Supprimer Live Security Platinum
Résolu/Fermé
naya46
Messages postés
36
Date d'inscription
lundi 2 mai 2011
Statut
Membre
Dernière intervention
9 novembre 2012
-
15 août 2012 à 13:49
laradine - 2 déc. 2012 à 18:16
laradine - 2 déc. 2012 à 18:16
A voir également:
- Supprimer Live Security Platinum
- Supprimer une page word - Guide
- Supprimer compte instagram - Guide
- Windows live mail - Télécharger - Mail
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Supprimer edge - Guide
14 réponses
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 628
15 août 2012 à 13:49
15 août 2012 à 13:49
Salut,
[*] Télécharger sur le bureau https://www.luanagames.com/index.fr.html (by tigzy)
[*] Quitter tous les programmes
[*] Lancer RogueKiller.exe.
[*] Attendre que le Prescan ait fini ...
[*] Lance un scan afin de débloquer le bouton Suppression à droite.
[*] Clic sur Suppression.
Poste le rapport ici.
!!! Je répète bien faire Suppression à droite et poster le rapport. !!!
[*] Télécharger sur le bureau https://www.luanagames.com/index.fr.html (by tigzy)
[*] Quitter tous les programmes
[*] Lancer RogueKiller.exe.
[*] Attendre que le Prescan ait fini ...
[*] Lance un scan afin de débloquer le bouton Suppression à droite.
[*] Clic sur Suppression.
Poste le rapport ici.
!!! Je répète bien faire Suppression à droite et poster le rapport. !!!
naya46
Messages postés
36
Date d'inscription
lundi 2 mai 2011
Statut
Membre
Dernière intervention
9 novembre 2012
15 août 2012 à 13:57
15 août 2012 à 13:57
RogueKiller V7.6.6 [10/08/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur: Nadia [Droits d'admin]
Mode: Suppression -- Date: 15/08/2012 13:56:11
¤¤¤ Processus malicieux: 2 ¤¤¤
[SUSP PATH] 7531CC7700513EE5C5E7CE29F875F002.exe -- C:\ProgramData\7531CC7700513EE5C5E7CE29F875F002\7531CC7700513EE5C5E7CE29F875F002.exe -> KILLED [TermProc]
[SUSP PATH] 7531CC7700513EE5C5E7CE29F875F002.exe -- C:\ProgramData\7531CC7700513EE5C5E7CE29F875F002\7531CC7700513EE5C5E7CE29F875F002.exe -> KILLED [TermProc]
¤¤¤ Entrees de registre: 12 ¤¤¤
[SUSP PATH] HKCU\[...]\RunOnce : 7531CC7700513EE5C5E7CE29F875F002 (C:\ProgramData\7531CC7700513EE5C5E7CE29F875F002\7531CC7700513EE5C5E7CE29F875F002.exe) -> DELETED
[SUSP PATH] HKCU\[...]\RunOnce : 7531CC7700513EE5C5E7CE29E56C34C7 (C:\ProgramData\7531CC7700513EE5C5E7CE29E56C34C7\7531CC7700513EE5C5E7CE29E56C34C7.exe) -> DELETED
[SUSP PATH] {008CFEE5-5D9D-4A41-8B0E-58E2D8A61F1A}.job @ : C:\Users\Nadia\Desktop\WEIGHT_WATCHER_FLEXIPOINTS\WEIGHT_WATCHER_FLEXIPOINTS\SETUP.EXE -> DELETED
[SUSP PATH] {0410BA5D-7A03-4F87-8065-49235BF384B2}.job @ : C:\Users\Nadia\Desktop\WEIGHT_WATCHER_FLEXIPOINTS\WEIGHT_WATCHER_FLEXIPOINTS\SETUP.EXE -> DELETED
[SUSP PATH] {77A44F67-7FE8-4E4C-AE91-5A357F85F84F}.job @ : C:\Users\Nadia\Desktop\WEIGHT_WATCHER_FLEXIPOINTS\WEIGHT_WATCHER_FLEXIPOINTS\SETUP.EXE -> DELETED
[SUSP PATH] {C4F1D6E5-C0A2-4882-A0A6-B189A41F4003}.job @ : C:\Users\Nadia\Desktop\WEIGHT_WATCHER_FLEXIPOINTS\WEIGHT_WATCHER_FLEXIPOINTS\SETUP.EXE -> DELETED
[SUSP PATH] {CC1F5EF9-8A0E-4C16-9B3C-BD0EF8AF46A3}.job @ : C:\Users\Nadia\Desktop\WEIGHT_WATCHER_FLEXIPOINTS\WEIGHT_WATCHER_FLEXIPOINTS\SETUP.EXE -> DELETED
[SUSP PATH] {F32AFA5A-1F23-4FE2-8809-6814C4CB135A}.job @ : C:\Users\Nadia\Desktop\WEIGHT_WATCHER_FLEXIPOINTS\WEIGHT_WATCHER_FLEXIPOINTS\SETUP.EXE -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver: [NON CHARGE] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost
::1 localhost
74.208.10.249 gs.apple.com
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] fa5f59a75937ef41ad24b43e78fb4d50
[BSP] 3e4edcf07c59ba1c7f0500b55b806966 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10861 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 22245376 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22450176 | Size: 465977 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur: Nadia [Droits d'admin]
Mode: Suppression -- Date: 15/08/2012 13:56:11
¤¤¤ Processus malicieux: 2 ¤¤¤
[SUSP PATH] 7531CC7700513EE5C5E7CE29F875F002.exe -- C:\ProgramData\7531CC7700513EE5C5E7CE29F875F002\7531CC7700513EE5C5E7CE29F875F002.exe -> KILLED [TermProc]
[SUSP PATH] 7531CC7700513EE5C5E7CE29F875F002.exe -- C:\ProgramData\7531CC7700513EE5C5E7CE29F875F002\7531CC7700513EE5C5E7CE29F875F002.exe -> KILLED [TermProc]
¤¤¤ Entrees de registre: 12 ¤¤¤
[SUSP PATH] HKCU\[...]\RunOnce : 7531CC7700513EE5C5E7CE29F875F002 (C:\ProgramData\7531CC7700513EE5C5E7CE29F875F002\7531CC7700513EE5C5E7CE29F875F002.exe) -> DELETED
[SUSP PATH] HKCU\[...]\RunOnce : 7531CC7700513EE5C5E7CE29E56C34C7 (C:\ProgramData\7531CC7700513EE5C5E7CE29E56C34C7\7531CC7700513EE5C5E7CE29E56C34C7.exe) -> DELETED
[SUSP PATH] {008CFEE5-5D9D-4A41-8B0E-58E2D8A61F1A}.job @ : C:\Users\Nadia\Desktop\WEIGHT_WATCHER_FLEXIPOINTS\WEIGHT_WATCHER_FLEXIPOINTS\SETUP.EXE -> DELETED
[SUSP PATH] {0410BA5D-7A03-4F87-8065-49235BF384B2}.job @ : C:\Users\Nadia\Desktop\WEIGHT_WATCHER_FLEXIPOINTS\WEIGHT_WATCHER_FLEXIPOINTS\SETUP.EXE -> DELETED
[SUSP PATH] {77A44F67-7FE8-4E4C-AE91-5A357F85F84F}.job @ : C:\Users\Nadia\Desktop\WEIGHT_WATCHER_FLEXIPOINTS\WEIGHT_WATCHER_FLEXIPOINTS\SETUP.EXE -> DELETED
[SUSP PATH] {C4F1D6E5-C0A2-4882-A0A6-B189A41F4003}.job @ : C:\Users\Nadia\Desktop\WEIGHT_WATCHER_FLEXIPOINTS\WEIGHT_WATCHER_FLEXIPOINTS\SETUP.EXE -> DELETED
[SUSP PATH] {CC1F5EF9-8A0E-4C16-9B3C-BD0EF8AF46A3}.job @ : C:\Users\Nadia\Desktop\WEIGHT_WATCHER_FLEXIPOINTS\WEIGHT_WATCHER_FLEXIPOINTS\SETUP.EXE -> DELETED
[SUSP PATH] {F32AFA5A-1F23-4FE2-8809-6814C4CB135A}.job @ : C:\Users\Nadia\Desktop\WEIGHT_WATCHER_FLEXIPOINTS\WEIGHT_WATCHER_FLEXIPOINTS\SETUP.EXE -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver: [NON CHARGE] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost
::1 localhost
74.208.10.249 gs.apple.com
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] fa5f59a75937ef41ad24b43e78fb4d50
[BSP] 3e4edcf07c59ba1c7f0500b55b806966 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10861 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 22245376 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22450176 | Size: 465977 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 628
15 août 2012 à 14:00
15 août 2012 à 14:00
Faire un scan OTL pour diagnostiquer les programmes qui tournent et déceler des infections :
Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/
* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).
* Lance OTL
* En haut à droite de Analyse rapide, coche "tous les utilisateurs"
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
CREATERESTOREPOINT
nslookup www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
* Clique sur le bouton Analyse.
NE PAS COPIER/COLLER LE RAPPORT ICI - LIRE JUSQU'AU BOUT
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent), donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.
Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/
* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).
* Lance OTL
* En haut à droite de Analyse rapide, coche "tous les utilisateurs"
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
CREATERESTOREPOINT
nslookup www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
* Clique sur le bouton Analyse.
NE PAS COPIER/COLLER LE RAPPORT ICI - LIRE JUSQU'AU BOUT
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent), donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.
naya46
Messages postés
36
Date d'inscription
lundi 2 mai 2011
Statut
Membre
Dernière intervention
9 novembre 2012
15 août 2012 à 14:24
15 août 2012 à 14:24
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 628
15 août 2012 à 14:38
15 août 2012 à 14:38
Relance OTL.
o sous Personnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:
:OTL
[2011/09/25 00:27:43 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org
[2012/06/17 00:36:07 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\ffxtlbr@babylon.com
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
[2012/08/15 13:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CC7700513EE5C5E7CE29E56C34C7
[2012/08/15 12:39:25 | 000,000,000 | ---D | C] -- C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012/08/15 12:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CC7700513EE5C5E7CE29F875F002
[2012/06/17 00:32:00 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\Babylon
[2012/06/17 00:32:35 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\BabylonToolbar
[2012/07/06 01:53:02 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\cacaoweb
* redemarre le pc sous windows et poste le rapport ici
o sous Personnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:
:OTL
[2011/09/25 00:27:43 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org
[2012/06/17 00:36:07 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\ffxtlbr@babylon.com
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
[2012/08/15 13:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CC7700513EE5C5E7CE29E56C34C7
[2012/08/15 12:39:25 | 000,000,000 | ---D | C] -- C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012/08/15 12:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CC7700513EE5C5E7CE29F875F002
[2012/06/17 00:32:00 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\Babylon
[2012/06/17 00:32:35 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\BabylonToolbar
[2012/07/06 01:53:02 | 000,000,000 | ---D | M] -- C:\Users\Nadia\AppData\Roaming\cacaoweb
* redemarre le pc sous windows et poste le rapport ici
naya46
Messages postés
36
Date d'inscription
lundi 2 mai 2011
Statut
Membre
Dernière intervention
9 novembre 2012
15 août 2012 à 14:44
15 août 2012 à 14:44
========== OTL ==========
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\defaults\preferences folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\defaults folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\chrome\skin folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\fr-FR folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\es-ES folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\en-US folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\de-DE folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\chrome\locale folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\chrome\content folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\chrome folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\ffxtlbr@babylon.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Folder C:\ProgramData\7531CC7700513EE5C5E7CE29E56C34C7\ not found.
C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum folder moved successfully.
Folder C:\ProgramData\7531CC7700513EE5C5E7CE29F875F002\ not found.
C:\Users\Nadia\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Nadia\AppData\Roaming\BabylonToolbar\Shared folder moved successfully.
C:\Users\Nadia\AppData\Roaming\BabylonToolbar\IE folder moved successfully.
C:\Users\Nadia\AppData\Roaming\BabylonToolbar\FF folder moved successfully.
C:\Users\Nadia\AppData\Roaming\BabylonToolbar\CR folder moved successfully.
C:\Users\Nadia\AppData\Roaming\BabylonToolbar folder moved successfully.
C:\Users\Nadia\AppData\Roaming\cacaoweb folder moved successfully.
OTL by OldTimer - Version 3.2.57.0 log created on 08152012_144340
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\defaults\preferences folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\defaults folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\chrome\skin folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\fr-FR folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\es-ES folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\en-US folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\de-DE folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\chrome\locale folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\chrome\content folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org\chrome folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\cacaoweb@cacaoweb.org folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Nadia\AppData\Roaming\mozilla\Firefox\Profiles\5c323j8s.default\extensions\ffxtlbr@babylon.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Folder C:\ProgramData\7531CC7700513EE5C5E7CE29E56C34C7\ not found.
C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum folder moved successfully.
Folder C:\ProgramData\7531CC7700513EE5C5E7CE29F875F002\ not found.
C:\Users\Nadia\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Nadia\AppData\Roaming\BabylonToolbar\Shared folder moved successfully.
C:\Users\Nadia\AppData\Roaming\BabylonToolbar\IE folder moved successfully.
C:\Users\Nadia\AppData\Roaming\BabylonToolbar\FF folder moved successfully.
C:\Users\Nadia\AppData\Roaming\BabylonToolbar\CR folder moved successfully.
C:\Users\Nadia\AppData\Roaming\BabylonToolbar folder moved successfully.
C:\Users\Nadia\AppData\Roaming\cacaoweb folder moved successfully.
OTL by OldTimer - Version 3.2.57.0 log created on 08152012_144340
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 628
15 août 2012 à 14:47
15 août 2012 à 14:47
Tu avais été install Babylon :
Attention à ce que tu installes :
Des logiciels additionnels sont proposés (barre d'outils, adwares) via l'installation de logiciel gratuit en général ou via certains sites de téléchargement comme Softonic ou 01Net.
L'éditeur touche de l'argent à chaque installation réussie de ces programmes additionnels (un genre de sponsoring), ton PC se retrouve avec des barres d'outils qui ralentissent le navigateur ou des adwares qui ouvrent des popups de publicités.
Les barres d'outils sont là pour t'affilier à un service (moteur de recherche de Yahoo! ou Google), ça rajoute des fonctionnalités mais en général les navigateurs les ont par défaut.
De plus, elles enregistrent les sites que tu visites pour les transmettre (tracking) à faire de la publicité ciblée, c'est pas super niveau protection de la vie privée.
Plusieurs toolbars ralentissent le PC et peuvent faire planter les navigateurs WEB.
Au final, il est pas conseillé d'en utiliser.
Enfin l'accumulation de ces programmes ralentissent l'ordinateur/navigateur WEB.
Ces programmes additionnels sont proposées à l'installation de programmes et très souvent ces ajouts sont précochés. C'est notamment le cas sur 01net et Softonic qu'ils est conseillé d'éviter comme sites de téléchargement.
Dès lors, lorsque tu installes un programme, lis bien ce qui est proposé car tu risques d'installer des barres d'outils sans le savoir.
Lire Les PUPs/LPIs : https://www.malekal.com/adwares-pup-protection/
[img]https://www.malekal.com/_site/design/banniere_hosts_antipups.png[/img]
Tu peux installer ce programme pour filtrer ces PUPs/Adwares les plus fréquents avec HOSTS Anti-PUPs/Adwares : http://www.malekal.com/2012/01/10/hosts-anti-pupsadware/
~~
Pour Security Platinium :
Important - ton infection est venue par un exploit sur site web :
Un exploit sur site WEB permet l'infection de ton ordinateur de manière automatiquement à la visite d'un site WEB qui a été hacké, il tire partie du fait que tu as des logiciels (Java, Adobe Reader etc) qui sont pas à jour et possèdent des vulnérabilités qui permettent l'execution de code (malicieux dans notre cas) à ton insu.
Le fait de ne pas avoir des logiciels à jour et qui ont potentiellement des vulnérabilités permettent donc d'infecter ton système.
Exemple avec : Exploit Java
Il faut donc impérativement maintenir tes logiciels à jour afin de ne pas voir ces portes d'entrée sur ton système.
Tant que ces logiciels ne seront pas à jour, ton PC est vulnérable et les infections peuvent s'installer facilement.
IMPORTANT : mettre à jour tes programmes notamment Java/Adobe Reader et Flash :
/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite
https://forum.malekal.com/viewtopic.php?t=15960&start=
Passe le mot à tes amis !
~~
Filtrer les PUPs/Adwares les plus fréquents avec HOSTS Anti-PUPs/Adwares : http://www.malekal.com/2012/01/10/hosts-anti-pupsadware/
~~
Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html
Attention à ce que tu installes :
Des logiciels additionnels sont proposés (barre d'outils, adwares) via l'installation de logiciel gratuit en général ou via certains sites de téléchargement comme Softonic ou 01Net.
L'éditeur touche de l'argent à chaque installation réussie de ces programmes additionnels (un genre de sponsoring), ton PC se retrouve avec des barres d'outils qui ralentissent le navigateur ou des adwares qui ouvrent des popups de publicités.
Les barres d'outils sont là pour t'affilier à un service (moteur de recherche de Yahoo! ou Google), ça rajoute des fonctionnalités mais en général les navigateurs les ont par défaut.
De plus, elles enregistrent les sites que tu visites pour les transmettre (tracking) à faire de la publicité ciblée, c'est pas super niveau protection de la vie privée.
Plusieurs toolbars ralentissent le PC et peuvent faire planter les navigateurs WEB.
Au final, il est pas conseillé d'en utiliser.
Enfin l'accumulation de ces programmes ralentissent l'ordinateur/navigateur WEB.
Ces programmes additionnels sont proposées à l'installation de programmes et très souvent ces ajouts sont précochés. C'est notamment le cas sur 01net et Softonic qu'ils est conseillé d'éviter comme sites de téléchargement.
Dès lors, lorsque tu installes un programme, lis bien ce qui est proposé car tu risques d'installer des barres d'outils sans le savoir.
Lire Les PUPs/LPIs : https://www.malekal.com/adwares-pup-protection/
[img]https://www.malekal.com/_site/design/banniere_hosts_antipups.png[/img]
Tu peux installer ce programme pour filtrer ces PUPs/Adwares les plus fréquents avec HOSTS Anti-PUPs/Adwares : http://www.malekal.com/2012/01/10/hosts-anti-pupsadware/
~~
Pour Security Platinium :
Important - ton infection est venue par un exploit sur site web :
Un exploit sur site WEB permet l'infection de ton ordinateur de manière automatiquement à la visite d'un site WEB qui a été hacké, il tire partie du fait que tu as des logiciels (Java, Adobe Reader etc) qui sont pas à jour et possèdent des vulnérabilités qui permettent l'execution de code (malicieux dans notre cas) à ton insu.
Le fait de ne pas avoir des logiciels à jour et qui ont potentiellement des vulnérabilités permettent donc d'infecter ton système.
Exemple avec : Exploit Java
Il faut donc impérativement maintenir tes logiciels à jour afin de ne pas voir ces portes d'entrée sur ton système.
Tant que ces logiciels ne seront pas à jour, ton PC est vulnérable et les infections peuvent s'installer facilement.
IMPORTANT : mettre à jour tes programmes notamment Java/Adobe Reader et Flash :
/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite
https://forum.malekal.com/viewtopic.php?t=15960&start=
Passe le mot à tes amis !
~~
Filtrer les PUPs/Adwares les plus fréquents avec HOSTS Anti-PUPs/Adwares : http://www.malekal.com/2012/01/10/hosts-anti-pupsadware/
~~
Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html
naya46
Messages postés
36
Date d'inscription
lundi 2 mai 2011
Statut
Membre
Dernière intervention
9 novembre 2012
15 août 2012 à 15:34
15 août 2012 à 15:34
J'ai mis a jour adobe et java et j'ai installé les programmes recommandés mais live security ne se désinstalle toujours pas et babylon se désinstalle mais pas completement j'ai l'impression...
naya46
Messages postés
36
Date d'inscription
lundi 2 mai 2011
Statut
Membre
Dernière intervention
9 novembre 2012
15 août 2012 à 15:56
15 août 2012 à 15:56
Bon live security s'est finalement desinstallé...
Merci pour ton aide!
Merci pour ton aide!
Voici ce que ma donné le rapport avec scan et suppression ..
RogueKiller V7.6.6 [10/08/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version
Demarrage : Mode sans echec avec prise en charge reseau
Utilisateur: Kévin [Droits d'admin]
Mode: Suppression -- Date: 16/08/2012 17:38:59
¤¤¤ Processus malicieux: 0 ¤¤¤
¤¤¤ Entrees de registre: 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FOLDER] @ : c:\windows\installer\{5a284531-1628-07c1-b6a3-806f9556af53}\@ --> RAR ERROR
[ZeroAccess][FOLDER] U : c:\windows\installer\{5a284531-1628-07c1-b6a3-806f9556af53}\U --> RAR ERROR
[ZeroAccess][FOLDER] L : c:\windows\installer\{5a284531-1628-07c1-b6a3-806f9556af53}\L --> RAR ERROR
[ZeroAccess][FOLDER] @ : c:\users\kévin\appdata\local\{5a284531-1628-07c1-b6a3-806f9556af53}\@ --> RAR ERROR
[ZeroAccess][FOLDER] U : c:\users\kévin\appdata\local\{5a284531-1628-07c1-b6a3-806f9556af53}\U --> RAR ERROR
[ZeroAccess][FOLDER] L : c:\users\kévin\appdata\local\{5a284531-1628-07c1-b6a3-806f9556af53}\L --> RAR ERROR
¤¤¤ Driver: [NON CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5055GSX ATA Device +++++
--- User ---
[MBR] 8365f9def1364d40d78474cda83d7a5a
[BSP] 621d41107a77de06c4467580c7473502 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25173855 | Size: 101 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25382700 | Size: 464545 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
RogueKiller V7.6.6 [10/08/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version
Demarrage : Mode sans echec avec prise en charge reseau
Utilisateur: Kévin [Droits d'admin]
Mode: Suppression -- Date: 16/08/2012 17:38:59
¤¤¤ Processus malicieux: 0 ¤¤¤
¤¤¤ Entrees de registre: 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FOLDER] @ : c:\windows\installer\{5a284531-1628-07c1-b6a3-806f9556af53}\@ --> RAR ERROR
[ZeroAccess][FOLDER] U : c:\windows\installer\{5a284531-1628-07c1-b6a3-806f9556af53}\U --> RAR ERROR
[ZeroAccess][FOLDER] L : c:\windows\installer\{5a284531-1628-07c1-b6a3-806f9556af53}\L --> RAR ERROR
[ZeroAccess][FOLDER] @ : c:\users\kévin\appdata\local\{5a284531-1628-07c1-b6a3-806f9556af53}\@ --> RAR ERROR
[ZeroAccess][FOLDER] U : c:\users\kévin\appdata\local\{5a284531-1628-07c1-b6a3-806f9556af53}\U --> RAR ERROR
[ZeroAccess][FOLDER] L : c:\users\kévin\appdata\local\{5a284531-1628-07c1-b6a3-806f9556af53}\L --> RAR ERROR
¤¤¤ Driver: [NON CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5055GSX ATA Device +++++
--- User ---
[MBR] 8365f9def1364d40d78474cda83d7a5a
[BSP] 621d41107a77de06c4467580c7473502 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25173855 | Size: 101 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25382700 | Size: 464545 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
RogueKiller V7.6.6 [10/08/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur: Ma Poule [Droits d'admin]
Mode: Recherche -- Date: 18/08/2012 10:05:43
¤¤¤ Processus malicieux: 0 ¤¤¤
¤¤¤ Entrees de registre: 19 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : cmdkabel (rundll32 "C:\Users\MAPOUL~1\AppData\Local\Temp\dpapiles.dll",CreateProcessNotify) -> FOUND
[SUSP PATH] HKCU\[...]\Run : ctfmutil (rundll32 "C:\Users\MAPOUL~1\AppData\Local\Temp\dpapiles64.dll",CreateProcessNotify) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : etuml (rundll32.exe "C:\Users\Ma Poule\AppData\Roaming\etuml.dll",GetHtmlCharset) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : msotr ("C:\Windows\System32\rundll32.exe" "C:\Users\Ma Poule\AppData\Roaming\msotr.dll",GetMax) -> FOUND
[BLACKLIST DLL] HKLM\[...]\Run : msotr ("C:\Windows\System32\rundll32.exe" "C:\Users\Ma Poule\AppData\Roaming\msotr.dll",GetMax) -> FOUND
[BLACKLIST DLL] HKLM\[...]\Run : etuml (rundll32.exe "C:\Users\Ma Poule\AppData\Roaming\etuml.dll",GetHtmlCharset) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-4134781759-2763846084-1273214818-1000[...]\Run : cmdkabel (rundll32 "C:\Users\MAPOUL~1\AppData\Local\Temp\dpapiles.dll",CreateProcessNotify) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-4134781759-2763846084-1273214818-1000[...]\Run : ctfmutil (rundll32 "C:\Users\MAPOUL~1\AppData\Local\Temp\dpapiles64.dll",CreateProcessNotify) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-4134781759-2763846084-1273214818-1000[...]\Run : etuml (rundll32.exe "C:\Users\Ma Poule\AppData\Roaming\etuml.dll",GetHtmlCharset) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-4134781759-2763846084-1273214818-1000[...]\Run : msotr ("C:\Windows\System32\rundll32.exe" "C:\Users\Ma Poule\AppData\Roaming\msotr.dll",GetMax) -> FOUND
[SUSP PATH] HKCU\[...]\RunOnce : 0C1D14A0E2902A0B026528CEF875F002 (C:\ProgramData\0C1D14A0E2902A0B026528CEF875F002\0C1D14A0E2902A0B026528CEF875F002.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-4134781759-2763846084-1273214818-1000[...]\RunOnce : 0C1D14A0E2902A0B026528CEF875F002 (C:\ProgramData\0C1D14A0E2902A0B026528CEF875F002\0C1D14A0E2902A0B026528CEF875F002.exe) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Ma Poule\AppData\Local\{f7e0f373-56e1-138d-4d5c-b2a5f5233850}\n.) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] n : c:\windows\installer\{f7e0f373-56e1-138d-4d5c-b2a5f5233850}\n --> FOUND
[ZeroAccess][FILE] @ : c:\windows\installer\{f7e0f373-56e1-138d-4d5c-b2a5f5233850}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{f7e0f373-56e1-138d-4d5c-b2a5f5233850}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{f7e0f373-56e1-138d-4d5c-b2a5f5233850}\L --> FOUND
[ZeroAccess][FILE] n : c:\users\ma poule\appdata\local\{f7e0f373-56e1-138d-4d5c-b2a5f5233850}\n --> FOUND
[ZeroAccess][FILE] @ : c:\users\ma poule\appdata\local\{f7e0f373-56e1-138d-4d5c-b2a5f5233850}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\ma poule\appdata\local\{f7e0f373-56e1-138d-4d5c-b2a5f5233850}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\ma poule\appdata\local\{f7e0f373-56e1-138d-4d5c-b2a5f5233850}\L --> FOUND
[Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND
¤¤¤ Driver: [NON CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT725025VLA SCSI Disk Device +++++
--- User ---
[MBR] 381b6d5f9dd25f648f70b06a83b54c13
[BSP] d22bf6395ddb5607a6335207f71520aa : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[1].txt >>
RKreport[1].txt
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur: Ma Poule [Droits d'admin]
Mode: Recherche -- Date: 18/08/2012 10:05:43
¤¤¤ Processus malicieux: 0 ¤¤¤
¤¤¤ Entrees de registre: 19 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : cmdkabel (rundll32 "C:\Users\MAPOUL~1\AppData\Local\Temp\dpapiles.dll",CreateProcessNotify) -> FOUND
[SUSP PATH] HKCU\[...]\Run : ctfmutil (rundll32 "C:\Users\MAPOUL~1\AppData\Local\Temp\dpapiles64.dll",CreateProcessNotify) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : etuml (rundll32.exe "C:\Users\Ma Poule\AppData\Roaming\etuml.dll",GetHtmlCharset) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : msotr ("C:\Windows\System32\rundll32.exe" "C:\Users\Ma Poule\AppData\Roaming\msotr.dll",GetMax) -> FOUND
[BLACKLIST DLL] HKLM\[...]\Run : msotr ("C:\Windows\System32\rundll32.exe" "C:\Users\Ma Poule\AppData\Roaming\msotr.dll",GetMax) -> FOUND
[BLACKLIST DLL] HKLM\[...]\Run : etuml (rundll32.exe "C:\Users\Ma Poule\AppData\Roaming\etuml.dll",GetHtmlCharset) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-4134781759-2763846084-1273214818-1000[...]\Run : cmdkabel (rundll32 "C:\Users\MAPOUL~1\AppData\Local\Temp\dpapiles.dll",CreateProcessNotify) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-4134781759-2763846084-1273214818-1000[...]\Run : ctfmutil (rundll32 "C:\Users\MAPOUL~1\AppData\Local\Temp\dpapiles64.dll",CreateProcessNotify) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-4134781759-2763846084-1273214818-1000[...]\Run : etuml (rundll32.exe "C:\Users\Ma Poule\AppData\Roaming\etuml.dll",GetHtmlCharset) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-4134781759-2763846084-1273214818-1000[...]\Run : msotr ("C:\Windows\System32\rundll32.exe" "C:\Users\Ma Poule\AppData\Roaming\msotr.dll",GetMax) -> FOUND
[SUSP PATH] HKCU\[...]\RunOnce : 0C1D14A0E2902A0B026528CEF875F002 (C:\ProgramData\0C1D14A0E2902A0B026528CEF875F002\0C1D14A0E2902A0B026528CEF875F002.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-4134781759-2763846084-1273214818-1000[...]\RunOnce : 0C1D14A0E2902A0B026528CEF875F002 (C:\ProgramData\0C1D14A0E2902A0B026528CEF875F002\0C1D14A0E2902A0B026528CEF875F002.exe) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Ma Poule\AppData\Local\{f7e0f373-56e1-138d-4d5c-b2a5f5233850}\n.) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] n : c:\windows\installer\{f7e0f373-56e1-138d-4d5c-b2a5f5233850}\n --> FOUND
[ZeroAccess][FILE] @ : c:\windows\installer\{f7e0f373-56e1-138d-4d5c-b2a5f5233850}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{f7e0f373-56e1-138d-4d5c-b2a5f5233850}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{f7e0f373-56e1-138d-4d5c-b2a5f5233850}\L --> FOUND
[ZeroAccess][FILE] n : c:\users\ma poule\appdata\local\{f7e0f373-56e1-138d-4d5c-b2a5f5233850}\n --> FOUND
[ZeroAccess][FILE] @ : c:\users\ma poule\appdata\local\{f7e0f373-56e1-138d-4d5c-b2a5f5233850}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\ma poule\appdata\local\{f7e0f373-56e1-138d-4d5c-b2a5f5233850}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\ma poule\appdata\local\{f7e0f373-56e1-138d-4d5c-b2a5f5233850}\L --> FOUND
[Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND
¤¤¤ Driver: [NON CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT725025VLA SCSI Disk Device +++++
--- User ---
[MBR] 381b6d5f9dd25f648f70b06a83b54c13
[BSP] d22bf6395ddb5607a6335207f71520aa : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[1].txt >>
RKreport[1].txt
Malwarebytes Anti-Malware (Essai) 1.62.0.1300
www.malwarebytes.org
Version de la base de données: v2012.08.25.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Yan Charette :: YANCHARETTE-HP [administrateur]
Protection: Activé
2012-08-24 23:02:23
mbam-log-2012-08-24 (23-21-53).txt
Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 201122
Temps écoulé: 3 minute(s), 9 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 2
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Aucune action effectuée.
HKLM\SOFTWARE\Boxore (Adware.Boxore) -> Aucune action effectuée.
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 1
C:\Users\Yan Charette\AppData\Local\Temp\dclogs (Stolen.Data) -> Aucune action effectuée.
Fichier(s) détecté(s): 5
C:\Users\Yan Charette\AppData\Local\Temp\147gge.exe (Trojan.Downloader) -> Aucune action effectuée.
C:\Users\Yan Charette\AppData\Local\Temp\msrapsr.dll (Trojan.Steppa) -> Aucune action effectuée.
C:\Users\Yan Charette\AppData\Local\Temp\~!#851B.tmp (Trojan.LameShield) -> Aucune action effectuée.
C:\Users\Yan Charette\AppData\Local\Temp\~!#9082.tmp (Trojan.LameShield) -> Aucune action effectuée.
C:\Users\Yan Charette\AppData\Local\Temp\dclogs\2011-11-26-7.dc (Stolen.Data) -> Aucune action effectuée.
(fin)
www.malwarebytes.org
Version de la base de données: v2012.08.25.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Yan Charette :: YANCHARETTE-HP [administrateur]
Protection: Activé
2012-08-24 23:02:23
mbam-log-2012-08-24 (23-21-53).txt
Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 201122
Temps écoulé: 3 minute(s), 9 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 2
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Aucune action effectuée.
HKLM\SOFTWARE\Boxore (Adware.Boxore) -> Aucune action effectuée.
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 1
C:\Users\Yan Charette\AppData\Local\Temp\dclogs (Stolen.Data) -> Aucune action effectuée.
Fichier(s) détecté(s): 5
C:\Users\Yan Charette\AppData\Local\Temp\147gge.exe (Trojan.Downloader) -> Aucune action effectuée.
C:\Users\Yan Charette\AppData\Local\Temp\msrapsr.dll (Trojan.Steppa) -> Aucune action effectuée.
C:\Users\Yan Charette\AppData\Local\Temp\~!#851B.tmp (Trojan.LameShield) -> Aucune action effectuée.
C:\Users\Yan Charette\AppData\Local\Temp\~!#9082.tmp (Trojan.LameShield) -> Aucune action effectuée.
C:\Users\Yan Charette\AppData\Local\Temp\dclogs\2011-11-26-7.dc (Stolen.Data) -> Aucune action effectuée.
(fin)
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 628
27 août 2012 à 17:15
27 août 2012 à 17:15
Change tes mots de passe ils ont été pompés.*
Sécurise ton PC : https://forums.commentcamarche.net/forum/affich-25842910-supprimer-live-security-platinum#7
Sécurise ton PC : https://forums.commentcamarche.net/forum/affich-25842910-supprimer-live-security-platinum#7
sasax
Messages postés
3
Date d'inscription
jeudi 6 septembre 2012
Statut
Membre
Dernière intervention
6 septembre 2012
6 sept. 2012 à 23:23
6 sept. 2012 à 23:23
RogueKiller V8.0.2 [31/08/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows Vista (6.0.6000 ) 32 bits version
Demarrage : Mode normal
Utilisateur : mon pc [Droits d'admin]
Mode : Recherche -- Date : 06/09/2012 22:53:20
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 7 ¤¤¤
[TASK][ROGUE ST] 0 : c:\program files\internet explorer\iexplore.exe -> TROUVÉ
[TASK][ROGUE ST] 4737 : wscript.exe -> TROUVÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1875235748-4137062957-314209936-1000\$75f4e57b2aa7bf16da766b0aab4fd35b\n.) -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-1875235748-4137062957-314209936-1000\$75f4e57b2aa7bf16da766b0aab4fd35b\n --> TROUVÉ
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1875235748-4137062957-314209936-1000\$75f4e57b2aa7bf16da766b0aab4fd35b\@ --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1875235748-4137062957-314209936-1000\$75f4e57b2aa7bf16da766b0aab4fd35b\U --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1875235748-4137062957-314209936-1000\$75f4e57b2aa7bf16da766b0aab4fd35b\L --> TROUVÉ
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: WDC WD1600BEVS-22RST0 +++++
--- User ---
[MBR] ca7c7d9a4321e3087245a83bfd67676b
[BSP] aa2d1a4fab984d3857d40d49aaa37d13 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12186 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24958976 | Size: 93628 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 216709120 | Size: 46811 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: PI-239 USB 2.0 Drive USB Device +++++
--- User ---
[MBR] 60a95a9630bd04d5057bdffed6b62f25
[BSP] ef874ee1c6133f574eb2bcf8131a7fd3 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 610477 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[1].txt >>
RKreport[1].txt
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows Vista (6.0.6000 ) 32 bits version
Demarrage : Mode normal
Utilisateur : mon pc [Droits d'admin]
Mode : Recherche -- Date : 06/09/2012 22:53:20
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 7 ¤¤¤
[TASK][ROGUE ST] 0 : c:\program files\internet explorer\iexplore.exe -> TROUVÉ
[TASK][ROGUE ST] 4737 : wscript.exe -> TROUVÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1875235748-4137062957-314209936-1000\$75f4e57b2aa7bf16da766b0aab4fd35b\n.) -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-1875235748-4137062957-314209936-1000\$75f4e57b2aa7bf16da766b0aab4fd35b\n --> TROUVÉ
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1875235748-4137062957-314209936-1000\$75f4e57b2aa7bf16da766b0aab4fd35b\@ --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1875235748-4137062957-314209936-1000\$75f4e57b2aa7bf16da766b0aab4fd35b\U --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1875235748-4137062957-314209936-1000\$75f4e57b2aa7bf16da766b0aab4fd35b\L --> TROUVÉ
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: WDC WD1600BEVS-22RST0 +++++
--- User ---
[MBR] ca7c7d9a4321e3087245a83bfd67676b
[BSP] aa2d1a4fab984d3857d40d49aaa37d13 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12186 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24958976 | Size: 93628 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 216709120 | Size: 46811 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: PI-239 USB 2.0 Drive USB Device +++++
--- User ---
[MBR] 60a95a9630bd04d5057bdffed6b62f25
[BSP] ef874ee1c6133f574eb2bcf8131a7fd3 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 610477 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[1].txt >>
RKreport[1].txt
sasax
Messages postés
3
Date d'inscription
jeudi 6 septembre 2012
Statut
Membre
Dernière intervention
6 septembre 2012
6 sept. 2012 à 23:35
6 sept. 2012 à 23:35
sasax
Messages postés
3
Date d'inscription
jeudi 6 septembre 2012
Statut
Membre
Dernière intervention
6 septembre 2012
6 sept. 2012 à 23:40
6 sept. 2012 à 23:40
----------extra---------
OTL Extras logfile created on: 06/09/2012 23:14:29 - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\mon pc\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 46.97% Memory free
4.19 Gb Paging File | 3.08 Gb Available in Paging File | 73.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 91.43 Gb Total Space | 48.12 Gb Free Space | 52.63% Space Free | Partition Type: NTFS
Drive D: | 45.71 Gb Total Space | 41.14 Gb Free Space | 89.99% Space Free | Partition Type: NTFS
Drive I: | 596.02 Gb Total Space | 551.62 Gb Free Space | 92.55% Space Free | Partition Type: FAT32
Computer Name: PC-DE-MONPC | User Name: mon pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8A98391E-3593-429B-9BF0-23E95D8A2B78}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{108DA9CD-5B32-44C4-81E4-FF0650395A9C}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{2F2B292E-9C92-4A9B-9798-FAE5A857489C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{34EC50C4-681C-4DB1-BE2F-A1FC0BB5CC38}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{64D3D27F-C595-47BC-B713-9617CB722959}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{81C40F90-F255-47D6-BEC7-5580328B22C2}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{83E1E084-60CB-46E6-AC06-1F1942BD1EF9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{85AA4616-A8F3-402B-9E32-76475144B2C5}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{9441F982-394F-4001-81C7-07D9D84D9A08}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{9A057CA7-5BE0-4034-A36B-1C4B938044D9}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{A7B75680-3FB9-46EE-9215-3EED3FF10005}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{A9C3A035-73A3-49C9-874A-9CF3A8F199B0}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{F33B47FF-05BB-4456-83DB-D020FB775826}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{F8A3C565-A189-4202-A3FF-C027F50357A2}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"TCP Query User{15E4DE52-EFA9-4F78-8B9F-D59530B713BA}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{4AB014B7-BBD1-4E46-8FCA-19A935CBEC75}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{51F1AC52-122F-4857-BA48-513BD934DC39}C:\users\mon pc\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\mon pc\appdata\roaming\spotify\spotify.exe |
"TCP Query User{666B8896-0E0B-4580-9BA7-131016A7E197}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{675ACA1B-01E1-4C1F-8890-7FFCBA41F98C}C:\program files\iomega\quikprotect\quikprotect.exe" = protocol=6 | dir=in | app=c:\program files\iomega\quikprotect\quikprotect.exe |
"TCP Query User{A9C57757-A573-4819-9799-9B2908E594CC}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{B195C4C7-8974-4498-B627-4058D0E0A2A0}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{B65E7E0B-B8F3-43CA-82D8-757368A25496}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{D3034ED2-C58F-4B04-9491-21366F0CFFD3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F1B7D152-953E-44FA-8960-B98836951463}C:\program files\scol voyager\scol.exe" = protocol=6 | dir=in | app=c:\program files\scol voyager\scol.exe |
"TCP Query User{F49F863B-EA64-4017-A89A-3B39B75C9FE6}C:\program files\iomega\iomega screenplay\screenplay discovery.exe" = protocol=6 | dir=in | app=c:\program files\iomega\iomega screenplay\screenplay discovery.exe |
"UDP Query User{219E2DD3-6E60-4046-98EA-7CC52AEBB30F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{4B1317DD-7B15-4AC1-9155-6CB6CA5EBD5B}C:\program files\iomega\iomega screenplay\screenplay discovery.exe" = protocol=17 | dir=in | app=c:\program files\iomega\iomega screenplay\screenplay discovery.exe |
"UDP Query User{55F36CBC-E6A6-46F9-9491-C095DCB37CD1}C:\program files\iomega\quikprotect\quikprotect.exe" = protocol=17 | dir=in | app=c:\program files\iomega\quikprotect\quikprotect.exe |
"UDP Query User{5FF23E27-FDEB-4341-A527-6D2E1A810F77}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{669CD724-B5C7-4377-B3B1-EBFA540537EE}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{8682E2AF-D6FD-4622-9C24-AB1F9481A055}C:\program files\scol voyager\scol.exe" = protocol=17 | dir=in | app=c:\program files\scol voyager\scol.exe |
"UDP Query User{95D13C8C-749A-427F-9058-369868C8918C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{AEC9E278-4F78-4E77-BAE8-131C8DBE941F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{D16CF3EF-9DBB-457A-B384-17D0BC249A75}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{EB7FC18A-4E87-4A09-B7E3-2E2BE0BFA9E4}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{F79471F1-8029-40B1-9300-A85D93DCDE95}C:\users\mon pc\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\mon pc\appdata\roaming\spotify\spotify.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}" = SDFormatter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = WebCam
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}" = Iomega Product Registration
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D7E5329-5751-435B-B585-0EFF51783A20}" = NWZ-E350 WALKMAN Guide
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B53FA0E4-739C-435F-9872-E3032F2E08FC}" = Iomega QuikProtect
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DC1B23F0-2A8C-49DD-8F83-74F50950D5A7}" = Iomega ScreenPlay Discovery
"{E4BC9EE4-67F8-4335-BF46-BDACE314BCF6}" = Hercules DJ Console Series drivers
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"b61a9b39" = Contextual Tool Advertzilla
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"Defraggler" = Defraggler
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"EPSON Scanner" = EPSON Scan
"Foxit Reader_is1" = Foxit Reader 5.1
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.0
"Free YouTube Downloader Converter" = Free YouTube Downloader Converter
"F-Secure Anti-Virus" = F-Secure Anti-Virus for Workstations - Protection virus et logiciels espions
"F-Secure HIPS" = F-Secure Client Security - DeepGuard
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 9.0.1 (x86 fr)" = Mozilla Firefox 9.0.1 (x86 fr)
"PDFCreator Toolbar" = PDFCreator Toolbar
"PROPLUS" = Microsoft Office Professional Plus 2007
"Searchqu 0 MediaBar" = Windows Searchqu Toolbar
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Sweet Home 3D_is1" = Sweet Home 3D version 3.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.1.7
"VST Bridge_is1" = VST Bridge 1.1
"Windows Searchqu Toolbar" = Windows iLivid Toolbar
"WinRAR archiver" = WinRAR archiver
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-1875235748-4137062957-314209936-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Live Security Platinum" = Live Security Platinum
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 06/07/2012 02:52:10 | Computer Name = PC-de-monpc | Source = Application Error | ID = 1000
Description = Application défaillante svchost.exe_EMDMgmt, version 6.0.6000.16386,
horodatage 0x4549adc4, module défaillant ntdll.dll, version 6.0.6000.16386, horodatage
0x4549bdc9, code d'exception 0xc0000374, décalage d'erreur 0x000af1c9, ID du processus
0x43c, heure de début de l'application 0x01cd5b438a6b1ebb.
Error - 06/07/2012 02:54:57 | Computer Name = PC-de-monpc | Source = Application Error | ID = 1000
Description = Application défaillante svchost.exe_EMDMgmt, version 6.0.6000.16386,
horodatage 0x4549adc4, module défaillant ntdll.dll, version 6.0.6000.16386, horodatage
0x4549bdc9, code d'exception 0xc0000374, décalage d'erreur 0x000af1c9, ID du processus
0xcf0, heure de début de l'application 0x01cd5b43fe3a94bb.
Error - 06/07/2012 08:53:11 | Computer Name = PC-de-monpc | Source = Application Hang | ID = 1002
Description = Le programme iexplore.exe version 8.0.6001.18928 a cessé d'interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l'historique du problème dans l'application Rapports
et solutions aux problèmes du Panneau de configuration. ID de processus : 1414 Heure
de début : 01cd5b7635d3c0eb Heure de fin : 62
Error - 06/07/2012 18:19:03 | Computer Name = PC-de-monpc | Source = Application Hang | ID = 1002
Description = Le programme iexplore.exe version 8.0.6001.18928 a cessé d'interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l'historique du problème dans l'application Rapports
et solutions aux problèmes du Panneau de configuration. ID de processus : 1250 Heure
de début : 01cd5bc546218b9b Heure de fin : 11
Error - 07/07/2012 05:40:59 | Computer Name = PC-de-monpc | Source = Application Error | ID = 1000
Description = Application défaillante FOXIT READER.EXE, version 5.1.4.104, horodatage
0x4f03f742, module défaillant facebook_plugin.fpi_unloaded, version 0.0.0.0, horodatage
0x4ed5d143, code d'exception 0xc0000005, décalage d'erreur 0x03962978, ID du processus
0x12d0, heure de début de l'application 0x01cd5c2035066d1a.
Error - 10/07/2012 05:12:22 | Computer Name = PC-de-monpc | Source = Application Error | ID = 1000
Description = Application défaillante chrome.exe, version 20.0.1132.47, horodatage
0x4fec0d4d, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000,
code d'exception 0xc0000005, décalage d'erreur 0x00000000, ID du processus 0x208,
heure de début de l'application 0x01cd5e6c72d10f2b.
Error - 10/07/2012 19:41:53 | Computer Name = PC-de-monpc | Source = EventSystem | ID = 4621
Description =
Error - 11/07/2012 08:38:59 | Computer Name = PC-de-monpc | Source = EventSystem | ID = 4621
Description =
Error - 12/07/2012 04:57:34 | Computer Name = PC-de-monpc | Source = EventSystem | ID = 4621
Description =
Error - 12/07/2012 06:46:50 | Computer Name = PC-de-monpc | Source = EventSystem | ID = 4621
Description =
[ System Events ]
Error - 04/09/2012 15:57:36 | Computer Name = PC-de-monpc | Source = DCOM | ID = 10010
Description =
Error - 05/09/2012 20:14:36 | Computer Name = PC-de-monpc | Source = DCOM | ID = 10010
Description =
Error - 06/09/2012 03:18:55 | Computer Name = PC-de-monpc | Source = Service Control Manager | ID = 7000
Description =
Error - 06/09/2012 09:41:06 | Computer Name = PC-de-monpc | Source = DCOM | ID = 10010
Description =
Error - 06/09/2012 09:45:00 | Computer Name = PC-de-monpc | Source = DCOM | ID = 10010
Description =
Error - 06/09/2012 09:46:06 | Computer Name = PC-de-monpc | Source = DCOM | ID = 10010
Description =
Error - 06/09/2012 13:19:33 | Computer Name = PC-de-monpc | Source = DCOM | ID = 10010
Description =
Error - 06/09/2012 13:23:13 | Computer Name = PC-de-monpc | Source = Service Control Manager | ID = 7000
Description =
Error - 06/09/2012 16:56:19 | Computer Name = PC-de-monpc | Source = DCOM | ID = 10010
Description =
Error - 06/09/2012 16:59:26 | Computer Name = PC-de-monpc | Source = Service Control Manager | ID = 7000
Description =
< End of report >
OTL Extras logfile created on: 06/09/2012 23:14:29 - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\mon pc\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 46.97% Memory free
4.19 Gb Paging File | 3.08 Gb Available in Paging File | 73.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 91.43 Gb Total Space | 48.12 Gb Free Space | 52.63% Space Free | Partition Type: NTFS
Drive D: | 45.71 Gb Total Space | 41.14 Gb Free Space | 89.99% Space Free | Partition Type: NTFS
Drive I: | 596.02 Gb Total Space | 551.62 Gb Free Space | 92.55% Space Free | Partition Type: FAT32
Computer Name: PC-DE-MONPC | User Name: mon pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8A98391E-3593-429B-9BF0-23E95D8A2B78}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{108DA9CD-5B32-44C4-81E4-FF0650395A9C}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{2F2B292E-9C92-4A9B-9798-FAE5A857489C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{34EC50C4-681C-4DB1-BE2F-A1FC0BB5CC38}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{64D3D27F-C595-47BC-B713-9617CB722959}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{81C40F90-F255-47D6-BEC7-5580328B22C2}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{83E1E084-60CB-46E6-AC06-1F1942BD1EF9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{85AA4616-A8F3-402B-9E32-76475144B2C5}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{9441F982-394F-4001-81C7-07D9D84D9A08}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{9A057CA7-5BE0-4034-A36B-1C4B938044D9}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{A7B75680-3FB9-46EE-9215-3EED3FF10005}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{A9C3A035-73A3-49C9-874A-9CF3A8F199B0}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{F33B47FF-05BB-4456-83DB-D020FB775826}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{F8A3C565-A189-4202-A3FF-C027F50357A2}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"TCP Query User{15E4DE52-EFA9-4F78-8B9F-D59530B713BA}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{4AB014B7-BBD1-4E46-8FCA-19A935CBEC75}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{51F1AC52-122F-4857-BA48-513BD934DC39}C:\users\mon pc\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\mon pc\appdata\roaming\spotify\spotify.exe |
"TCP Query User{666B8896-0E0B-4580-9BA7-131016A7E197}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{675ACA1B-01E1-4C1F-8890-7FFCBA41F98C}C:\program files\iomega\quikprotect\quikprotect.exe" = protocol=6 | dir=in | app=c:\program files\iomega\quikprotect\quikprotect.exe |
"TCP Query User{A9C57757-A573-4819-9799-9B2908E594CC}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{B195C4C7-8974-4498-B627-4058D0E0A2A0}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{B65E7E0B-B8F3-43CA-82D8-757368A25496}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{D3034ED2-C58F-4B04-9491-21366F0CFFD3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F1B7D152-953E-44FA-8960-B98836951463}C:\program files\scol voyager\scol.exe" = protocol=6 | dir=in | app=c:\program files\scol voyager\scol.exe |
"TCP Query User{F49F863B-EA64-4017-A89A-3B39B75C9FE6}C:\program files\iomega\iomega screenplay\screenplay discovery.exe" = protocol=6 | dir=in | app=c:\program files\iomega\iomega screenplay\screenplay discovery.exe |
"UDP Query User{219E2DD3-6E60-4046-98EA-7CC52AEBB30F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{4B1317DD-7B15-4AC1-9155-6CB6CA5EBD5B}C:\program files\iomega\iomega screenplay\screenplay discovery.exe" = protocol=17 | dir=in | app=c:\program files\iomega\iomega screenplay\screenplay discovery.exe |
"UDP Query User{55F36CBC-E6A6-46F9-9491-C095DCB37CD1}C:\program files\iomega\quikprotect\quikprotect.exe" = protocol=17 | dir=in | app=c:\program files\iomega\quikprotect\quikprotect.exe |
"UDP Query User{5FF23E27-FDEB-4341-A527-6D2E1A810F77}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{669CD724-B5C7-4377-B3B1-EBFA540537EE}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{8682E2AF-D6FD-4622-9C24-AB1F9481A055}C:\program files\scol voyager\scol.exe" = protocol=17 | dir=in | app=c:\program files\scol voyager\scol.exe |
"UDP Query User{95D13C8C-749A-427F-9058-369868C8918C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{AEC9E278-4F78-4E77-BAE8-131C8DBE941F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{D16CF3EF-9DBB-457A-B384-17D0BC249A75}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{EB7FC18A-4E87-4A09-B7E3-2E2BE0BFA9E4}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{F79471F1-8029-40B1-9300-A85D93DCDE95}C:\users\mon pc\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\mon pc\appdata\roaming\spotify\spotify.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}" = SDFormatter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = WebCam
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}" = Iomega Product Registration
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D7E5329-5751-435B-B585-0EFF51783A20}" = NWZ-E350 WALKMAN Guide
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B53FA0E4-739C-435F-9872-E3032F2E08FC}" = Iomega QuikProtect
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DC1B23F0-2A8C-49DD-8F83-74F50950D5A7}" = Iomega ScreenPlay Discovery
"{E4BC9EE4-67F8-4335-BF46-BDACE314BCF6}" = Hercules DJ Console Series drivers
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"b61a9b39" = Contextual Tool Advertzilla
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"Defraggler" = Defraggler
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"EPSON Scanner" = EPSON Scan
"Foxit Reader_is1" = Foxit Reader 5.1
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.0
"Free YouTube Downloader Converter" = Free YouTube Downloader Converter
"F-Secure Anti-Virus" = F-Secure Anti-Virus for Workstations - Protection virus et logiciels espions
"F-Secure HIPS" = F-Secure Client Security - DeepGuard
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 9.0.1 (x86 fr)" = Mozilla Firefox 9.0.1 (x86 fr)
"PDFCreator Toolbar" = PDFCreator Toolbar
"PROPLUS" = Microsoft Office Professional Plus 2007
"Searchqu 0 MediaBar" = Windows Searchqu Toolbar
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Sweet Home 3D_is1" = Sweet Home 3D version 3.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.1.7
"VST Bridge_is1" = VST Bridge 1.1
"Windows Searchqu Toolbar" = Windows iLivid Toolbar
"WinRAR archiver" = WinRAR archiver
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-1875235748-4137062957-314209936-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Live Security Platinum" = Live Security Platinum
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 06/07/2012 02:52:10 | Computer Name = PC-de-monpc | Source = Application Error | ID = 1000
Description = Application défaillante svchost.exe_EMDMgmt, version 6.0.6000.16386,
horodatage 0x4549adc4, module défaillant ntdll.dll, version 6.0.6000.16386, horodatage
0x4549bdc9, code d'exception 0xc0000374, décalage d'erreur 0x000af1c9, ID du processus
0x43c, heure de début de l'application 0x01cd5b438a6b1ebb.
Error - 06/07/2012 02:54:57 | Computer Name = PC-de-monpc | Source = Application Error | ID = 1000
Description = Application défaillante svchost.exe_EMDMgmt, version 6.0.6000.16386,
horodatage 0x4549adc4, module défaillant ntdll.dll, version 6.0.6000.16386, horodatage
0x4549bdc9, code d'exception 0xc0000374, décalage d'erreur 0x000af1c9, ID du processus
0xcf0, heure de début de l'application 0x01cd5b43fe3a94bb.
Error - 06/07/2012 08:53:11 | Computer Name = PC-de-monpc | Source = Application Hang | ID = 1002
Description = Le programme iexplore.exe version 8.0.6001.18928 a cessé d'interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l'historique du problème dans l'application Rapports
et solutions aux problèmes du Panneau de configuration. ID de processus : 1414 Heure
de début : 01cd5b7635d3c0eb Heure de fin : 62
Error - 06/07/2012 18:19:03 | Computer Name = PC-de-monpc | Source = Application Hang | ID = 1002
Description = Le programme iexplore.exe version 8.0.6001.18928 a cessé d'interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l'historique du problème dans l'application Rapports
et solutions aux problèmes du Panneau de configuration. ID de processus : 1250 Heure
de début : 01cd5bc546218b9b Heure de fin : 11
Error - 07/07/2012 05:40:59 | Computer Name = PC-de-monpc | Source = Application Error | ID = 1000
Description = Application défaillante FOXIT READER.EXE, version 5.1.4.104, horodatage
0x4f03f742, module défaillant facebook_plugin.fpi_unloaded, version 0.0.0.0, horodatage
0x4ed5d143, code d'exception 0xc0000005, décalage d'erreur 0x03962978, ID du processus
0x12d0, heure de début de l'application 0x01cd5c2035066d1a.
Error - 10/07/2012 05:12:22 | Computer Name = PC-de-monpc | Source = Application Error | ID = 1000
Description = Application défaillante chrome.exe, version 20.0.1132.47, horodatage
0x4fec0d4d, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000,
code d'exception 0xc0000005, décalage d'erreur 0x00000000, ID du processus 0x208,
heure de début de l'application 0x01cd5e6c72d10f2b.
Error - 10/07/2012 19:41:53 | Computer Name = PC-de-monpc | Source = EventSystem | ID = 4621
Description =
Error - 11/07/2012 08:38:59 | Computer Name = PC-de-monpc | Source = EventSystem | ID = 4621
Description =
Error - 12/07/2012 04:57:34 | Computer Name = PC-de-monpc | Source = EventSystem | ID = 4621
Description =
Error - 12/07/2012 06:46:50 | Computer Name = PC-de-monpc | Source = EventSystem | ID = 4621
Description =
[ System Events ]
Error - 04/09/2012 15:57:36 | Computer Name = PC-de-monpc | Source = DCOM | ID = 10010
Description =
Error - 05/09/2012 20:14:36 | Computer Name = PC-de-monpc | Source = DCOM | ID = 10010
Description =
Error - 06/09/2012 03:18:55 | Computer Name = PC-de-monpc | Source = Service Control Manager | ID = 7000
Description =
Error - 06/09/2012 09:41:06 | Computer Name = PC-de-monpc | Source = DCOM | ID = 10010
Description =
Error - 06/09/2012 09:45:00 | Computer Name = PC-de-monpc | Source = DCOM | ID = 10010
Description =
Error - 06/09/2012 09:46:06 | Computer Name = PC-de-monpc | Source = DCOM | ID = 10010
Description =
Error - 06/09/2012 13:19:33 | Computer Name = PC-de-monpc | Source = DCOM | ID = 10010
Description =
Error - 06/09/2012 13:23:13 | Computer Name = PC-de-monpc | Source = Service Control Manager | ID = 7000
Description =
Error - 06/09/2012 16:56:19 | Computer Name = PC-de-monpc | Source = DCOM | ID = 10010
Description =
Error - 06/09/2012 16:59:26 | Computer Name = PC-de-monpc | Source = Service Control Manager | ID = 7000
Description =
< End of report >
2 déc. 2012 à 18:16