Essential Cleaner virus problem

View previous topic View next topic Go down

Essential Cleaner virus problem

Post by Fanfoa on Sat 07 May 2011, 10:32 am

Hello,

I have a problem with my laptop: the Essential Clean fake antivirus that keeps popping up and closing my web pages, deleting my wallpaper and all...
I tried the OTL thing, I downloaded it but I don't know what to do next... please help =(

Fanfoa

Unborn
Unborn

Posts : 3
Joined : 2011-05-07
Operating System : XP

View user profile

Back to top Go down

Re: Essential Cleaner virus problem

Post by Fanfoa on Sat 07 May 2011, 10:40 am

Here is the first post "OTL.txt" :

OTL logfile created on: 06/05/2011 18:14:57 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Utilisateur\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63,87 Gb Total Space | 0,02 Gb Free Space | 0,03% Space Free | Partition Type: NTFS
Drive D: | 47,91 Gb Total Space | 2,49 Gb Free Space | 5,20% Space Free | Partition Type: NTFS

Computer Name: PC-DE-UTILISATE | User Name: Utilisateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/06 18:14:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Utilisateur\Desktop\OTL.exe
PRC - [2011/05/06 16:00:33 | 000,462,848 | ---- | M] () -- C:\ProgramData\aM31000OhFoD31000\aM31000OhFoD31000.exe
PRC - [2011/03/14 16:03:01 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/24 16:25:06 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/26 22:22:12 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010/09/23 10:18:01 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/18 14:29:02 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/09/18 14:29:00 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/09/18 14:28:13 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/08/20 04:34:00 | 000,508,573 | ---- | M] (Acronis) -- C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
PRC - [2010/08/20 03:39:08 | 000,114,688 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/08/20 03:39:08 | 000,065,536 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/02/23 01:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFSA.EXE
PRC - [2007/01/04 18:07:38 | 000,221,184 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007/01/02 19:23:24 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006/12/28 19:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006/12/21 02:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006/12/20 17:59:12 | 000,090,112 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2006/12/19 12:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006/11/02 11:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006/09/11 05:31:35 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006/09/08 02:10:21 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe


========== Modules (SafeList) ==========

MOD - [2011/05/06 18:14:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Utilisateur\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- Reg Error: Key error. -- (TrkWks)
SRV - File not found [Unknown | Running] -- Reg Error: Key error. -- (RpcSs) Appel de procédure distante (RPC)
SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Unknown | Running] -- Reg Error: Key error. -- (DcomLaunch)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [Auto | Running] -- Reg Error: Key error. -- (BITS)
SRV - [2010/09/18 14:28:13 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/08/20 03:39:08 | 000,114,688 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/08/01 11:19:44 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2006/12/28 19:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2006/12/20 17:59:12 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)


========== Driver Services (SafeList) ==========

DRV - [2010/09/18 14:30:02 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/09/18 14:29:50 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/09/18 14:29:48 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/08/20 03:39:04 | 000,201,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/08/20 03:39:04 | 000,078,752 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/08/20 03:39:04 | 000,028,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/09/26 13:48:25 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/02/22 08:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008/02/22 08:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/02/22 08:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2006/12/28 03:17:17 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006/12/19 00:37:59 | 004,447,808 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/12/14 02:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/14 11:16:23 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 06:42:45 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 02:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 02:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/11/02 02:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006/08/29 20:35:57 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/04/18 19:04:36 | 000,899,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynMini.sys -- (SynMini)
DRV - [2006/04/18 19:04:34 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynScan.sys -- (SynScan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = cherche.us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2009/03/07 06:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utilisateur\AppData\Roaming\mozilla\Extensions
[2009/03/07 06:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utilisateur\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cloneur Expert Monitor] C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [WinampAgent] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spyware Doctor with AntiVirus] File not found
O4 - HKCU..\RunOnce: [aM31000OhFoD31000] C:\ProgramData\aM31000OhFoD31000\aM31000OhFoD31000.exe ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: chat-land.org ([]* in Sites de confiance)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 144.96.35.247 144.96.35.245
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/06 18:14:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Utilisateur\Desktop\OTL.exe
[2011/05/06 17:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/05/06 16:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\aM31000OhFoD31000
[2011/05/02 01:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/27 11:07:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 11:07:34 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 11:07:29 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/25 12:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/25 12:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/15 12:42:00 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/15 12:41:59 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/15 12:41:52 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/15 12:41:52 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/15 12:41:52 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/15 12:41:51 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/15 12:41:51 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/15 12:41:51 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/15 12:41:51 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/15 12:41:51 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/15 12:41:50 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/15 12:41:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/15 12:41:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/15 12:41:50 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/15 12:41:50 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/15 12:41:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/15 12:41:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/15 12:41:49 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/15 12:41:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/15 12:41:41 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/15 12:41:40 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/15 12:41:31 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/15 12:41:29 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/15 12:41:23 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/15 12:41:23 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/10 23:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\gGe31002nNaMd31002
[2008/03/16 15:06:15 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Utilisateur\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/05/06 18:14:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Utilisateur\Desktop\OTL.exe
[2011/05/06 17:52:40 | 000,013,307 | ---- | M] () -- C:\Users\Utilisateur\AppData\Roaming\nvModes.dat
[2011/05/06 17:52:40 | 000,013,307 | ---- | M] () -- C:\Users\Utilisateur\AppData\Roaming\nvModes.001
[2011/05/06 17:52:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/06 17:13:59 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 17:13:58 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 16:37:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/05 17:33:06 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2011/05/03 21:52:24 | 000,238,080 | ---- | M] () -- C:\Users\Utilisateur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 22:54:39 | 075,431,441 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/04/25 12:24:39 | 000,001,854 | ---- | M] () -- C:\Users\Utilisateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/25 12:22:32 | 000,001,671 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/20 11:07:11 | 000,042,444 | ---- | M] () -- C:\Users\Utilisateur\Documents\Recrutement ambassadeurs[2].pdf
[2011/04/19 23:17:38 | 009,780,720 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/04/19 23:17:38 | 003,464,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/19 23:17:38 | 003,283,608 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/04/19 23:17:38 | 002,861,646 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/18 11:03:15 | 001,717,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/15 12:02:05 | 000,000,169 | ---- | M] () -- C:\Users\Utilisateur\webct_upload_applet.properties
[2011/04/10 15:35:17 | 000,228,705 | ---- | M] () -- C:\Users\Utilisateur\Desktop\candidature_M2Edition11-12.pdf

========== Files Created - No Company Name ==========

[2011/04/25 12:22:32 | 000,001,671 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/20 11:07:11 | 000,042,444 | ---- | C] () -- C:\Users\Utilisateur\Documents\Recrutement ambassadeurs[2].pdf
[2011/04/10 15:35:17 | 000,228,705 | ---- | C] () -- C:\Users\Utilisateur\Desktop\candidature_M2Edition11-12.pdf
[2010/08/20 10:48:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/20 03:37:50 | 000,037,888 | ---- | C] () -- C:\Windows\System32\setupnt.dll
[2010/08/19 09:31:38 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010/08/19 09:31:38 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010/08/19 09:31:38 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010/08/19 09:31:38 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010/08/19 09:12:45 | 000,000,680 | ---- | C] () -- C:\Users\Utilisateur\AppData\Local\d3d9caps.dat
[2009/09/26 12:31:38 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2009/09/17 15:25:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 15:25:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 08:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 08:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/03/15 14:48:10 | 000,003,448 | ---- | C] () -- C:\Windows\zipinst_lng.ini
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/10/30 09:29:26 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/30 09:29:18 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008/09/24 04:33:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/08 17:45:07 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008/08/11 17:34:56 | 000,682,496 | ---- | C] () -- C:\Windows\System32\CDUninst.exe
[2008/05/01 04:14:03 | 000,000,095 | ---- | C] () -- C:\Users\Utilisateur\AppData\Local\qcuercmf.bat
[2008/03/16 15:07:36 | 000,000,668 | ---- | C] () -- C:\Users\Utilisateur\AppData\Roaming\vso_ts_preview.xml
[2008/03/16 15:06:15 | 000,087,608 | ---- | C] () -- C:\Users\Utilisateur\AppData\Roaming\inst.exe
[2008/03/16 15:06:15 | 000,007,887 | ---- | C] () -- C:\Users\Utilisateur\AppData\Roaming\pcouffin.cat
[2008/03/16 15:06:15 | 000,001,144 | ---- | C] () -- C:\Users\Utilisateur\AppData\Roaming\pcouffin.inf
[2008/02/13 11:17:49 | 002,729,472 | ---- | C] () -- C:\Windows\System32\fun_avcodec.dll
[2008/02/05 06:22:45 | 000,238,080 | ---- | C] () -- C:\Users\Utilisateur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/05 04:01:15 | 000,013,307 | ---- | C] () -- C:\Users\Utilisateur\AppData\Roaming\nvModes.001
[2008/02/05 04:01:14 | 000,013,307 | ---- | C] () -- C:\Users\Utilisateur\AppData\Roaming\nvModes.dat
[2008/02/04 08:57:43 | 000,001,026 | ---- | C] () -- C:\Windows\System32\ABF3M.DAT
[2008/02/04 08:57:29 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2007/01/10 14:43:30 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/01/10 14:17:03 | 009,780,720 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2007/01/10 14:17:03 | 003,283,608 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2007/01/10 14:17:03 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2007/01/10 14:17:03 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2007/01/10 14:13:32 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 001,717,528 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 003,464,012 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 002,861,646 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/04/18 19:04:36 | 000,899,712 | ---- | C] () -- C:\Windows\System32\drivers\SynMini.sys
[2006/04/18 19:04:34 | 000,498,688 | ---- | C] () -- C:\Windows\System32\drivers\SynPin.sys
[2006/04/18 19:04:34 | 000,031,232 | ---- | C] () -- C:\Windows\System32\drivers\SynCamd.sys
[2006/04/18 19:04:34 | 000,014,848 | ---- | C] () -- C:\Windows\System32\drivers\SynSam.sys
[2006/04/18 19:04:34 | 000,009,216 | ---- | C] () -- C:\Windows\System32\drivers\SynScan.sys
[2006/03/15 19:00:20 | 000,045,056 | ---- | C] () -- C:\Windows\StkUnist.exe
[2005/07/04 15:27:54 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SynSvc_.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

Fanfoa

Unborn
Unborn

Posts : 3
Joined : 2011-05-07
Operating System : XP

View user profile

Back to top Go down

Re: Essential Cleaner virus problem

Post by Fanfoa on Sat 07 May 2011, 10:42 am

and here is the "Extras.Txt":

OTL Extras logfile created on: 06/05/2011 18:14:57 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Utilisateur\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63,87 Gb Total Space | 0,02 Gb Free Space | 0,03% Space Free | Partition Type: NTFS
Drive D: | 47,91 Gb Total Space | 2,49 Gb Free Space | 5,20% Space Free | Partition Type: NTFS

Computer Name: PC-DE-UTILISATE | User Name: Utilisateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{340B09CF-2D60-4625-9C2D-80B19DBE50AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{54CDCEEB-7B14-4CC8-905B-7EB81D75D265}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{588285CE-FBD5-4B21-976A-110401C1E4D2}" = rport=137 | protocol=17 | dir=out | app=system |
"{60A958C0-53D8-48AD-85DF-04E951408103}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C35A9A9-1570-4017-A4E7-2C43040009CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{6C7D8632-F289-4383-992E-22653374007D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{74FB4A8E-46E9-4ABC-A828-1C6B9119DAB5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A77842F-2AD5-43E5-AEA8-1C760DD96B9D}" = lport=139 | protocol=6 | dir=in | app=system |
"{7AA27D41-8276-4480-A022-5710CC822D44}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{919C02D1-0220-4EE3-BC02-BA408D691667}" = rport=445 | protocol=6 | dir=out | app=system |
"{94248CAD-17BF-4928-9389-2CE35C28757D}" = lport=137 | protocol=17 | dir=in | app=system |
"{96CB0C85-27D7-4069-9605-8165BE89D07F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A583D377-61FF-451F-8C13-8FE9FFAEEE49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A673F1EC-3A9A-4C15-8AAF-05ACECCA6311}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B623B182-B159-494D-BCF9-EDB681DF666A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C2110D3E-7704-4768-9356-86C0D7CFC0A7}" = rport=138 | protocol=17 | dir=out | app=system |
"{C588B469-B87E-449E-BC44-838D8619EFDD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CA662652-253D-400E-BC1A-FA8A9F7DE9DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D7938008-CB55-4A43-BAF1-01249C0F5F37}" = lport=138 | protocol=17 | dir=in | app=system |
"{E0AB3DA3-DDD1-4E6C-9905-CE35A9DCBC4D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F47169F9-1538-4D1F-88F2-A2C58A110821}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DC78D21-C414-4C3F-833D-ACD6CB4254E7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1B2B3561-FBDC-4169-B58E-C85D7081DE4D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2C3CC541-9A68-4F4C-861D-2A199A71E282}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{350E3CA2-C839-4ECC-A92D-2F1E3502953B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4F6D39DF-BE97-4CC5-88C6-FC1946E9DB10}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{5C5BA10C-3690-4070-AD8D-E7F0B4B66BA0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7CA3FC5F-6232-439E-93A3-95464382729F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{898E633A-CE51-435A-9FEE-B5D9EEBB786E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9CF11F30-D3D4-454E-8AAD-58BAA408C262}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9CFC1766-FE43-4C83-979E-577D2A9DCCC2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A5C077AF-27E9-4B31-B78D-D1C5F955771C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AF0B68DD-2090-4549-A2C4-A6F5F0191CD9}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{BBB83C86-4000-4B11-B763-2CE2DC13D9C5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{BF2A0DC2-06F5-41B8-A0F5-56A8EDA78BA4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D97F917C-231D-4A0B-91DC-1B238364826E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FDF1FD37-C5ED-4E3E-AC78-A44BE0F9277A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{003E0273-52A8-40C1-8C20-D3747E9AAD11}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{067DFE5D-ABE8-49CB-8C9D-164C842743FF}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{43D983E4-43C1-4C9C-8B4B-1AFBE68BECF9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{5618BFD2-5DED-45E3-8B4D-A4A8F83A9819}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{C77D14C2-E5F2-4512-8317-5A7920758361}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{D560648C-44A3-4AF6-BA7F-7194CBE9D79E}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{0FF7F2B4-A74D-4A1C-910D-9D20F4BAE60B}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{37EEEB08-F8D4-41A7-8237-46969F43D8A8}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{4F877CD0-C398-479A-AE7A-B7A1DA0B1938}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{BF9BDD75-6144-40A9-A47D-EBF61A5ECD3E}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{E7DFF833-A11D-4F3B-B40C-33F4F81C792D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F07B90D7-BF25-4D8B-A912-01D8CEAA618E}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Assistant de connexion Windows Live ID
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B568EF0-5280-4E27-BE21-74D15F0BD8AF}" = Samsung PC Studio 3
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89DDBCD4-B326-4545-9A05-26C7B16C1DEB}" = PowerForPhone
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}" = Adobe Setup
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1036-7B44-A82000000003}" = Adobe Reader 8.2.6 - Français
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF794769-8875-4E01-B7BE-E00104604F4A}" = Adobe Photoshop CS3
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_32e9033392a51340b32fdc6ad893ab7" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"Cloneur Expert" = Cloneur Expert
"Dépanneur Expert" = Dépanneur Expert
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = Configuration DivX
"Editeur de disque" = Editeur de disque
"EPSON Artisan 710 Series" = Désinstallation de l'imprimante EPSON Artisan 710 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Nettoyeur de disque" = Nettoyeur de disque
"NVIDIA Drivers" = NVIDIA Drivers
"Partition Expert" = Partition Expert
"PROPLUS" = Microsoft Office Professional Plus 2007
"qcuercmf" = Favorit
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Tattoons)
"USB2.0 1.3M Web Cam" = USB2.0 1.3M Web Cam
"VLC media player" = VideoLAN VLC media player 0.8.5
"Vodafone WCDMA Composite Device Drive" = Vodafone WCDMA Composite Device Drive Software
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"YouTube Downloader App" = YouTube Downloader App 2.03

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/05/2011 16:42:20 | Computer Name = PC-de-Utilisate | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 05/05/2011 16:42:20 | Computer Name = PC-de-Utilisate | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 55474

Error - 05/05/2011 16:42:20 | Computer Name = PC-de-Utilisate | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 55474

Error - 05/05/2011 19:58:38 | Computer Name = PC-de-Utilisate | Source = Application Error | ID = 1000
Description = Application défaillante distnoted.exe, version 1.550.54.0, horodatage
0x4d4d8f19, module défaillant CoreFoundation.dll, version 1.550.54.0, horodatage
0x4d4d8f17, code d’exception 0xc0000005, décalage d’erreur 0x0005ffd1, ID du processus
0x1394, heure de début de l’application 0x01cc0b3c2f052313.

Error - 05/05/2011 20:33:53 | Computer Name = PC-de-Utilisate | Source = Windows Search Service | ID = 3010
Description =

Error - 06/05/2011 17:26:36 | Computer Name = PC-de-Utilisate | Source = MsiInstaller | ID = 11905
Description =

Error - 06/05/2011 18:35:48 | Computer Name = PC-de-Utilisate | Source = Perflib | ID = 1010
Description =

Error - 06/05/2011 18:35:49 | Computer Name = PC-de-Utilisate | Source = Perflib | ID = 1008
Description =

Error - 06/05/2011 18:35:49 | Computer Name = PC-de-Utilisate | Source = Perflib | ID = 1005
Description =

Error - 06/05/2011 18:35:49 | Computer Name = PC-de-Utilisate | Source = Perflib | ID = 1017
Description =

[ OSession Events ]
Error - 26/12/2010 22:27:15 | Computer Name = PC-de-Utilisate | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 29/01/2011 19:08:53 | Computer Name = PC-de-Utilisate | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08/02/2011 01:04:04 | Computer Name = PC-de-Utilisate | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08/02/2011 18:59:10 | Computer Name = PC-de-Utilisate | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08/02/2011 18:59:25 | Computer Name = PC-de-Utilisate | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08/02/2011 19:35:08 | Computer Name = PC-de-Utilisate | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08/02/2011 19:35:41 | Computer Name = PC-de-Utilisate | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08/02/2011 23:41:02 | Computer Name = PC-de-Utilisate | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14/04/2011 00:37:14 | Computer Name = PC-de-Utilisate | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25/04/2011 13:52:50 | Computer Name = PC-de-Utilisate | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 06/05/2011 12:43:10 | Computer Name = PC-de-Utilisate | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 06/05/2011 15:19:43 | Computer Name = PC-de-Utilisate | Source = volsnap | ID = 393252
Description = Les clichés instantanés du volume C: ont été annulés car le stockage
du cliché instantané n'a pas pu s'agrandir en raison d'une limite utilisateur.

Error - 06/05/2011 17:40:21 | Computer Name = PC-de-Utilisate | Source = Service Control Manager | ID = 7000
Description =

Error - 06/05/2011 17:40:21 | Computer Name = PC-de-Utilisate | Source = Service Control Manager | ID = 7000
Description =

Error - 06/05/2011 18:13:42 | Computer Name = PC-de-Utilisate | Source = EventLog | ID = 6008
Description = L'arrêt système précédant à 17:11:56 le 06/05/2011 n'était pas prévu.

Error - 06/05/2011 18:15:05 | Computer Name = PC-de-Utilisate | Source = Service Control Manager | ID = 7000
Description =

Error - 06/05/2011 18:15:05 | Computer Name = PC-de-Utilisate | Source = Service Control Manager | ID = 7000
Description =

Error - 06/05/2011 18:15:34 | Computer Name = PC-de-Utilisate | Source = volsnap | ID = 393252
Description = Les clichés instantanés du volume C: ont été annulés car le stockage
du cliché instantané n'a pas pu s'agrandir en raison d'une limite utilisateur.

Error - 06/05/2011 18:18:57 | Computer Name = PC-de-Utilisate | Source = Service Control Manager | ID = 7022
Description =

Error - 06/05/2011 18:41:11 | Computer Name = PC-de-Utilisate | Source = DCOM | ID = 10010
Description =


< End of report >

Fanfoa

Unborn
Unborn

Posts : 3
Joined : 2011-05-07
Operating System : XP

View user profile

Back to top Go down

Re: Essential Cleaner virus problem

Post by Belahzur on Sun 08 May 2011, 12:44 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Essential Cleaner virus problem

Post by Sponsored content Today at 5:54 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum