bonjour,
je suis ennuyée car j'ai dû appuyer sur la version d'essai de bitdefender puisqu'ils m'ont envoyé un lien dans mon mail. Essai, me pensant non engagée, j'ai appuyé. Rien, windows m'a dit ne pas accepter ce lien. Puis cette nuit mais très vite au cours de mon analyse malwareberytes, j'ai vu apparaitre bitdefender dans la liste. Il doit donc être quelquepart même si je n'en ai pas l'usage. Hors je voudrais alors l'enlever pas me retrouver trappée, j'ai cherché un peu partout sur C sans le trouver pour l'éliminer. Merci de me conseiller et bon dimanche à tous.
version essai bit defender
Modérateur : Mods Windows
Re: version essai bit defender
Bonjour,
Ca ne serait pas plutôt ce logiciel ?
Pour voir :
* Télécharge >> OTL <<sur ton bureau.
* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"
* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.
* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.
* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"
* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
PS : Si le rapport est trop long pour être poster sur un message, tu peux utiliser un hébergeur : http://pjjoint.malekal.com/index.php?lang=fr
Ca ne serait pas plutôt ce logiciel ?
Pour voir :
* Télécharge >> OTL <<sur ton bureau.
* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"
* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.
* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.
* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
CREATERESTOREPOINT
nslookup http://www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
PS : Si le rapport est trop long pour être poster sur un message, tu peux utiliser un hébergeur : http://pjjoint.malekal.com/index.php?lang=fr
Re: version essai bit defender
merci je suis en train de fair le test OTL maintenant. Je réponds fort tard et vous prie de m'en excuser mais j'avais un tel problème avec deux programmes vérouillés reader X et avira que je tentais sans cesse d'élucider pour pouvoir à nouveau naviguer sur le web. De mode sans échec en x manipulations, j'y ai passé jours et nuit, j'ai enfin réussi grâce à unlocker plus autres problèmes dont port 445 car sans anti virus (up date bloqué) je devins une passoire à chaque demande sur internet d'infos ; bref c'est une survivante qui peut enfin accéder à ses mails. Voici le lien http://pjjoint.malekal.com/files.php?id ... k6n12t5q12 ; sans vos tutoriels je serai toujours aussi enlisée merci donc de continuer à m'aider par cet éclairage sur ce bit defender. Ce matin en remettant une version free d'Avira, j'étais tentée par l'expérience des trente jours d'essai pour une protection totale mais je ne sais si ensuite on peut refuser facilement ou être lié. Bonne journée
Re: version essai bit defender
j'ajoute je me suis trompée, je l'ai indiqué dans un autre sujet alors que c'est peut-être en relation avec ce bit defendeur, sur le même pc en changeant de compte, je trouve sur le bureau
speedy PC pro,est ce que cela a un rapport ?
speedy PC pro,est ce que cela a un rapport ?
Re: version essai bit defender
Bonjour,
Si tu es pris en charge sur un autre topic, ça ne sert à rien de multiplier les sujets.
Toutes les analyses ont été faite par Malekal et angelique.
[EDIT] : Topic réouvert, vu en MP.
Si tu es pris en charge sur un autre topic, ça ne sert à rien de multiplier les sujets.
Toutes les analyses ont été faite par Malekal et angelique.
[EDIT] : Topic réouvert, vu en MP.
Re: version essai bit defender
meci d'avoir réouvert mais puis je savoir après le dernier examen si ce bit defender a bien disparu ?
Re: version essai bit defender
'soir,
Il y a un mot de passe sur ton rapport, je n'ai pas pu l'ouvrir.
Il y a un mot de passe sur ton rapport, je n'ai pas pu l'ouvrir.
Re: version essai bit defender
décidément je ne suis pas doué, je viens d'ouvrir pi joint j'ai fait le chemin de mon txt otl puis cliqué sur envoyé pour avoir un lien.Plus rien Où donc ça a pu partir. Est ce ennuyeux pour moi ? Dites le moi s'il vous plait j'avais mis public non. Je crois vraiment que mon ordi est infecté.
Donc je suis revenu à mon texte OTL et cette fois ci ai fait un copier collé ci-dessous :
OTL logfile created on: 29/09/2013 15:34:35 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
511,49 Mb Total Physical Memory | 248,77 Mb Available Physical Memory | 48,64% Memory free
1,22 Gb Paging File | 0,75 Gb Available in Paging File | 61,55% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 132,06 Gb Free Space | 88,61% Space Free | Partition Type: NTFS
Computer Name: USERX-6905C04C6 | User Name: UserX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerHook.dll ()
MOD - C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerAssistant.exe ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
========== Services (SafeList) ==========
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)
SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (W8335XP) -- system32\DRIVERS\WG311v3XP.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft)
DRV - (UnlockerDriver5) -- C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerDriver5.sys ()
DRV - (RTL8192cu) -- C:\WINDOWS\system32\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation )
DRV - (RTL8192su) -- C:\WINDOWS\system32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (nvnforce) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)
DRV - (nv_agp) -- C:\WINDOWS\system32\drivers\nv_agp.SYS (NVIDIA Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{85040E12-D490-433B-B37B-8245D6BAF8A0}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {85040E12-D490-433B-B37B-8245D6BAF8A0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{85040E12-D490-433B-B37B-8245D6BAF8A0}: "URL" = http://www.google.com/search?q={searchT ... FA_frFR489
IE - HKCU\..\SearchScopes\{8AC06FDA-15B8-41A8-892E-B4E37014FD9E}: "URL" = http://websearch.ask.com/redirect?clien ... 74E6456474
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2013/09/23 10:08:03 | 000,449,398 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15430 more lines...
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers2.touslesdrivers.com/mac ... _0_1_1.cab ("Ma-Config.com control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42414178-4026-4E21-978D-18DAF9B03834}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/25 18:08:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: EPSON Stylus CX6600 Series - hkey= - key= - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3F7924B9-D148-3141-87B1-68F36043A940} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{CB58DED6-4AF3-4080-9DF1-DEE72075169F} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2013/09/29 15:34:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\OTL.exe
[2013/09/29 10:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Canneverbe Limited
[2013/09/29 05:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2013/09/29 05:19:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/09/29 05:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/09/26 16:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Media Player Classic
[2013/09/25 20:15:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/25 11:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\Hosts_Anti_Adwares_PUPs
[2013/09/25 06:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2013/09/25 06:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\FileOpenerPro
[2013/09/24 09:52:02 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/09/23 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\SpeedyPC Software
[2013/09/23 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\ElevatedDiagnostics
[2013/09/23 21:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013/09/23 21:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Avira
[2013/09/23 21:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Babylon
[2013/09/23 21:46:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Recent
[2013/09/22 15:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\epson
[2013/09/21 16:13:19 | 000,000,000 | ---D | C] -- C:\ZHP
[2013/09/21 16:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2013/09/19 18:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Mozilla(2)
[2013/09/19 18:47:00 | 000,281,928 | ---- | C] (Mozilla) -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\Firefox Setup Stub 24.0.exe
[2013/09/17 14:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\DAMIEN
[2013/09/17 14:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\AVOCATS
[2013/09/17 13:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\NOUVEAUX ELEMENTS
[2013/09/17 13:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\PIECES MANQUANTES
[2013/09/17 13:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\CONDENSE
[2013/09/17 13:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\MURIEL
[2013/09/17 13:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\BOSCH
[2013/09/15 21:55:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Malwarebytes
[2013/09/15 11:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2013/09/15 11:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2013/09/14 06:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Rising(2)
[2013/09/14 06:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Rising
[2013/09/14 05:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\DriverCure
[2013/09/14 05:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpeedyPC Software
[2013/09/14 05:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\SpeedyPC
[2013/09/12 18:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Macromedia
[2013/09/11 11:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Microsoft
[2013/09/11 11:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Adobe
[2013/09/11 11:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming
[2013/09/11 03:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe
[2013/09/10 20:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Thunderbird
[2013/09/10 16:59:50 | 000,000,000 | ---D | C] -- C:\76ff10d349ffd01e98adbdd7741048
[2013/09/10 14:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Auslogics
[2013/09/10 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\weDownload Manager
[2013/09/10 14:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverGenius
[2013/09/10 13:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\Téléchargements
[2013/09/10 13:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Mozilla
[2013/09/10 13:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla
[2013/09/07 15:57:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/09/29 15:36:53 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/09/29 15:34:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\OTL.exe
[2013/09/29 15:30:43 | 000,000,345 | ---- | M] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers _OTL.lnk
[2013/09/29 10:03:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\wklnhst.dat
[2013/09/29 05:19:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes Anti-Malware.lnk
[2013/09/29 04:34:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/29 04:33:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/29 04:33:13 | 536,403,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/28 18:17:10 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2013/09/26 16:45:29 | 000,000,503 | ---- | M] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers Trojan Remover.lnk
[2013/09/26 16:44:26 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers Unlocker.lnk
[2013/09/26 11:36:20 | 000,000,079 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/09/25 03:15:24 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/25 03:15:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/23 10:08:03 | 000,449,398 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130926-111656.backup
[2013/09/23 10:08:03 | 000,449,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/09/23 08:44:55 | 000,229,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/21 20:49:21 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2013/09/19 18:47:01 | 000,281,928 | ---- | M] (Mozilla) -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\Firefox Setup Stub 24.0.exe
[2013/09/15 21:02:01 | 000,447,782 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130918-131732.backup
[2013/09/15 21:02:01 | 000,447,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130923-100803.backup
[2013/09/15 13:13:01 | 000,444,790 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130915-210201.backup
[2013/09/11 03:52:28 | 000,136,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/09/11 03:52:28 | 000,088,840 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/09/10 17:47:59 | 000,000,661 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/09/10 17:26:01 | 000,614,508 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2013/09/10 17:26:01 | 000,538,852 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/10 17:26:01 | 000,114,952 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2013/09/10 17:26:01 | 000,096,012 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/10 14:06:09 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/09/29 15:36:53 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/09/29 15:30:43 | 000,000,345 | ---- | C] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers _OTL.lnk
[2013/09/29 10:03:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\wklnhst.dat
[2013/09/29 05:19:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes Anti-Malware.lnk
[2013/09/26 16:45:29 | 000,000,503 | ---- | C] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers Trojan Remover.lnk
[2013/09/26 16:44:26 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers Unlocker.lnk
[2013/09/26 11:36:04 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/09/25 11:46:16 | 000,000,484 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2013/09/24 09:29:40 | 536,403,968 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/23 22:49:28 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Adobe Reader XI.lnk
[2013/09/23 08:44:55 | 000,229,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/21 16:27:22 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin
[2013/09/10 17:47:32 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/09/10 14:06:09 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2013/05/07 07:05:01 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2013/03/09 20:25:30 | 000,000,353 | ---- | C] () -- C:\WINDOWS\PHOTO!2.INI
[2013/03/09 20:24:00 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin040c.exe
[2013/02/04 10:19:32 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2013/02/04 10:19:32 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2013/02/04 10:19:32 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2013/02/04 08:55:13 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2013/02/04 08:28:18 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2013/02/04 08:28:17 | 000,030,605 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2013/02/04 08:28:17 | 000,027,030 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2013/02/04 08:26:07 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX6600FGD.ini
[2013/01/05 19:57:09 | 000,002,564 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2012/06/21 21:15:23 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/26 12:24:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/26 11:35:35 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012/04/26 09:43:19 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2012/04/26 09:43:19 | 000,000,122 | R--- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2012/04/26 08:27:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/04/26 08:21:44 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/04/25 20:38:47 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
========== ZeroAccess Check ==========
[2012/04/26 11:16:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:33:42 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:33:50 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
[2013/09/11 03:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
[2013/09/10 14:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Auslogics
[2013/09/23 21:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
[2012/08/18 11:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canneverbe Limited
[2013/09/10 14:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverGenius
[2013/01/29 22:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
[2012/08/31 18:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com
[2013/02/06 19:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2013/09/26 10:45:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2013/09/23 21:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
[2013/09/10 13:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla
[2013/09/23 21:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Rising
[2013/09/14 05:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpeedyPC Software
[2013/09/26 11:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2013/02/15 12:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2013/02/04 08:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UDL
[2012/04/26 16:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2011/09/05 23:51:05 | 001,560,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe\Setup\{AC76BA86-7AD7-1036-7B44-AA1000000001}\setup.exe
[2013/09/05 17:53:26 | 000,364,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe\Setup\{AC76BA86-7AD7-1036-7B44-AB0000000001}\setup.exe
[2013/09/11 03:51:22 | 000,599,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe
[2013/09/11 03:51:36 | 000,044,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe
[2012/06/24 09:06:08 | 000,526,448 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
< %APPDATA%\*. >
[2013/09/22 15:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Adobe
[2013/09/23 21:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Avira
[2013/09/29 10:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Canneverbe Limited
[2013/09/14 05:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\DriverCure
[2013/09/23 21:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\ElevatedDiagnostics
[2013/09/12 18:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Macromedia
[2013/09/15 21:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Malwarebytes
[2013/09/26 16:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Media Player Classic
[2013/09/29 10:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Microsoft
[2013/09/23 21:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Mozilla(2)
[2013/09/23 21:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\SpeedyPC Software
< %APPDATA%\*.exe /s >
< %temp%\*.exe /s >
[2013/09/19 17:19:45 | 000,676,072 | ---- | M] () -- C:\DOCUME~1\USERX~1.USE\LOCALS~1\Temp\ICReinstall_Firefox_Setup[1].exe
[10 C:\DOCUME~1\USERX~1.USE\LOCALS~1\Temp\*.tmp files -> C:\DOCUME~1\USERX~1.USE\LOCALS~1\Temp\*.tmp -> ]
[2013/09/20 10:00:13 | 017,154,952 | ---- | M] (Adobe Systems Incorporated) -- C:\DOCUME~1\USERX~1.USE\LOCALS~1\Temp\{2619002F-9D2A-4D02-A6CC-D68B2313BCBA}\InstallFlashPlayer.exe
[2013/09/19 17:20:22 | 022,404,568 | ---- | M] (Mozilla) -- C:\DOCUME~1\USERX~1.USE\LOCALS~1\Temp\is1275519350\4791445_stp.EXE
[2013/08/15 17:44:28 | 000,011,264 | ---- | M] () -- C:\DOCUME~1\USERX~1.USE\LOCALS~1\Temp\is1275519350\4791503_stp\wajam_validate.exe
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2012/04/25 20:36:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
< MD5 for: EXPLORER.EXE >
[2004/08/05 14:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: WINLOGON.EXE >
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004/08/05 14:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s >
"Debug" =
"Kmode" = %SystemRoot%\system32\win32k.sys -- [2013/08/08 08:09:44 | 001,877,888 | ---- | M] (Microsoft Corporation)
"Optional" = Posix [binary data]
"Posix" = %SystemRoot%\system32\psxss.exe
Donc je suis revenu à mon texte OTL et cette fois ci ai fait un copier collé ci-dessous :
OTL logfile created on: 29/09/2013 15:34:35 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
511,49 Mb Total Physical Memory | 248,77 Mb Available Physical Memory | 48,64% Memory free
1,22 Gb Paging File | 0,75 Gb Available in Paging File | 61,55% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 132,06 Gb Free Space | 88,61% Space Free | Partition Type: NTFS
Computer Name: USERX-6905C04C6 | User Name: UserX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerHook.dll ()
MOD - C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerAssistant.exe ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
========== Services (SafeList) ==========
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)
SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (W8335XP) -- system32\DRIVERS\WG311v3XP.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft)
DRV - (UnlockerDriver5) -- C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerDriver5.sys ()
DRV - (RTL8192cu) -- C:\WINDOWS\system32\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation )
DRV - (RTL8192su) -- C:\WINDOWS\system32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (nvnforce) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)
DRV - (nv_agp) -- C:\WINDOWS\system32\drivers\nv_agp.SYS (NVIDIA Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{85040E12-D490-433B-B37B-8245D6BAF8A0}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {85040E12-D490-433B-B37B-8245D6BAF8A0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{85040E12-D490-433B-B37B-8245D6BAF8A0}: "URL" = http://www.google.com/search?q={searchT ... FA_frFR489
IE - HKCU\..\SearchScopes\{8AC06FDA-15B8-41A8-892E-B4E37014FD9E}: "URL" = http://websearch.ask.com/redirect?clien ... 74E6456474
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2013/09/23 10:08:03 | 000,449,398 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15430 more lines...
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers2.touslesdrivers.com/mac ... _0_1_1.cab ("Ma-Config.com control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42414178-4026-4E21-978D-18DAF9B03834}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/25 18:08:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: EPSON Stylus CX6600 Series - hkey= - key= - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3F7924B9-D148-3141-87B1-68F36043A940} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{CB58DED6-4AF3-4080-9DF1-DEE72075169F} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2013/09/29 15:34:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\OTL.exe
[2013/09/29 10:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Canneverbe Limited
[2013/09/29 05:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2013/09/29 05:19:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/09/29 05:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/09/26 16:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Media Player Classic
[2013/09/25 20:15:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/25 11:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\Hosts_Anti_Adwares_PUPs
[2013/09/25 06:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2013/09/25 06:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\FileOpenerPro
[2013/09/24 09:52:02 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/09/23 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\SpeedyPC Software
[2013/09/23 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\ElevatedDiagnostics
[2013/09/23 21:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013/09/23 21:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Avira
[2013/09/23 21:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Babylon
[2013/09/23 21:46:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Recent
[2013/09/22 15:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\epson
[2013/09/21 16:13:19 | 000,000,000 | ---D | C] -- C:\ZHP
[2013/09/21 16:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2013/09/19 18:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Mozilla(2)
[2013/09/19 18:47:00 | 000,281,928 | ---- | C] (Mozilla) -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\Firefox Setup Stub 24.0.exe
[2013/09/17 14:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\DAMIEN
[2013/09/17 14:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\AVOCATS
[2013/09/17 13:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\NOUVEAUX ELEMENTS
[2013/09/17 13:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\PIECES MANQUANTES
[2013/09/17 13:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\CONDENSE
[2013/09/17 13:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\MURIEL
[2013/09/17 13:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\BOSCH
[2013/09/15 21:55:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Malwarebytes
[2013/09/15 11:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2013/09/15 11:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2013/09/14 06:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Rising(2)
[2013/09/14 06:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Rising
[2013/09/14 05:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\DriverCure
[2013/09/14 05:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpeedyPC Software
[2013/09/14 05:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\SpeedyPC
[2013/09/12 18:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Macromedia
[2013/09/11 11:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Microsoft
[2013/09/11 11:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Adobe
[2013/09/11 11:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming
[2013/09/11 03:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe
[2013/09/10 20:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Thunderbird
[2013/09/10 16:59:50 | 000,000,000 | ---D | C] -- C:\76ff10d349ffd01e98adbdd7741048
[2013/09/10 14:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Auslogics
[2013/09/10 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\weDownload Manager
[2013/09/10 14:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverGenius
[2013/09/10 13:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\Téléchargements
[2013/09/10 13:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Mozilla
[2013/09/10 13:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla
[2013/09/07 15:57:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/09/29 15:36:53 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/09/29 15:34:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\OTL.exe
[2013/09/29 15:30:43 | 000,000,345 | ---- | M] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers _OTL.lnk
[2013/09/29 10:03:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\wklnhst.dat
[2013/09/29 05:19:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes Anti-Malware.lnk
[2013/09/29 04:34:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/29 04:33:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/29 04:33:13 | 536,403,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/28 18:17:10 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2013/09/26 16:45:29 | 000,000,503 | ---- | M] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers Trojan Remover.lnk
[2013/09/26 16:44:26 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers Unlocker.lnk
[2013/09/26 11:36:20 | 000,000,079 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/09/25 03:15:24 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/25 03:15:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/23 10:08:03 | 000,449,398 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130926-111656.backup
[2013/09/23 10:08:03 | 000,449,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/09/23 08:44:55 | 000,229,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/21 20:49:21 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2013/09/19 18:47:01 | 000,281,928 | ---- | M] (Mozilla) -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\Firefox Setup Stub 24.0.exe
[2013/09/15 21:02:01 | 000,447,782 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130918-131732.backup
[2013/09/15 21:02:01 | 000,447,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130923-100803.backup
[2013/09/15 13:13:01 | 000,444,790 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130915-210201.backup
[2013/09/11 03:52:28 | 000,136,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/09/11 03:52:28 | 000,088,840 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/09/10 17:47:59 | 000,000,661 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/09/10 17:26:01 | 000,614,508 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2013/09/10 17:26:01 | 000,538,852 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/10 17:26:01 | 000,114,952 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2013/09/10 17:26:01 | 000,096,012 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/10 14:06:09 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/09/29 15:36:53 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/09/29 15:30:43 | 000,000,345 | ---- | C] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers _OTL.lnk
[2013/09/29 10:03:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\wklnhst.dat
[2013/09/29 05:19:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes Anti-Malware.lnk
[2013/09/26 16:45:29 | 000,000,503 | ---- | C] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers Trojan Remover.lnk
[2013/09/26 16:44:26 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers Unlocker.lnk
[2013/09/26 11:36:04 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/09/25 11:46:16 | 000,000,484 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2013/09/24 09:29:40 | 536,403,968 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/23 22:49:28 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Adobe Reader XI.lnk
[2013/09/23 08:44:55 | 000,229,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/21 16:27:22 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin
[2013/09/10 17:47:32 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/09/10 14:06:09 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2013/05/07 07:05:01 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2013/03/09 20:25:30 | 000,000,353 | ---- | C] () -- C:\WINDOWS\PHOTO!2.INI
[2013/03/09 20:24:00 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin040c.exe
[2013/02/04 10:19:32 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2013/02/04 10:19:32 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2013/02/04 10:19:32 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2013/02/04 08:55:13 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2013/02/04 08:28:18 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2013/02/04 08:28:17 | 000,030,605 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2013/02/04 08:28:17 | 000,027,030 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2013/02/04 08:26:07 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX6600FGD.ini
[2013/01/05 19:57:09 | 000,002,564 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2012/06/21 21:15:23 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/26 12:24:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/26 11:35:35 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012/04/26 09:43:19 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2012/04/26 09:43:19 | 000,000,122 | R--- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2012/04/26 08:27:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/04/26 08:21:44 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/04/25 20:38:47 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
========== ZeroAccess Check ==========
[2012/04/26 11:16:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:33:42 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:33:50 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
[2013/09/11 03:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
[2013/09/10 14:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Auslogics
[2013/09/23 21:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
[2012/08/18 11:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canneverbe Limited
[2013/09/10 14:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverGenius
[2013/01/29 22:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
[2012/08/31 18:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com
[2013/02/06 19:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2013/09/26 10:45:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2013/09/23 21:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
[2013/09/10 13:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla
[2013/09/23 21:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Rising
[2013/09/14 05:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpeedyPC Software
[2013/09/26 11:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2013/02/15 12:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2013/02/04 08:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UDL
[2012/04/26 16:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2011/09/05 23:51:05 | 001,560,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe\Setup\{AC76BA86-7AD7-1036-7B44-AA1000000001}\setup.exe
[2013/09/05 17:53:26 | 000,364,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe\Setup\{AC76BA86-7AD7-1036-7B44-AB0000000001}\setup.exe
[2013/09/11 03:51:22 | 000,599,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe
[2013/09/11 03:51:36 | 000,044,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe
[2012/06/24 09:06:08 | 000,526,448 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
< %APPDATA%\*. >
[2013/09/22 15:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Adobe
[2013/09/23 21:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Avira
[2013/09/29 10:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Canneverbe Limited
[2013/09/14 05:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\DriverCure
[2013/09/23 21:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\ElevatedDiagnostics
[2013/09/12 18:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Macromedia
[2013/09/15 21:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Malwarebytes
[2013/09/26 16:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Media Player Classic
[2013/09/29 10:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Microsoft
[2013/09/23 21:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Mozilla(2)
[2013/09/23 21:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\SpeedyPC Software
< %APPDATA%\*.exe /s >
< %temp%\*.exe /s >
[2013/09/19 17:19:45 | 000,676,072 | ---- | M] () -- C:\DOCUME~1\USERX~1.USE\LOCALS~1\Temp\ICReinstall_Firefox_Setup[1].exe
[10 C:\DOCUME~1\USERX~1.USE\LOCALS~1\Temp\*.tmp files -> C:\DOCUME~1\USERX~1.USE\LOCALS~1\Temp\*.tmp -> ]
[2013/09/20 10:00:13 | 017,154,952 | ---- | M] (Adobe Systems Incorporated) -- C:\DOCUME~1\USERX~1.USE\LOCALS~1\Temp\{2619002F-9D2A-4D02-A6CC-D68B2313BCBA}\InstallFlashPlayer.exe
[2013/09/19 17:20:22 | 022,404,568 | ---- | M] (Mozilla) -- C:\DOCUME~1\USERX~1.USE\LOCALS~1\Temp\is1275519350\4791445_stp.EXE
[2013/08/15 17:44:28 | 000,011,264 | ---- | M] () -- C:\DOCUME~1\USERX~1.USE\LOCALS~1\Temp\is1275519350\4791503_stp\wajam_validate.exe
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2012/04/25 20:36:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
< MD5 for: EXPLORER.EXE >
[2004/08/05 14:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: WINLOGON.EXE >
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004/08/05 14:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:34:30 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s >
"Debug" =
"Kmode" = %SystemRoot%\system32\win32k.sys -- [2013/08/08 08:09:44 | 001,877,888 | ---- | M] (Microsoft Corporation)
"Optional" = Posix [binary data]
"Posix" = %SystemRoot%\system32\psxss.exe
Re: version essai bit defender
'soir,
Pas de traces de BitDefender.
Par contre il reste quelques déchets à droite, à gauche (rien d'inquiétant) :
Relance OTL.
o sous Personnalisation, copie_colle le contenu du cadre ci dessous et clic Correction, un rapport apparraitra suite à l’operation que tu conserveras afin d’en coller le resultat:
Pas de traces de BitDefender.
Par contre il reste quelques déchets à droite, à gauche (rien d'inquiétant) :
Relance OTL.
o sous Personnalisation, copie_colle le contenu du cadre ci dessous et clic Correction, un rapport apparraitra suite à l’operation que tu conserveras afin d’en coller le resultat:
* redemarre le pc sous windows et poste le rapport ici:OTL
DRV - (WDICA) -- File not found
DRV - (W8335XP) -- system32\DRIVERS\WG311v3XP.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
IE - HKCU\..\SearchScopes\{8AC06FDA-15B8-41A8-892E-B4E37014FD9E}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=fr_FR&apn_ptnrs=^AGV&apn_dtid=^YYYYYY^YY^FR&apn_uid=ff47dd83-8d1f-4442-
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
MsConfig - StartUpReg: EPSON Stylus CX6600 Series - hkey= - key= - File not found
[2013/09/25 20:15:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/24 09:52:02 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/09/23 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\SpeedyPC Software
[2013/09/23 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\ElevatedDiagnostics
[2013/09/15 11:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2013/09/14 05:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\DriverCure
[2013/09/14 05:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpeedyPC Software
[2013/09/14 05:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\SpeedyPC
[2013/09/14 06:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Rising(2)
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2013/09/28 18:17:10 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[10 C:\DOCUME~1\USERX~1.USE\LOCALS~1\Temp\*.tmp files -> C:\DOCUME~1\USERX~1.USE\LOCALS~1\Temp\*.tmp -> ]
:commands
[purity]
[emptytemp]
[emptyflash]
Re: version essai bit defender
j'ai fait ce que tu m'as dit mais quand j'ai fait correction ; au milieu j'ai eu OTL ne répond pas. J'ai dû après x attente et toutes mes images bureau avaient disparu, éteindre en appuyant. Sur otl je vais voir si ma copie écran a fonctionné, il y avait no files found.
Voici le rapport en réponse à votre texte que j'ai eu même si impossible la correction :l
OTL logfile created on: 30/09/2013 10:39:03 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
511,49 Mb Total Physical Memory | 319,50 Mb Available Physical Memory | 62,46% Memory free
1,22 Gb Paging File | 0,61 Gb Available in Paging File | 49,64% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 132,01 Gb Free Space | 88,58% Space Free | Partition Type: NTFS
Computer Name: USERX-6905C04C6 | User Name: UserX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerHook.dll ()
MOD - C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerAssistant.exe ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
========== Services (SafeList) ==========
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)
SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (W8335XP) -- system32\DRIVERS\WG311v3XP.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft)
DRV - (UnlockerDriver5) -- C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerDriver5.sys ()
DRV - (RTL8192cu) -- C:\WINDOWS\system32\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation )
DRV - (RTL8192su) -- C:\WINDOWS\system32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (nvnforce) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)
DRV - (nv_agp) -- C:\WINDOWS\system32\drivers\nv_agp.SYS (NVIDIA Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{85040E12-D490-433B-B37B-8245D6BAF8A0}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {85040E12-D490-433B-B37B-8245D6BAF8A0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{85040E12-D490-433B-B37B-8245D6BAF8A0}: "URL" = http://www.google.com/search?q={searchT ... FA_frFR489
IE - HKCU\..\SearchScopes\{8AC06FDA-15B8-41A8-892E-B4E37014FD9E}: "URL" = http://websearch.ask.com/redirect?clien ... 74E6456474
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2013/09/23 10:08:03 | 000,449,398 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15430 more lines...
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerAssistant.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers2.touslesdrivers.com/mac ... _0_1_1.cab ("Ma-Config.com control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42414178-4026-4E21-978D-18DAF9B03834}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/25 18:08:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/09/29 15:34:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\OTL.exe
[2013/09/29 10:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Canneverbe Limited
[2013/09/29 05:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2013/09/29 05:19:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/09/29 05:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/09/26 16:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Media Player Classic
[2013/09/25 20:15:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/25 11:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\Hosts_Anti_Adwares_PUPs
[2013/09/25 06:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2013/09/25 06:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\FileOpenerPro
[2013/09/24 09:52:02 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/09/23 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\SpeedyPC Software
[2013/09/23 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\ElevatedDiagnostics
[2013/09/23 21:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013/09/23 21:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Avira
[2013/09/23 21:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Babylon
[2013/09/23 21:46:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Recent
[2013/09/22 15:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\epson
[2013/09/21 16:13:19 | 000,000,000 | ---D | C] -- C:\ZHP
[2013/09/21 16:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2013/09/19 18:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Mozilla(2)
[2013/09/19 18:47:00 | 000,281,928 | ---- | C] (Mozilla) -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\Firefox Setup Stub 24.0.exe
[2013/09/17 14:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\DAMIEN
[2013/09/17 14:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\AVOCATS
[2013/09/17 13:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\NOUVEAUX ELEMENTS
[2013/09/17 13:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\PIECES MANQUANTES
[2013/09/17 13:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\CONDENSE
[2013/09/17 13:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\MURIEL
[2013/09/17 13:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\BOSCH
[2013/09/15 21:55:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Malwarebytes
[2013/09/15 11:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2013/09/15 11:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2013/09/14 06:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Rising(2)
[2013/09/14 06:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Rising
[2013/09/14 05:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\DriverCure
[2013/09/14 05:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpeedyPC Software
[2013/09/14 05:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\SpeedyPC
[2013/09/12 18:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Macromedia
[2013/09/11 11:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Microsoft
[2013/09/11 11:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Adobe
[2013/09/11 11:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming
[2013/09/11 03:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe
[2013/09/10 20:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Thunderbird
[2013/09/10 16:59:50 | 000,000,000 | ---D | C] -- C:\76ff10d349ffd01e98adbdd7741048
[2013/09/10 14:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Auslogics
[2013/09/10 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\weDownload Manager
[2013/09/10 14:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverGenius
[2013/09/10 13:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\Téléchargements
[2013/09/10 13:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Mozilla
[2013/09/10 13:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla
[2013/09/07 15:57:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/09/30 10:07:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/30 10:06:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/30 10:05:58 | 536,403,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/29 18:00:27 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2013/09/29 15:36:53 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/09/29 15:34:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\OTL.exe
[2013/09/29 10:03:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\wklnhst.dat
[2013/09/29 05:19:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes Anti-Malware.lnk
[2013/09/26 16:45:29 | 000,000,503 | ---- | M] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers Trojan Remover.lnk
[2013/09/26 16:44:26 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers Unlocker.lnk
[2013/09/26 11:36:20 | 000,000,079 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/09/25 03:15:24 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/25 03:15:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/23 10:08:03 | 000,449,398 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130926-111656.backup
[2013/09/23 10:08:03 | 000,449,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/09/23 08:44:55 | 000,229,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/21 20:49:21 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2013/09/19 18:47:01 | 000,281,928 | ---- | M] (Mozilla) -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\Firefox Setup Stub 24.0.exe
[2013/09/15 21:02:01 | 000,447,782 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130918-131732.backup
[2013/09/15 21:02:01 | 000,447,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130923-100803.backup
[2013/09/15 13:13:01 | 000,444,790 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130915-210201.backup
[2013/09/11 03:52:28 | 000,136,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/09/11 03:52:28 | 000,088,840 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/09/10 17:47:59 | 000,000,661 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/09/10 17:26:01 | 000,614,508 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2013/09/10 17:26:01 | 000,538,852 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/10 17:26:01 | 000,114,952 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2013/09/10 17:26:01 | 000,096,012 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/10 14:06:09 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/09/29 15:36:53 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/09/29 10:03:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\wklnhst.dat
[2013/09/29 05:19:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes Anti-Malware.lnk
[2013/09/26 16:45:29 | 000,000,503 | ---- | C] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers Trojan Remover.lnk
[2013/09/26 16:44:26 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers Unlocker.lnk
[2013/09/26 11:36:04 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/09/25 11:46:16 | 000,000,484 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2013/09/24 09:29:40 | 536,403,968 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/23 22:49:28 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Adobe Reader XI.lnk
[2013/09/23 08:44:55 | 000,229,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/21 16:27:22 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin
[2013/09/10 17:47:32 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/09/10 14:06:09 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2013/05/07 07:05:01 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2013/03/09 20:25:30 | 000,000,353 | ---- | C] () -- C:\WINDOWS\PHOTO!2.INI
[2013/03/09 20:24:00 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin040c.exe
[2013/02/04 10:19:32 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2013/02/04 10:19:32 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2013/02/04 10:19:32 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2013/02/04 08:55:13 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2013/02/04 08:28:18 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2013/02/04 08:28:17 | 000,030,605 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2013/02/04 08:28:17 | 000,027,030 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2013/02/04 08:26:07 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX6600FGD.ini
[2013/01/05 19:57:09 | 000,002,564 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2012/06/21 21:15:23 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/26 12:24:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/26 11:35:35 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012/04/26 09:43:19 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2012/04/26 09:43:19 | 000,000,122 | R--- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2012/04/26 08:27:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/04/26 08:21:44 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/04/25 20:38:47 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
========== ZeroAccess Check ==========
[2012/04/26 11:16:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:33:42 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:33:50 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
< :OTL >
< DRV - (WDICA) -- File not found >
< DRV - (W8335XP) -- system32\DRIVERS\WG311v3XP.sys File not found >
< DRV - (PDRFRAME) -- File not found >
< DRV - (PDRELI) -- File not found >
< DRV - (PDFRAME) -- File not found >
< DRV - (PDCOMP) -- File not found >
< DRV - (PCIDump) -- File not found >
< DRV - (lbrtfdc) -- File not found >
< DRV - (i2omgmt) -- File not found >
< DRV - (Changer) -- File not found >
< IE - HKCU\..\SearchScopes\{8AC06FDA-15B8-41A8-892E-B4E37014FD9E}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=fr_FR&apn_ptnrs=^AGV&apn_dtid=^YYYYYY^YY^FR&apn_uid=ff47dd83-8d1f-4442- >
< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. >
< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. >
< MsConfig - StartUpReg: EPSON Stylus CX6600 Series - hkey= - key= - File not found >
< [2013/09/25 20:15:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner >
Invalid Switch: 25 20:15:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
< [2013/09/24 09:52:02 | 000,000,000 | ---D | C] -- C:\_OTM >
Invalid Switch: 24 09:52:02 | 000,000,000 | ---D | C] -- C:\_OTM
< [2013/09/23 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\SpeedyPC Software >
Invalid Switch: 23 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\SpeedyPC Software
< [2013/09/23 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\ElevatedDiagnostics >
Invalid Switch: 23 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\ElevatedDiagnostics
< [2013/09/15 11:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy >
Invalid Switch: 15 11:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
< [2013/09/14 05:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\DriverCure >
Invalid Switch: 14 05:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\DriverCure
< [2013/09/14 05:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpeedyPC Software >
Invalid Switch: 14 05:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpeedyPC Software
< [2013/09/14 05:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\SpeedyPC >
Invalid Switch: 14 05:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\SpeedyPC
< [2013/09/14 06:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Rising(2) >
Invalid Switch: 14 06:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Rising(2)
< [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >
< [2013/09/28 18:17:10 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job >
Invalid Switch: 28 18:17:10 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
< [10 C:\DOCUME~1\USERX~1.USE\LOCALS~1\Temp\*.tmp files -> C:\DOCUME~1\USERX~1.USE\LOCALS~1\Temp\*.tmp -> ] >
< :commands >
< [purity] >
< [emptytemp] >
< [emptyflash] >
< >
========== Files - Unicode (All) ==========
[2013/09/30 10:13:41 | 098,486,516 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\谷唤6
[2013/09/30 10:13:41 | 098,486,516 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\谷唤6
[2013/09/28 10:47:08 | 098,372,650 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㹈Ꚑ唤6
[2013/09/28 10:47:08 | 098,372,650 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㹈Ꚑ唤6
[2013/09/20 21:30:05 | 098,498,750 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\厈㜛唤6
[2013/09/20 21:30:05 | 098,498,750 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\厈㜛唤6
[2013/09/19 16:04:49 | 098,378,485 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㵄郮唤6
[2013/09/19 16:04:49 | 098,378,485 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㵄郮唤6
[2013/09/18 09:41:44 | 098,106,403 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ⱔ擎唤6
[2013/09/18 09:41:44 | 098,106,403 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ⱔ擎唤6
[2013/09/17 19:03:45 | 097,949,955 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㪶䙥唤6
[2013/09/17 19:03:45 | 097,949,955 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㪶䙥唤6
[2013/09/17 05:39:45 | 097,922,994 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\辤捡唤6
[2013/09/17 05:39:45 | 097,922,994 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\辤捡唤6
[2013/09/11 10:34:42 | 097,063,418 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\흴됭唤6
[2013/09/11 10:34:42 | 097,063,418 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\흴됭唤6
< End of report >
Voici le rapport en réponse à votre texte que j'ai eu même si impossible la correction :l
OTL logfile created on: 30/09/2013 10:39:03 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
511,49 Mb Total Physical Memory | 319,50 Mb Available Physical Memory | 62,46% Memory free
1,22 Gb Paging File | 0,61 Gb Available in Paging File | 49,64% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 132,01 Gb Free Space | 88,58% Space Free | Partition Type: NTFS
Computer Name: USERX-6905C04C6 | User Name: UserX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerHook.dll ()
MOD - C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerAssistant.exe ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
========== Services (SafeList) ==========
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)
SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (W8335XP) -- system32\DRIVERS\WG311v3XP.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft)
DRV - (UnlockerDriver5) -- C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerDriver5.sys ()
DRV - (RTL8192cu) -- C:\WINDOWS\system32\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation )
DRV - (RTL8192su) -- C:\WINDOWS\system32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (nvnforce) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)
DRV - (nv_agp) -- C:\WINDOWS\system32\drivers\nv_agp.SYS (NVIDIA Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{85040E12-D490-433B-B37B-8245D6BAF8A0}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {85040E12-D490-433B-B37B-8245D6BAF8A0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{85040E12-D490-433B-B37B-8245D6BAF8A0}: "URL" = http://www.google.com/search?q={searchT ... FA_frFR489
IE - HKCU\..\SearchScopes\{8AC06FDA-15B8-41A8-892E-B4E37014FD9E}: "URL" = http://websearch.ask.com/redirect?clien ... 74E6456474
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2013/09/23 10:08:03 | 000,449,398 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15430 more lines...
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Documents and Settings\Administrateur.USERX-6905C04C6.001\Bureau\Unlocker\UnlockerAssistant.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers2.touslesdrivers.com/mac ... _0_1_1.cab ("Ma-Config.com control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42414178-4026-4E21-978D-18DAF9B03834}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/25 18:08:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/09/29 15:34:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\OTL.exe
[2013/09/29 10:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Canneverbe Limited
[2013/09/29 05:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2013/09/29 05:19:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/09/29 05:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/09/26 16:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Media Player Classic
[2013/09/25 20:15:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/25 11:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\Hosts_Anti_Adwares_PUPs
[2013/09/25 06:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2013/09/25 06:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\FileOpenerPro
[2013/09/24 09:52:02 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/09/23 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\SpeedyPC Software
[2013/09/23 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\ElevatedDiagnostics
[2013/09/23 21:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013/09/23 21:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Avira
[2013/09/23 21:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Babylon
[2013/09/23 21:46:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Recent
[2013/09/22 15:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\epson
[2013/09/21 16:13:19 | 000,000,000 | ---D | C] -- C:\ZHP
[2013/09/21 16:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2013/09/19 18:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Mozilla(2)
[2013/09/19 18:47:00 | 000,281,928 | ---- | C] (Mozilla) -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\Firefox Setup Stub 24.0.exe
[2013/09/17 14:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\DAMIEN
[2013/09/17 14:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\AVOCATS
[2013/09/17 13:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\NOUVEAUX ELEMENTS
[2013/09/17 13:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\PIECES MANQUANTES
[2013/09/17 13:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\CONDENSE
[2013/09/17 13:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\MURIEL
[2013/09/17 13:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\BOSCH
[2013/09/15 21:55:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Malwarebytes
[2013/09/15 11:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2013/09/15 11:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2013/09/14 06:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Rising(2)
[2013/09/14 06:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Rising
[2013/09/14 05:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\DriverCure
[2013/09/14 05:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpeedyPC Software
[2013/09/14 05:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\SpeedyPC
[2013/09/12 18:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Macromedia
[2013/09/11 11:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Microsoft
[2013/09/11 11:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\Adobe
[2013/09/11 11:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming
[2013/09/11 03:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe
[2013/09/10 20:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Thunderbird
[2013/09/10 16:59:50 | 000,000,000 | ---D | C] -- C:\76ff10d349ffd01e98adbdd7741048
[2013/09/10 14:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Auslogics
[2013/09/10 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\weDownload Manager
[2013/09/10 14:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverGenius
[2013/09/10 13:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\Téléchargements
[2013/09/10 13:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\Mozilla
[2013/09/10 13:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla
[2013/09/07 15:57:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/09/30 10:07:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/30 10:06:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/30 10:05:58 | 536,403,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/29 18:00:27 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2013/09/29 15:36:53 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/09/29 15:34:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\OTL.exe
[2013/09/29 10:03:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\wklnhst.dat
[2013/09/29 05:19:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes Anti-Malware.lnk
[2013/09/26 16:45:29 | 000,000,503 | ---- | M] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers Trojan Remover.lnk
[2013/09/26 16:44:26 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers Unlocker.lnk
[2013/09/26 11:36:20 | 000,000,079 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/09/25 03:15:24 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/25 03:15:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/23 10:08:03 | 000,449,398 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130926-111656.backup
[2013/09/23 10:08:03 | 000,449,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/09/23 08:44:55 | 000,229,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/21 20:49:21 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2013/09/19 18:47:01 | 000,281,928 | ---- | M] (Mozilla) -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\Firefox Setup Stub 24.0.exe
[2013/09/15 21:02:01 | 000,447,782 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130918-131732.backup
[2013/09/15 21:02:01 | 000,447,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130923-100803.backup
[2013/09/15 13:13:01 | 000,444,790 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130915-210201.backup
[2013/09/11 03:52:28 | 000,136,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/09/11 03:52:28 | 000,088,840 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/09/10 17:47:59 | 000,000,661 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/09/10 17:26:01 | 000,614,508 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2013/09/10 17:26:01 | 000,538,852 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/10 17:26:01 | 000,114,952 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2013/09/10 17:26:01 | 000,096,012 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/10 14:06:09 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/09/29 15:36:53 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/09/29 10:03:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\wklnhst.dat
[2013/09/29 05:19:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes Anti-Malware.lnk
[2013/09/26 16:45:29 | 000,000,503 | ---- | C] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers Trojan Remover.lnk
[2013/09/26 16:44:26 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Bureau\Raccourci vers Unlocker.lnk
[2013/09/26 11:36:04 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/09/25 11:46:16 | 000,000,484 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2013/09/24 09:29:40 | 536,403,968 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/23 22:49:28 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Adobe Reader XI.lnk
[2013/09/23 08:44:55 | 000,229,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/21 16:27:22 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin
[2013/09/10 17:47:32 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/09/10 14:06:09 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2013/05/07 07:05:01 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2013/03/09 20:25:30 | 000,000,353 | ---- | C] () -- C:\WINDOWS\PHOTO!2.INI
[2013/03/09 20:24:00 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin040c.exe
[2013/02/04 10:19:32 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2013/02/04 10:19:32 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2013/02/04 10:19:32 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2013/02/04 08:55:13 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2013/02/04 08:28:18 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2013/02/04 08:28:17 | 000,030,605 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2013/02/04 08:28:17 | 000,027,030 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2013/02/04 08:26:07 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX6600FGD.ini
[2013/01/05 19:57:09 | 000,002,564 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2012/06/21 21:15:23 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\UserX.USERX-6905C04C6\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/26 12:24:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/26 11:35:35 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012/04/26 09:43:19 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2012/04/26 09:43:19 | 000,000,122 | R--- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2012/04/26 08:27:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/04/26 08:21:44 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/04/25 20:38:47 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
========== ZeroAccess Check ==========
[2012/04/26 11:16:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:33:42 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:33:50 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
< :OTL >
< DRV - (WDICA) -- File not found >
< DRV - (W8335XP) -- system32\DRIVERS\WG311v3XP.sys File not found >
< DRV - (PDRFRAME) -- File not found >
< DRV - (PDRELI) -- File not found >
< DRV - (PDFRAME) -- File not found >
< DRV - (PDCOMP) -- File not found >
< DRV - (PCIDump) -- File not found >
< DRV - (lbrtfdc) -- File not found >
< DRV - (i2omgmt) -- File not found >
< DRV - (Changer) -- File not found >
< IE - HKCU\..\SearchScopes\{8AC06FDA-15B8-41A8-892E-B4E37014FD9E}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=fr_FR&apn_ptnrs=^AGV&apn_dtid=^YYYYYY^YY^FR&apn_uid=ff47dd83-8d1f-4442- >
< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. >
< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. >
< MsConfig - StartUpReg: EPSON Stylus CX6600 Series - hkey= - key= - File not found >
< [2013/09/25 20:15:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner >
Invalid Switch: 25 20:15:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
< [2013/09/24 09:52:02 | 000,000,000 | ---D | C] -- C:\_OTM >
Invalid Switch: 24 09:52:02 | 000,000,000 | ---D | C] -- C:\_OTM
< [2013/09/23 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\SpeedyPC Software >
Invalid Switch: 23 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\SpeedyPC Software
< [2013/09/23 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\ElevatedDiagnostics >
Invalid Switch: 23 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\ElevatedDiagnostics
< [2013/09/15 11:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy >
Invalid Switch: 15 11:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
< [2013/09/14 05:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\DriverCure >
Invalid Switch: 14 05:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Application roaming\DriverCure
< [2013/09/14 05:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpeedyPC Software >
Invalid Switch: 14 05:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpeedyPC Software
< [2013/09/14 05:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\SpeedyPC >
Invalid Switch: 14 05:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserX.USERX-6905C04C6\Mes documents\SpeedyPC
< [2013/09/14 06:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Rising(2) >
Invalid Switch: 14 06:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Rising(2)
< [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >
< [2013/09/28 18:17:10 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job >
Invalid Switch: 28 18:17:10 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
< [10 C:\DOCUME~1\USERX~1.USE\LOCALS~1\Temp\*.tmp files -> C:\DOCUME~1\USERX~1.USE\LOCALS~1\Temp\*.tmp -> ] >
< :commands >
< [purity] >
< [emptytemp] >
< [emptyflash] >
< >
========== Files - Unicode (All) ==========
[2013/09/30 10:13:41 | 098,486,516 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\谷唤6
[2013/09/30 10:13:41 | 098,486,516 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\谷唤6
[2013/09/28 10:47:08 | 098,372,650 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㹈Ꚑ唤6
[2013/09/28 10:47:08 | 098,372,650 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㹈Ꚑ唤6
[2013/09/20 21:30:05 | 098,498,750 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\厈㜛唤6
[2013/09/20 21:30:05 | 098,498,750 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\厈㜛唤6
[2013/09/19 16:04:49 | 098,378,485 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㵄郮唤6
[2013/09/19 16:04:49 | 098,378,485 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㵄郮唤6
[2013/09/18 09:41:44 | 098,106,403 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ⱔ擎唤6
[2013/09/18 09:41:44 | 098,106,403 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ⱔ擎唤6
[2013/09/17 19:03:45 | 097,949,955 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㪶䙥唤6
[2013/09/17 19:03:45 | 097,949,955 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㪶䙥唤6
[2013/09/17 05:39:45 | 097,922,994 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\辤捡唤6
[2013/09/17 05:39:45 | 097,922,994 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\辤捡唤6
[2013/09/11 10:34:42 | 097,063,418 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\흴됭唤6
[2013/09/11 10:34:42 | 097,063,418 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\흴됭唤6
< End of report >
Re: version essai bit defender
j'ai encore été coupé par I E à la fin de mon précédent message. Quand à malwarebeyte alors que je l'ai installé à nouveau sur le site officiel malwarebytes. org .. products .. m'indique encore qu'il s'arrête fin d'essai re désinstall install . J'ai perdu x jours sans pouvoir assainir mon appareil Croyez vous que je puisse avoir un suivi à telle ou telle heure pour enfin m'en sortir et faire ce que des experts comme vous peuvent me conseiller ? J'ai enlever le partage de mes trois PC à cause du port que cela ouvre dans firewall. Je n'ai pas de protection web, n'existe pas en free mais serait prêt à prendre et faire tout ce qu'il faut pour être sécurisé, savoir si j'ai un espion rentré. Bref je suis noyée depuis trop de jours. Help ..
Re: version essai bit defender
Bonjour,
Pour OTL tu as fais une analyse et non pas une correction comme indiqué.
Pour OTL tu as fais une analyse et non pas une correction comme indiqué.
C'est pas vital une "protection web" :don quichotte a écrit :j'ai encore été coupé par I E à la fin de mon précédent message. Quand à malwarebeyte alors que je l'ai installé à nouveau sur le site officiel malwarebytes. org .. products .. m'indique encore qu'il s'arrête fin d'essai re désinstall install . J'ai perdu x jours sans pouvoir assainir mon appareil Croyez vous que je puisse avoir un suivi à telle ou telle heure pour enfin m'en sortir et faire ce que des experts comme vous peuvent me conseiller ? J'ai enlever le partage de mes trois PC à cause du port que cela ouvre dans firewall. Je n'ai pas de protection web, n'existe pas en free mais serait prêt à prendre et faire tout ce qu'il faut pour être sécurisé, savoir si j'ai un espion rentré. Bref je suis noyée depuis trop de jours. Help ..
Re: version essai bit defender
juste avant de copier coller le rapport OTL ,j'ai expliqué au dessus (11h33) que quand j'ai appuyer sur correction au milieu j'ai eu indiqué dans la barre du haut OTL vers ion 9... ne répond pas.
Je viens de refaire une désinfection avec malware réinstallé, je réinstalle OTL et je retente une correction et vous tiens au courant.
j'ai bien lu tout ce qui était marquée dans ce texte sur la sécurité. Ainsi j'ai créé des comptes différents mais n'ayant pas une protection web et m'étant aperçu que le partage de fichiers entre 3 pc ouvrait le port (445 je crois de mémoire) j'ai décoché la page partage de fichiers ; du coup je dois installer chaque logiciel unlock malware .. sur chaque PC mais peut-être y a t'il mieux à faire ? Là je vais réinstaller comme j'ai dit OTL et vous rappelle merci (je crois que ce speedy .. n'est pas éradiqué car je l'ai vu appraraitre si vite que je n'ai pu lire dans la barre défilante au bas de ce texte. Quand je télécharge je ne passe plus que par vous quand non sure de l'éditeur. Merci de votre attention
Je viens de refaire une désinfection avec malware réinstallé, je réinstalle OTL et je retente une correction et vous tiens au courant.
j'ai bien lu tout ce qui était marquée dans ce texte sur la sécurité. Ainsi j'ai créé des comptes différents mais n'ayant pas une protection web et m'étant aperçu que le partage de fichiers entre 3 pc ouvrait le port (445 je crois de mémoire) j'ai décoché la page partage de fichiers ; du coup je dois installer chaque logiciel unlock malware .. sur chaque PC mais peut-être y a t'il mieux à faire ? Là je vais réinstaller comme j'ai dit OTL et vous rappelle merci (je crois que ce speedy .. n'est pas éradiqué car je l'ai vu appraraitre si vite que je n'ai pu lire dans la barre défilante au bas de ce texte. Quand je télécharge je ne passe plus que par vous quand non sure de l'éditeur. Merci de votre attention
Re: version essai bit defender
Sinon pour OTL, tu peux tenter en mode sans échec si ce n'est pas mieux : https://www.malekal.com/2010/11/15/mode-sans-echec/
Laisse le partage de fichiers, ça devient rare les infections que utilisent ce mode de propogation ;)don quichotte a écrit :Ainsi j'ai créé des comptes différents mais n'ayant pas une protection web et m'étant aperçu que le partage de fichiers entre 3 pc ouvrait le port (445 je crois de mémoire) j'ai décoché la page partage de fichiers ; du coup je dois installer chaque logiciel unlock malware .. sur chaque PC mais peut-être y a t'il mieux à faire ?
-
- Sujets similaires
- Réponses
- Vues
- Dernier message
-
-
Ordi. allumé pas de signal, mais fonctionne au 2ème essai
par guigoux65 » » dans Windows : Résoudre les problèmes - 1 Réponses
- 17 Vues
-
Dernier message par Parisien_entraide
-
-
- 2 Réponses
- 113 Vues
-
Dernier message par Donatien59
-
- 12 Réponses
- 208 Vues
-
Dernier message par bigbernie
-
-
Historique de protection windows defender vide
par yoyo3358 » » dans Windows : Résoudre les problèmes - 11 Réponses
- 179 Vues
-
Dernier message par Parisien_entraide
-
-
- 7 Réponses
- 76 Vues
-
Dernier message par Parisien_entraide