniale.

J'ai fait une analyse avec Hajick, quelqu'un pourra surement le décrypter... Merci!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:49:07, on 10/05/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\RoamMgr.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Soft2PC\soft2pc.exe
C:\Documents and Settings\Frégo\Application Data\Soft2PC\Software\SoftwareHP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ADSTech Media Link\app\ADSTechMediaLink-server.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SOFT2PCBHO - {3475D2C4-BBD1-4255-A70D-4125A4D30956} - C:\Program Files\Soft2PC\soft2pcBHO.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [soft2PC] "C:\Program Files\Soft2PC\soft2pc.exe"
O4 - HKLM\..\Run: [Helper] C:\Documents and Settings\Frégo\Application Data\Soft2PC\Software\SoftwareHP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: ADSTech Media Link.lnk = C:\Program Files\ADSTech Media Link\app\ADSTechMediaLink-server.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Commutation de la carte (IntelRoam) - Intel Corporation - c:\Program Files\Intel\Switching\User\RoamSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\System32\RoamMgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

--
End of file - 6552 bytes

Autres pages sur : publicite ouvre seule

10 Mai 2010 10:55:11

Yop! En effet, tu as quelques infections ;) 

/!\ Pour le bon déroulement de la désinfection:
  • N'ouvre pas le même sujet sur des forums différents, c'est une perte de temps pour tout le monde!
  • Évites les manipulations hasardeuses avec ton PC, mieux vaut demander!
  • Prends le temps de lire corectement et de comprendre l'ensemble des procédures qui te seront demandées.
  • Suis à la lettre chaque procédure qui te sera fournie.
  • Si tu as une quelconque question ou un quelconque problème, n'hésite pas à me demander.
  • Dans un souci de lisibilité du sujet, merci de bien vouloir héberger tous les rapports ici, et de poster les liens dans la discussion. :clin: 

    =====

    Télécharge sur le bureau « AD-Remover »
  • Double clique sur Ad-R.exe
  • Au menu principal choisi l'option Scanner
  • Un rapport s'ouvre.
  • Héberge le et donne son lien.
  • Note: le rapport se situe aussi dans « C:\Ad-Report-SCAN.log »
    10 Mai 2010 11:25:04

    Désoler, je ne sais pas heberger un texte. Voici le rapport:



    .
    ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 07/05/10 à 16:50
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 11:16:08 le 10/05/2010 | Mode normal | Option: SCAN
    Exécuté de: C:\Ad-Remover\ADR.exe
    SE: Microsoft® Windows XP™ Service Pack 2 - X86
    Nom du PC: LLEY
    Utilisateur actuel: Frégo
    .
    ============== ÉLÉMENT(S) TROUVÉ(S) ==============
    .
    .
    C:\Documents and Settings\Frégo\Application Data\Mozilla\FireFox\Profiles\0lko46gn.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    C:\Documents and Settings\Frégo\Application Data\Soft2PC
    C:\Documents and Settings\Frégo\Local Settings\Application Data\Soft2PC
    C:\Program Files\AskBarDis
    C:\Program Files\Soft2PC
    .
    HKCU\Software\AppDataLow\AskBarDis
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
    HKCU\Software\soft2PC
    HKLM\Software\AskBarDis
    HKLM\Software\Classes\AppID\{AB67D16D-3824-4683-B81A-D66DBA61B1AF}
    HKLM\Software\Classes\AppID\Soft2PCBHO.DLL
    HKLM\Software\Classes\AskIBar.PopSwatterBarButton
    HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1
    HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl
    HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1
    HKLM\Software\Classes\AskToolBar.SettingsPlugin
    HKLM\Software\Classes\AskToolBar.SettingsPlugin.1
    HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    HKLM\Software\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
    HKLM\Software\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
    HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKLM\Software\Classes\CLSID\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
    HKLM\Software\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
    HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
    HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
    HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
    HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
    HKLM\Software\Classes\Interface\{CC883F50-95BB-4A25-9DBF-B801506F1BC4}
    HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
    HKLM\Software\Classes\SoftwareBHO.SOFT2PCBHO
    HKLM\Software\Classes\SoftwareBHO.SOFT2PCBHO.1
    HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
    HKLM\Software\Classes\TypeLib\{B52F3553-49FA-4599-81A4-F98951E0B53B}
    HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
    HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Soft2PC_is1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Soft2PC_is1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Software_is1
    HKLM\Software\soft2PC
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run|helper
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run|soft2PC
    .
    .
    ============== SCAN ADDITIONNEL ==============
    .
    * Mozilla FireFox Version 3.5.8 (fr) *
    .
    C:\Documents and Settings\Frégo\..\0lko46gn.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.8
    .
    .
    * Internet Explorer Version 8.0.6001.18702 *
    .
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    .
    AutoHide: yes
    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    First Home Page: hxxp://y.lo.st
    Search Page: hxxp://www.google.com
    Show_ToolBar: yes
    Start Page: hxxp://www.google.fr/
    Use Search Asst: no
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm
    .
    ========================================
    .
    C:\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Ad-Remover\Backup: 0 Fichier(s)
    .
    C:\Ad-Report-SCAN[1].txt - 5306 Octet(s)
    .
    Fin à: 11:20:56, 10/05/2010
    .
    ============== E.O.F - SCAN[1] ==============
    Contenus similaires
    10 Mai 2010 11:44:26

    Vu!

  • Relances « AD-R.exe » : au menu principal choisi l'option Nettoyer
  • Un rapport s'ouvre.
  • Héberge le et donne son lien.
  • Note: le rapport se situe aussi dans « C:\Ad-Report-CLEAN.log »
    10 Mai 2010 12:07:33

    .
    ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 07/05/10 à 16:50
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 11:54:37 le 10/05/2010 | Mode normal | Option: CLEAN
    Exécuté de: C:\Ad-Remover\ADR.exe
    SE: Microsoft® Windows XP™ Service Pack 2 - X86
    Nom du PC: LLEY
    Utilisateur actuel: Frégo
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    .
    C:\Documents and Settings\Frégo\Application Data\Mozilla\FireFox\Profiles\0lko46gn.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    C:\Documents and Settings\Frégo\Application Data\Soft2PC
    C:\Documents and Settings\Frégo\Local Settings\Application Data\Soft2PC
    C:\Program Files\AskBarDis
    C:\Program Files\Soft2PC

    (!) -- Fichiers temporaires supprimés.
    .
    HKCU\Software\AppDataLow\AskBarDis
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
    HKCU\Software\soft2PC
    HKLM\Software\AskBarDis
    HKLM\Software\Classes\AppID\{AB67D16D-3824-4683-B81A-D66DBA61B1AF}
    HKLM\Software\Classes\AppID\Soft2PCBHO.DLL
    HKLM\Software\Classes\AskIBar.PopSwatterBarButton
    HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1
    HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl
    HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1
    HKLM\Software\Classes\AskToolBar.SettingsPlugin
    HKLM\Software\Classes\AskToolBar.SettingsPlugin.1
    HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    HKLM\Software\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
    HKLM\Software\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
    HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKLM\Software\Classes\CLSID\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
    HKLM\Software\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
    HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
    HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
    HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
    HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
    HKLM\Software\Classes\Interface\{CC883F50-95BB-4A25-9DBF-B801506F1BC4}
    HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
    HKLM\Software\Classes\SoftwareBHO.SOFT2PCBHO
    HKLM\Software\Classes\SoftwareBHO.SOFT2PCBHO.1
    HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
    HKLM\Software\Classes\TypeLib\{B52F3553-49FA-4599-81A4-F98951E0B53B}
    HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
    HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Soft2PC_is1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Soft2PC_is1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Software_is1
    HKLM\Software\soft2PC
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run|helper
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run|soft2PC
    .
    (Orpheline) HKCU,Run - Glary Memory Optimizer - C:\Program Files\Glary Utilities\memdefrag.exe (Fichier manquant)
    (Orpheline) BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (CLSID manquant)
    .
    ============== SCAN ADDITIONNEL ==============
    .
    * Mozilla FireFox Version 3.5.8 (fr) *
    .
    C:\Documents and Settings\Frégo\..\0lko46gn.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.8
    .
    .
    * Internet Explorer Version 8.0.6001.18702 *
    .
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    .
    AutoHide: yes
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Use Search Asst: no
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm
    .
    ========================================
    .
    C:\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Ad-Remover\Backup: 13 Fichier(s)
    .
    C:\Ad-Report-SCAN[1].txt - 5430 Octet(s)
    C:\Ad-Report-CLEAN[1].txt - 5745 Octet(s)
    .
    Fin à: 11:59:31, 10/05/2010
    .
    ============== E.O.F - CLEAN[1] ==============
    10 Mai 2010 12:14:00

    Ok!

    Télécharger sur le bureau Malwarebyte's Anti-Malware

  • Double-clic sur « mbam-setup » pour lancer l'installation.
  • Installer simplement sans rien modifier.
  • Quand le programme lancé ==> onglet « Mise à jour » cliquer sur ==> « Recherche de mise à jour. »
  • Onglet « Recherche » ==> cocher « Exécuter un examen complet ».
  • Clic « Rechercher »,
  • Cocher tous les disque dur,
  • Clic « Lancer l'examen ».
  • En fin de scan , si infection trouvée,
  • ==> Clic « Afficher résultat ».
  • Fermer vos applications en cours,
  • Vérifier si tout est coché et clic « Supprimer la sélection ».

  • Un rapport s'ouvre l'héberger et donner son lien.
    10 Mai 2010 15:15:44

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Version de la base de données: 4085

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    10/05/2010 15:05:49
    mbam-log-2010-05-10 (15-05-49).txt

    Type d'examen: Examen complet (C:\|D:\|)
    Elément(s) analysé(s): 164057
    Temps écoulé: 28 minute(s), 34 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{FD24018D-A121-40DF-A143-E39AEB8F3B2A}\RP417\A0108393.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{FD24018D-A121-40DF-A143-E39AEB8F3B2A}\RP417\A0108394.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
    10 Mai 2010 15:16:47

    Fais un scan OTL maintenant:

    Télécharge OTL(de OldTimer) sur ton Bureau.
  • Double-clique sur OTL pour le lancer.
  • (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
  • Coche également les cases à côté de Recherche Lop et Recherche Purity.
  • Enfin, clique sur le bouton Analyse. Le scan ne prendra pas beaucoup de temps.
  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).
  • Héberge les rapports, puis donne leurs liens.
    10 Mai 2010 15:54:07

    OTL logfile created on: 10/05/2010 15:50:24 - Run 1
    OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Frégo\Bureau
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    247,00 Mb Total Physical Memory | 77,00 Mb Available Physical Memory | 31,00% Memory free
    606,00 Mb Paging File | 297,00 Mb Available in Paging File | 49,00% Paging File free
    Paging file location(s): C:\pagefile.sys 372 744 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 35,49 Gb Total Space | 20,72 Gb Free Space | 58,37% Space Free | Partition Type: FAT32
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: LLEY
    Current User Name: Frégo
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Frégo\Bureau\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
    PRC - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\ADSTech Media Link\app\ADSTechMediaLink-server.exe ()
    PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    PRC - C:\WINDOWS\system32\RoamMgr.exe (Intel Corporation)
    PRC - C:\WINDOWS\system32\ZCfgSvc.exe (Intel Corporation)
    PRC - C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
    PRC - C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)
    PRC - c:\Program Files\Intel\Switching\User\RoamSvc.exe (Intel Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Frégo\Bureau\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)


    ========== Win32 Services (SafeList) ==========

    SRV - (AVG Anti-Spyware Guard) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
    SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (RoamMgr) -- C:\WINDOWS\system32\RoamMgr.exe (Intel Corporation)
    SRV - (S24EventMonitor) -- C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
    SRV - (RegSrvc) -- C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)
    SRV - (IntelRoam) -- c:\Program Files\Intel\Switching\User\RoamSvc.exe (Intel Corporation)
    SRV - (NetSvc) -- c:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation)
    DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation)
    DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation)
    DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation)
    DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation)
    DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation)
    DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation)
    DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
    DRV - (athr) -- C:\WINDOWS\system32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (AVG Anti-Spyware Driver) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ()
    DRV - (AvgAsCln) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys (GRISOFT, s.r.o.)
    DRV - (AR5416) -- C:\WINDOWS\system32\drivers\ar5416.sys (Atheros Communications, Inc.)
    DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
    DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys (ASUSTek COMPUTER INC.)
    DRV - (rmedia) -- C:\WINDOWS\system32\DRIVERS\rmedia.sys (REDC)
    DRV - (LucentSoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (Lucent Technologies)
    DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
    DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
    DRV - (w70n51) Pilote Intel(R) -- C:\WINDOWS\system32\drivers\w70n51.sys (Intel® Corporation)
    DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
    DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
    DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
    DRV - (Intel_MIPMNMP) -- C:\WINDOWS\system32\drivers\mipmnxp.sys (Intel Corporation)
    DRV - (gv3) -- C:\WINDOWS\system32\drivers\gv3.sys (Microsoft Corporation)
    DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 C5 72 84 5A C7 CA 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.5
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/28 19:41:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/28 19:41:04 | 000,000,000 | ---D | M]

    [2009/12/28 19:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\Mozilla\Extensions
    [2009/12/28 19:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\Mozilla\Firefox\Profiles\0lko46gn.default\extensions
    [2010/04/12 10:10:52 | 000,000,000 | ---D | M] (Softonic_France Toolbar) -- C:\Documents and Settings\Frégo\Application Data\Mozilla\Firefox\Profiles\0lko46gn.default\extensions\{4daac69c-cba7-45e2-9bc8-1044483d3352}
    [2010/01/18 08:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\Mozilla\Firefox\Profiles\0lko46gn.default\extensions\illimitux@illimitux.net
    [2009/12/28 19:41:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/02/06 00:13:14 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    [2009/12/02 09:26:34 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2009/12/02 09:26:34 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2009/12/02 09:26:34 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2009/12/02 09:26:34 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2009/12/02 09:26:34 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2002/08/30 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
    O4 - HKLM..\Run: [Power_Gear] C:\Program Files\Asus\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ADSTech Media Link.lnk = C:\Program Files\ADSTech Media Link\app\ADSTechMediaLink-server.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Contro... (WUWebControl Class)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common... (Symantec RuFSI Utility Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Contro... (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-wind... (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-wind... (Java Plug-in 1.5.0_08)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-wind... (Java Plug-in 1.5.0_10)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-wind... (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-wind... (Java Plug-in 1.6.0_15)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash... (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O20 - Winlogon\Notify\Sebring: DllName - c:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Frégo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Frégo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/01/22 15:22:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2008/12/16 13:02:06 | 000,000,121 | RHS- | M] () - C:\autorun.inf -- [ FAT32 ]
    O33 - MountPoints2\{38faebd4-0b4e-11df-9e69-001cf0ed6eb1}\Shell - "" = AutoRun
    O33 - MountPoints2\{7f4c9000-aa2a-11db-9ce8-806d6172696f}\Shell\Open(O)\command - "" = Recycled\Recycled\ctfmon.exe
    O33 - MountPoints2\{959a7670-ec57-11db-9d1a-00042366d770}\Shell - "" = AutoRun
    O33 - MountPoints2\{959a7670-ec57-11db-9d1a-00042366d770}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{a6c51500-e9d1-11dc-9d71-00042366d770}\Shell - "" = AutoRun
    O33 - MountPoints2\{dffaf940-974e-11dc-9d49-00042366d770}\Shell\Open(0)\command - "" = Recycled\ctfmon.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/05/10 15:49:34 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Frégo\Bureau\OTL.exe
    [2010/05/10 12:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frégo\Application Data\Malwarebytes
    [2010/05/10 12:32:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/05/10 12:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/05/10 12:32:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/05/10 12:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/05/10 11:16:05 | 000,000,000 | ---D | C] -- C:\Ad-Remover
    [2010/05/10 09:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2010/05/10 09:04:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2010/05/10 09:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro
    [2010/04/12 10:06:58 | 000,285,696 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\cudart.dll
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/05/10 15:49:48 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\Frégo\NTUSER.DAT
    [2010/05/10 15:49:16 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frégo\Bureau\OTL.exe
    [2010/05/10 15:34:10 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{31FDE3CA-5F58-49DF-92D1-3C1B1D51F6C0}.job
    [2010/05/10 15:12:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/05/10 15:11:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/05/10 15:11:40 | 258,854,912 | -HS- | M] () -- C:\hiberfil.sys
    [2010/05/10 15:07:36 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Frégo\ntuser.ini
    [2010/05/10 15:07:28 | 004,800,756 | -H-- | M] () -- C:\Documents and Settings\Frégo\Local Settings\Application Data\IconCache.db
    [2010/05/10 12:32:56 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
    [2010/05/10 09:06:50 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010/05/10 09:01:16 | 000,001,484 | ---- | M] () -- C:\Documents and Settings\Frégo\Bureau\Hitman Pro.lnk
    [2010/05/10 08:48:34 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\Frégo\Bureau\HijackThis.lnk
    [2010/05/06 00:15:08 | 000,201,216 | ---- | M] () -- C:\Documents and Settings\Frégo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/04 23:50:30 | 000,142,848 | ---- | M] () -- C:\Documents and Settings\Frégo\Bureau\séance 8 commentaire.doc
    [2010/05/04 23:12:10 | 000,002,559 | ---- | M] () -- C:\Documents and Settings\Frégo\Bureau\Microsoft Word.lnk
    [2010/05/03 23:16:04 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Frégo\Bureau\séance 10 commentaire.doc
    [2010/05/01 12:07:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/27 00:30:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/04/26 23:56:22 | 000,000,613 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/04/12 10:18:38 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/05/10 12:32:55 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
    [2010/05/10 09:06:48 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010/05/10 09:01:14 | 000,001,484 | ---- | C] () -- C:\Documents and Settings\Frégo\Bureau\Hitman Pro.lnk
    [2010/05/10 08:48:32 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\Frégo\Bureau\HijackThis.lnk
    [2010/05/04 23:50:28 | 000,142,848 | ---- | C] () -- C:\Documents and Settings\Frégo\Bureau\séance 8 commentaire.doc
    [2010/05/03 14:53:15 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Frégo\Bureau\séance 10 commentaire.doc
    [2010/04/12 10:18:35 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
    [2010/04/12 10:06:58 | 000,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll
    [2009/12/28 19:36:20 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2009/12/28 19:36:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2009/12/28 19:36:17 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2009/12/28 19:36:17 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/12/28 19:36:17 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/12/28 19:36:13 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/12/28 19:36:13 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
    [2008/08/14 15:26:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2008/03/03 21:40:00 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2008/03/03 17:03:52 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
    [2007/11/05 15:45:03 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2007/11/05 15:40:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE RX520FI.ini
    [2007/07/13 02:49:33 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
    [2007/02/04 15:22:23 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/01/24 02:17:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/01/22 16:39:27 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
    [2007/01/22 16:08:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2007/01/22 15:28:57 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\ASLM75.SYS
    [2007/01/22 15:28:55 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
    [2007/01/22 15:28:41 | 000,000,072 | ---- | C] () -- C:\WINDOWS\AcrobatSetupStatus.ini
    [2007/01/22 15:26:49 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2007/01/22 15:07:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
    [2004/08/20 00:09:30 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
    [2004/08/20 00:09:30 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
    [2004/08/20 00:09:30 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
    [2004/08/20 00:09:30 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
    [2004/08/20 00:09:30 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
    [2002/10/24 12:32:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\mipmnlog.dll
    [2002/10/07 18:16:58 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
    [2002/10/07 18:16:58 | 000,002,496 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2002/10/07 18:15:40 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

    ========== LOP Check ==========

    [2008/11/06 13:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2009/03/09 14:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2009/04/13 20:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2009/12/28 00:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/05/10 09:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2007/01/22 15:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\InterTrust
    [2008/03/03 17:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\DAEMON Tools
    [2008/11/07 15:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\Grisoft
    [2009/03/09 14:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\Sony
    [2009/04/07 22:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\Leadertech
    [2010/02/06 00:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\Foxit
    [2010/02/15 21:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\Uniblue
    [2010/02/15 22:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\GlarySoft
    [2010/03/01 20:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frégo\Application Data\Opera
    [2007/02/09 23:12:34 | 000,000,106 | ---- | M] () -- C:\WINDOWS\Tasks\Low Battery Alarm Program.job
    [2010/05/10 15:34:10 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{31FDE3CA-5F58-49DF-92D1-3C1B1D51F6C0}.job

    ========== Purity Check ==========


    < End of report >
    10 Mai 2010 15:56:18

    OTL Extras logfile created on: 10/05/2010 15:50:24 - Run 1
    OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Frégo\Bureau
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    247,00 Mb Total Physical Memory | 77,00 Mb Available Physical Memory | 31,00% Memory free
    606,00 Mb Paging File | 297,00 Mb Available in Paging File | 49,00% Paging File free
    Paging file location(s): C:\pagefile.sys 372 744 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 35,49 Gb Total Space | 20,72 Gb Free Space | 58,37% Space Free | Partition Type: FAT32
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: LLEY
    Current User Name: Frégo
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:D isabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:D isabled:@xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
    "C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- File not found
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
    "C:\Program Files\ADSTech Media Link\app\ADSTechMediaLink-server.exe" = C:\Program Files\ADSTech Media Link\app\ADSTechMediaLink-server.exe:*:Enabled:ADSTechMediaLink-server -- ()
    "C:\Team17\Worms2\frontend.exe" = C:\Team17\Worms2\frontend.exe:*:Enabled:Worms 2 Frontend -- File not found
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:o pera Internet Browser -- File not found


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
    "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.005.00
    "{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
    "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
    "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
    "{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
    "{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
    "{8552A53D-5226-462B-8E7C-B3174C04E7BD}" = Intel(R) PROSet
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
    "{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
    "{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage
    "{9084040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B77AF57-F7B2-488F-8B75-1DDDCC447545}_is1" = Hitman Pro
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Ad-Remover" = Ad-Remover By C_XX
    "ADSTech Media Link_is1" = ADSTech Media Link version 1.2
    "ASUS Probe V2.10" = ASUS Probe V2.10
    "AVGAntiSpyware75" = AVG Anti-Spyware 7.5
    "EPSON Printer and Utilities" = EPSON Logiciel imprimante
    "Foxit Reader" = Foxit Reader
    "Hcontrol" = ASUS ATK0100 ACPI UTILITY
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "InterActual Player" = InterActual Player
    "JDownloader" = JDownloader
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.5.1
    "Lucent Technologies Soft Modem" = Lucent Technologies Soft Modem AMR
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Power4 Gear V1.07" = Power4 Gear V1.07
    "SynTPDeinstKey" = Synaptics TouchPad
    "VLC media player" = VideoLAN VLC media player 0.8.4-test1a
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Lecteur Windows Media 11
    "Windows XP Service Pack" = Windows XP Service Pack 2
    "WINFLASH V2.08" = WINFLASH V2.08
    "WinLiveSuite_Wave3" = Installation Windows Live
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/03/2010 20:29:51 | Computer Name = LLEY | Source = Application Hang | ID = 1001
    Description = Détecteur d'erreurs 1180947459.

    Error - 11/03/2010 05:07:08 | Computer Name = LLEY | Source = Application Error | ID = 1000
    Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
    défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

    Error - 17/03/2010 05:30:45 | Computer Name = LLEY | Source = Application Error | ID = 1000
    Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
    défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

    Error - 17/03/2010 19:50:40 | Computer Name = LLEY | Source = Application Error | ID = 1000
    Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
    défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

    Error - 18/03/2010 05:04:42 | Computer Name = LLEY | Source = Application Error | ID = 1000
    Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
    défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

    Error - 18/03/2010 05:11:32 | Computer Name = LLEY | Source = Application Hang | ID = 1002
    Description = Application bloquée WINWORD.EXE, version 10.0.4219.0, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 19/03/2010 17:50:07 | Computer Name = LLEY | Source = Application Error | ID = 1000
    Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
    défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

    Error - 20/03/2010 12:47:55 | Computer Name = LLEY | Source = Application Error | ID = 1000
    Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
    défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

    Error - 22/03/2010 20:02:36 | Computer Name = LLEY | Source = Application Hang | ID = 1002
    Description = Application bloquée WINWORD.EXE, version 10.0.4219.0, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 25/03/2010 06:08:49 | Computer Name = LLEY | Source = Application Error | ID = 1000
    Description = Application défaillante trackseraser.exe, version 2.19.0.800, module
    défaillant kernel32.dll, version 5.1.2600.3541, adresse de défaillance 0x00012a6b.

    [ Application Events ]
    Error - 10/03/2010 20:29:51 | Computer Name = LLEY | Source = Application Hang | ID = 1001
    Description = Détecteur d'erreurs 1180947459.

    Error - 11/03/2010 05:07:08 | Computer Name = LLEY | Source = Application Error | ID = 1000
    Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
    défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

    Error - 17/03/2010 05:30:45 | Computer Name = LLEY | Source = Application Error | ID = 1000
    Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
    défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

    Error - 17/03/2010 19:50:40 | Computer Name = LLEY | Source = Application Error | ID = 1000
    Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
    défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

    Error - 18/03/2010 05:04:42 | Computer Name = LLEY | Source = Application Error | ID = 1000
    Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
    défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

    Error - 18/03/2010 05:11:32 | Computer Name = LLEY | Source = Application Hang | ID = 1002
    Description = Application bloquée WINWORD.EXE, version 10.0.4219.0, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 19/03/2010 17:50:07 | Computer Name = LLEY | Source = Application Error | ID = 1000
    Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
    défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

    Error - 20/03/2010 12:47:55 | Computer Name = LLEY | Source = Application Error | ID = 1000
    Description = Application défaillante hcontrol.exe, version 1043.2.15.24, module
    défaillant inter_f2.dll, version 1043.2.15.24, adresse de défaillance 0x000010da.

    Error - 22/03/2010 20:02:36 | Computer Name = LLEY | Source = Application Hang | ID = 1002
    Description = Application bloquée WINWORD.EXE, version 10.0.4219.0, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 25/03/2010 06:08:49 | Computer Name = LLEY | Source = Application Error | ID = 1000
    Description = Application défaillante trackseraser.exe, version 2.19.0.800, module
    défaillant kernel32.dll, version 5.1.2600.3541, adresse de défaillance 0x00012a6b.

    [ System Events ]
    Error - 06/05/2010 15:20:15 | Computer Name = LLEY | Source = Service Control Manager | ID = 7011
    Description = Délai (30000 millisecondes) d'attente pour une réponse du service
    stisvc à une transaction.

    Error - 08/05/2010 14:31:09 | Computer Name = LLEY | Source = Service Control Manager | ID = 7011
    Description = Délai (30000 millisecondes) d'attente pour une réponse du service
    stisvc à une transaction.

    Error - 10/05/2010 05:55:20 | Computer Name = LLEY | Source = Service Control Manager | ID = 7031
    Description = Le service Spouleur d'impression s'est terminé de manière inattendue.
    Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans
    60000 millisecondes : Redémarrer le service.

    Error - 10/05/2010 05:55:20 | Computer Name = LLEY | Source = Service Control Manager | ID = 7034
    Description = Le service Spectrum24 Event Monitor s'est terminé de façon inattendue
    pour la 1ème fois.

    Error - 10/05/2010 05:55:20 | Computer Name = LLEY | Source = Service Control Manager | ID = 7034
    Description = Le service AVG Anti-Spyware Guard s'est terminé de façon inattendue
    pour la 1ème fois.

    Error - 10/05/2010 05:55:20 | Computer Name = LLEY | Source = Service Control Manager | ID = 7034
    Description = Le service RegSrvc s'est terminé de façon inattendue pour la 1ème
    fois.

    Error - 10/05/2010 05:55:20 | Computer Name = LLEY | Source = Service Control Manager | ID = 7034
    Description = Le service RoamMgr s'est terminé de façon inattendue pour la 1ème
    fois.

    Error - 10/05/2010 05:55:20 | Computer Name = LLEY | Source = Service Control Manager | ID = 7034
    Description = Le service Service de la passerelle de la couche Application s'est
    terminé de façon inattendue pour la 1ème fois.

    Error - 10/05/2010 05:55:20 | Computer Name = LLEY | Source = Service Control Manager | ID = 7034
    Description = Le service Commutation de la carte s'est terminé de façon inattendue
    pour la 1ème fois.

    Error - 10/05/2010 09:12:33 | Computer Name = LLEY | Source = Service Control Manager | ID = 7026
    Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
    charger : IntelIde rmedia


    < End of report >
    10 Mai 2010 15:59:35

    Ça me semble OK, par contre, tu n'as pas d'antivirus? :o 
    Et tu utilises avg anti-spyware 7.5 qui est complètement obsolète. :o 
    10 Mai 2010 16:03:18

    Ok merci beaucoup beaucoup.
    En effet je n'utilise pas d'antivirus, mon PC a des capacité tres limité et souvent un antivirus alourdis le PC, il galere deja assez.

    Par contre je ferais bien de mettre AVG a jour a moins que vous m'en conseiller un logiciel bien et pas lourd.

    ps: comme vous avez pu le constater j'ai hcontrol qui ne fonctionne pas... vous pourriez m'aider pour ca? enfin si je poste dans la bonne partie du forum une question sur ca quelqu'un pourra m'aider ou pas pour ca?
    10 Mai 2010 16:05:39

    Oui, ouvre un nouveau sujet pour ton problème. ;)  Y'aura bien quelqu'un pour t'aider. :o 
    10 Mai 2010 16:10:10

    et sinon AVG et bien ou il est préférable que je prenne autre chose?
    10 Mai 2010 16:12:06

    Prend un antivirus tout simplement, au lieu de faire tourner le résident d'un anti-spyware obsolète. :o 

    Si tu as envie de rester sur avg, tu peux prendre l'antivirus d'avg en version gratuite, il est pas mal.
    Sinon tu as aussi antivir en version gratuite.

    C'est comme tu veux. :o 
    10 Mai 2010 16:15:12

    ok Merci :)  c'est partis pour Antivir^^
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS