Aller au contenu

maribo

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    251

  • Inscription

  • Dernière visite

  • Jours gagnés

    1

 Type de contenu 

Tout ce qui a été posté par maribo

  1. maribo
    tomtom avant de faire le 4e point quand j'ouvre ERUNT j'ai ça mais je ne sais pas ce que cela veut dire, je clic sur quoi ??????? moi j'ai vista
  2. maribo
    pour le 1er point il est sur DEMARRER....AUTOMATIQUE pour le 2r point Reconstruire ça n'a rien donné, donc j(ai fait le 3e point et ça m-a mis ça maintenant je vais passer au 4e et je te tiens au courant
  3. maribo
    et pour REGEDIT dans démarer rechercher peut-on faire qq chose si tu veux bien tomtom merci à toi
  4. maribo
    Ça y est, je viens de le faire...
  5. maribo
    bonjour tomtom, la fenêtre pour le moment je ne l'ai pas eut, mais ce n'est pas régulier, je peux l'avoir, maintenant et ne pas l'avoir demain par exemple !!!!! pour CyberLink Task Scheduler (CTS) (CLSched)? je n'ai pas trouvé j'ai trouvé que cela, est-ce la même chose........ que dois je faire
  6. maribo
    Désactiver des tâches planifiées ,Google Update,et HPceeSchedule ,HP Health check. ça y est,... ça c fait. windows i_explorer fire_fox test planifié m_contextuel
  7. maribo
    bonjour tomtom, en fait je n'ai pas de soucis quand j'ouvre la webcam ou autre, CLSched s'ouvre tout seul sans raison, par exemple quand l'ordi est sans "travailler", quand je rappuie sur une touche pour rallumer l'ordi, et bien il y a cette fenêtre CLSched et je n'ai pas trouvé QuickPlay Youcam ou UCam_Menu Ou encore ce qui concerne Cyberlink et pour REGEDIT dans démarer rechercher
  8. maribo
    bonjour tomtom je vais supprimer ce que tu me dis, et je voulais savoir peut-on voir aussi pour le post 95 CLSshed Mon lien et le petit raisin de regedit dans démarer rechercher y'a-t-il qq à faire aussi, si tu es d'accord merci RAPPORT DELFIX # DelFix v6.2 - Rapport créé le 15/11/2012 à 19:19:17 # Mis à jour le 11/11/2012 par Xplode # Système d'exploitation : Windows Vista Home Premium Service Pack 2 (32 bits) # Nom d'utilisateur : biscottee - PC-DE-BISCOTTEE # Exécuté depuis : C:\Users\biscottee\Desktop\delfix.exe # Option [suppression] ~~~~~~ Dossier(s) ~~~~~~ Supprimé : C:\_OTL Supprimé : C:\_OTM Supprimé : C:\32788R22FWJFW Supprimé : C:\ZHP Supprimé : C:\Users\biscottee\Desktop\RK_Quarantine Supprimé : C:\Program Files\ZHPDiag ~~~~~~ Fichier(s) ~~~~~~ Supprimé : C:\ComboFix.txt Supprimé : C:\SeafLog.txt Supprimé : C:\Users\biscottee\Desktop\OTL.exe Supprimé : C:\Users\biscottee\Desktop\OTM.exe Supprimé : C:\Users\biscottee\Desktop\RogueKiller.exe Supprimé : C:\Users\biscottee\Desktop\SecurityCheck.exe ~~~~~~ Registre ~~~~~~ Clé Supprimée : HKLM\SOFTWARE\OldTimer Tools Clé Supprimée : HKLM\SOFTWARE\Swearware ~~~~~~ Autres ~~~~~~ -> Prefetch Vidé ************************* DelFix[R1].txt - [1128 octets] - [15/11/2012 19:17:34] DelFix[R2].txt - [1184 octets] - [15/11/2012 19:18:16] DelFix[R3].txt - [1240 octets] - [15/11/2012 19:19:10] DelFix[s1].txt - [1171 octets] - [15/11/2012 19:19:17] ########## EOF - C:\DelFix[s1].txt - [1295 octets] ##########
  9. maribo
    :grin6: :grin6: :grin6: :grin6: :grin6: :grin6: tu sais quoi tom tom suite à fixit, je me suis dit je vais allée voir si le pare feu est opérationnel,,,,,,,,,,,et ça maaaaaaaarrrrcccccchhhhhhheeeeeeeeee, enfin, tout cela grace toi et tonton que je n'oublie pas, comme quoi la persévérence paie, je commençais à me dire qu'on n'allait pas y arriver :super: :super:
  10. maribo
    Tu as supprimer Combofix ? oui ça y est j'ai fait....... j'ai aussi fait les mises à jour, je vais faire le fix-it
  11. maribo
    excuses du retard, mais des travaux à la maison et la crève en plus, bonjour rapport sécuricheck Results of screen317's Security Check version 0.99.51 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 CCleaner Java 7 Update 7 Adobe Flash Player 11.4.402.287 Adobe Reader 9 Adobe Reader out of Date! Adobe Reader X (10.1.4) Mozilla Firefox (15.0.1) Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` pour le service pare-feu il était déjà en démarré______automatique pour le menu démarrer, si je tape par exemple "REGEDIT" dans "RECHERCHER" je n'ai pas comme tonton le petit icône raisin bleu de REGEDIT Vérifie Sinon applique ceci pour l'erreur 5 du service Par-Feu stp Diagnostiquer et réparer automatiquement les problèmes du service de pare-feu Windows est-ce-que je fais cela vu que le service pare-feu est déjà en DEMARRER____AUTOMATIQUE
  12. maribo
    rapport combo fix Mon lien
  13. maribo
    Le lecteur E c'est la partition Recovery de ton HP,il ne faut rien mettre dessus. E : tu as raison c la sauvegarde de HP et D : mes petites affaires c cela, genre courrier, dossiers, recettes etc.... je me suis trompée,...tu as raison
  14. maribo
    dernier rapport suivant ta demande OTL logfile created on: 11/11/2012 17:11:49 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\biscottee\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,17% Memory free 6,19 Gb Paging File | 5,36 Gb Available in Paging File | 86,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 223,55 Gb Total Space | 31,34 Gb Free Space | 14,02% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 196,78 Gb Free Space | 84,50% Space Free | Partition Type: NTFS Drive E: | 9,33 Gb Total Space | 1,62 Gb Free Space | 17,41% Space Free | Partition Type: NTFS Drive G: | 3,69 Gb Total Space | 0,84 Gb Free Space | 22,73% Space Free | Partition Type: FAT32 Computer Name: PC-DE-BISCOTTEE | User Name: biscottee | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/07 07:18:46 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe PRC - [2012/11/05 23:05:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\biscottee\Desktop\OTL.exe PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/08/28 06:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2009/08/24 12:22:34 | 000,069,632 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe PRC - [2009/07/21 21:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009/03/02 17:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe PRC - [2008/08/06 20:44:26 | 000,103,936 | ---- | M] (TechCity Solutions France) -- C:\Program Files\BboxUpdate\BTLiveUpdate.exe PRC - [2008/04/29 14:36:20 | 000,020,480 | ---- | M] (TechCity Solutions France) -- C:\Program Files\BboxUpdate\eSRunService.exe PRC - [2008/04/26 00:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe PRC - [2008/01/21 03:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WindowsMobile\wmdSync.exe ========== Modules (No Company Name) ========== MOD - [2008/06/25 21:34:52 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ========== Services (SafeList) ========== SRV - [2012/11/07 07:18:46 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012/09/06 02:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/08/28 06:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2009/08/24 12:22:34 | 000,069,632 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC) SRV - [2009/07/21 21:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV) SRV - [2009/03/02 17:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe -- (AESTFilters) SRV - [2008/04/29 14:36:20 | 000,020,480 | ---- | M] (TechCity Solutions France) [Auto | Running] -- C:\Program Files\BboxUpdate\eSRunService.exe -- (eStantLaunchService) SRV - [2008/04/26 00:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008/02/03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\WINDOWS\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008/01/21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ser2pl.sys -- (Ser2pl) DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ov550i.sys -- (APL531) DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/05/13 17:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011/05/13 17:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2009/10/03 05:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/08/24 12:22:32 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PCAMp50.sys -- (PCAMp50) DRV - [2009/08/24 12:22:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PCASp50.sys -- (PCASp50) DRV - [2009/07/21 21:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009/06/24 14:12:28 | 000,020,736 | ---- | M] (ZDC., Inc. (ZDC)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\ZDCndis5.sys -- (ZDCNDIS5) DRV - [2008/11/17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008/07/08 11:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008/05/14 03:09:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008/05/02 14:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/01/24 14:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir) DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\afc.sys -- (Afc) DRV - [2006/11/02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = duxet.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{230C22EE-865B-4F83-92C2-08CF69DA6578}: "URL" = Résultats AOL Search pour {searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-933493530-2020421775-582856056-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\biscottee\Desktop IE - HKU\S-1-5-21-933493530-2020421775-582856056-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle IE - HKU\S-1-5-21-933493530-2020421775-582856056-1000\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll () IE - HKU\S-1-5-21-933493530-2020421775-582856056-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-933493530-2020421775-582856056-1000\..\SearchScopes\{171B78CF-B423-4356-92AB-06382633E5CC}: "URL" = PC Astuces : L'entraide informatique francophone IE - HKU\S-1-5-21-933493530-2020421775-582856056-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Recherche Google IE - HKU\S-1-5-21-933493530-2020421775-582856056-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/11 13:31:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/04 20:26:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/11 13:31:36 | 000,000,000 | ---D | M] [2011/07/12 21:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\biscottee\AppData\Roaming\mozilla\Extensions [2011/07/12 21:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\biscottee\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012/08/23 20:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\biscottee\AppData\Roaming\mozilla\Firefox\Profiles\2vqr15wh.default\extensions [2012/10/06 21:30:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/09/06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/09/06 02:54:26 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml [2012/09/06 02:54:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/09/06 02:54:27 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2012/09/06 02:54:26 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml [2012/09/06 02:54:26 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml [2012/09/06 02:54:27 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml ========== Chrome ========== CHR - homepage: Google CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Google CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Users\biscottee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Recherche Google = C:\Users\biscottee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\biscottee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/11/08 22:46:11 | 000,000,019 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [bboxUpdate] C:\Program Files\BboxUpdate\eStantAutoRunV.exe (TechCity Solutions France) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\WINDOWS\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - Startup: C:\Users\biscottee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-933493530-2020421775-582856056-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-933493530-2020421775-582856056-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-933493530-2020421775-582856056-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-933493530-2020421775-582856056-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9E7ED88-3E55-4E1D-8282-AF860B0697FB}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\biscottee\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\biscottee\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/07/30 00:44:29 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/10/12 07:08:57 | 000,000,832 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/11/10 21:51:59 | 000,000,000 | ---D | C] -- C:\_OTL [2012/11/08 07:34:46 | 000,000,000 | ---D | C] -- C:\Users\biscottee\Desktop\RK_Quarantine [2012/11/07 08:09:11 | 000,000,000 | ---D | C] -- C:\Users\biscottee\AppData\Local\{CECF3050-F8D9-43F9-97B5-0AB596E3E9A5} [2012/11/05 23:05:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\biscottee\Desktop\OTL.exe [2012/11/04 16:43:19 | 000,000,000 | ---D | C] -- C:\_OTM [2012/11/04 16:40:42 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\biscottee\Desktop\OTM.exe [2012/11/02 21:54:26 | 000,000,000 | ---D | C] -- C:\Users\biscottee\AppData\Local\{AF14222B-5A2E-4F81-AE1E-3F39EA454664} [2012/11/01 22:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2012/11/01 22:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/10/31 12:09:40 | 000,000,000 | ---D | C] -- C:\Users\biscottee\Desktop\tomtom [2012/10/25 16:54:13 | 000,000,000 | ---D | C] -- C:\Users\biscottee\Documents\Creativa Nantes - Bon de réduction2_fichiers [2009/04/01 13:58:49 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe [2009/04/01 13:58:49 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe [2009/04/01 13:58:48 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe [2009/04/01 13:58:48 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe ========== Files - Modified Within 30 Days ========== [2012/11/11 17:08:22 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/11 17:08:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/11 17:06:11 | 000,113,489 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012/11/11 17:06:11 | 000,113,489 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012/11/11 17:06:10 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/11 17:06:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/11 17:06:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/11 17:05:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/11 17:05:52 | 3218,042,880 | -HS- | M] () -- C:\hiberfil.sys [2012/11/11 17:04:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/11/11 17:00:48 | 000,183,057 | ---- | M] () -- C:\Users\biscottee\Desktop\t1.jpg [2012/11/11 13:06:30 | 000,014,336 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys [2012/11/09 22:41:06 | 000,001,935 | ---- | M] () -- C:\Users\biscottee\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk [2012/11/08 14:12:24 | 000,119,296 | ---- | M] () -- C:\Users\biscottee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/11/08 07:18:48 | 000,662,016 | ---- | M] () -- C:\Users\biscottee\Desktop\RogueKiller.exe [2012/11/07 07:18:46 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/11/07 07:18:46 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/11/06 22:34:36 | 000,682,048 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2012/11/06 22:34:36 | 000,599,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/11/06 22:34:36 | 000,127,754 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2012/11/06 22:34:36 | 000,105,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/11/05 23:05:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\biscottee\Desktop\OTL.exe [2012/11/04 22:00:51 | 001,438,208 | ---- | M] () -- C:\Users\biscottee\b1p4_Reflexions.pps [2012/11/04 21:16:44 | 001,762,816 | ---- | M] () -- C:\Users\biscottee\Aurai-je-le-temps_(M.D).pps [2012/11/04 16:40:42 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\biscottee\Desktop\OTM.exe [2012/11/01 22:29:36 | 000,395,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/11/01 22:29:12 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbiscottee.job [2012/11/01 22:16:07 | 000,000,879 | ---- | M] () -- C:\Users\biscottee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2012/11/01 22:15:59 | 000,000,699 | ---- | M] () -- C:\Users\biscottee\Desktop\NTREGOPT.lnk [2012/11/01 22:15:59 | 000,000,680 | ---- | M] () -- C:\Users\biscottee\Desktop\ERUNT.lnk [2012/10/31 12:06:51 | 000,843,645 | ---- | M] () -- C:\Users\biscottee\Desktop\SFT.exe [2012/10/25 16:54:13 | 000,033,331 | ---- | M] () -- C:\Users\biscottee\Documents\Creativa Nantes - Bon de réduction2.htm [2012/10/21 20:53:32 | 000,010,658 | ---- | M] () -- C:\Users\biscottee\petits vieux de dos.gif [2012/10/20 11:32:16 | 000,001,356 | ---- | M] () -- C:\Users\biscottee\AppData\Local\d3d9caps.dat [2012/10/16 18:05:39 | 006,518,272 | ---- | M] () -- C:\Users\biscottee\17 MAGNIFIQUES PHOTOS.pps ========== Files Created - No Company Name ========== [2012/11/11 16:52:22 | 000,183,057 | ---- | C] () -- C:\Users\biscottee\Desktop\t1.jpg [2012/11/11 13:06:30 | 000,014,336 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys [2012/11/09 22:41:06 | 000,001,935 | ---- | C] () -- C:\Users\biscottee\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk [2012/11/08 07:18:43 | 000,662,016 | ---- | C] () -- C:\Users\biscottee\Desktop\RogueKiller.exe [2012/11/04 22:00:50 | 001,438,208 | ---- | C] () -- C:\Users\biscottee\b1p4_Reflexions.pps [2012/11/04 21:16:44 | 001,762,816 | ---- | C] () -- C:\Users\biscottee\Aurai-je-le-temps_(M.D).pps [2012/11/01 22:16:07 | 000,000,879 | ---- | C] () -- C:\Users\biscottee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2012/11/01 22:15:59 | 000,000,699 | ---- | C] () -- C:\Users\biscottee\Desktop\NTREGOPT.lnk [2012/11/01 22:15:59 | 000,000,680 | ---- | C] () -- C:\Users\biscottee\Desktop\ERUNT.lnk [2012/10/31 12:06:49 | 000,843,645 | ---- | C] () -- C:\Users\biscottee\Desktop\SFT.exe [2012/10/28 21:53:37 | 3218,042,880 | -HS- | C] () -- C:\hiberfil.sys [2012/10/25 19:34:44 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForbiscottee.job [2012/10/25 16:54:13 | 000,033,331 | ---- | C] () -- C:\Users\biscottee\Documents\Creativa Nantes - Bon de réduction2.htm [2012/10/21 20:53:37 | 000,010,658 | ---- | C] () -- C:\Users\biscottee\petits vieux de dos.gif [2012/10/20 22:37:21 | 000,001,002 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/10/20 17:13:53 | 000,097,292 | ---- | C] () -- C:\Users\biscottee\WonderDeal1100000395_1_1.pdf [2012/10/16 18:05:38 | 006,518,272 | ---- | C] () -- C:\Users\biscottee\17 MAGNIFIQUES PHOTOS.pps [2012/10/11 20:20:49 | 004,083,712 | ---- | C] () -- C:\Users\biscottee\Lapaloma.pps [2012/10/07 14:07:00 | 000,571,821 | ---- | C] () -- C:\Users\biscottee\3626.jpg [2012/10/07 14:06:21 | 000,154,781 | ---- | C] () -- C:\Users\biscottee\3677.jpg [2012/10/07 14:05:36 | 000,548,069 | ---- | C] () -- C:\Users\biscottee\petit oiseau.jpg [2012/10/07 14:02:57 | 000,011,325 | ---- | C] () -- C:\Users\biscottee\petits coeurs.gif [2012/10/07 14:01:36 | 000,022,162 | ---- | C] () -- C:\Users\biscottee\gland.png [2012/10/05 12:02:51 | 000,163,960 | ---- | C] () -- C:\Users\biscottee\Justificatif de domicile (facture fixe sept 2012).pdf [2012/10/05 11:42:58 | 000,628,322 | ---- | C] () -- C:\Users\biscottee\mode d'emploi_s_linge lolotte.pdf [2012/09/30 20:39:47 | 000,001,241 | ---- | C] () -- C:\Windows\hpomdl49.dat.temp [2012/09/30 14:25:08 | 000,126,735 | ---- | C] () -- C:\Users\biscottee\Groupon_super-u.pdf [2012/09/13 08:52:40 | 000,007,688 | ---- | C] () -- C:\Users\biscottee\justificatif amende moi.pdf [2012/09/12 16:38:43 | 000,359,866 | ---- | C] () -- C:\Users\biscottee\Conseils_pratiques.pdf [2012/09/12 15:26:09 | 001,242,562 | ---- | C] () -- C:\Users\biscottee\CAT.exe [2012/09/11 13:15:25 | 000,105,428 | ---- | C] () -- C:\Users\biscottee\!cid_848.jpg [2012/08/26 18:24:21 | 000,027,146 | ---- | C] () -- C:\Users\biscottee\automodeal_futuréo.pdf [2012/04/08 21:21:33 | 000,582,577 | ---- | C] () -- C:\Users\biscottee\adwcleaner.exe [2012/03/02 14:34:06 | 000,027,522 | ---- | C] () -- C:\Users\biscottee\Capturer55555555555555555555555555.JPG [2012/03/02 14:13:55 | 000,012,317 | ---- | C] () -- C:\Users\biscottee\Capturer2222222222222222222222.JPG [2012/03/02 14:03:44 | 000,012,868 | ---- | C] () -- C:\Users\biscottee\Capturerooooooooooooooooooooooooo..JPG [2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011/09/15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin [2011/05/25 20:31:18 | 000,231,706 | ---- | C] () -- C:\Windows\hpoins49.dat [2011/05/25 11:51:38 | 000,078,314 | ---- | C] () -- C:\Windows\hpqins05.dat.temp [2010/11/20 12:07:45 | 000,002,023 | ---- | C] () -- C:\Users\biscottee\justif amende vannes mr.html [2010/05/17 21:33:32 | 000,006,144 | -H-- | C] () -- C:\Users\biscottee\photothumb.db [2010/01/24 19:42:22 | 000,036,171 | ---- | C] () -- C:\Users\biscottee\nationpp.zip [2009/08/24 08:52:37 | 000,001,356 | ---- | C] () -- C:\Users\biscottee\AppData\Local\d3d9caps.dat [2009/03/09 22:32:26 | 008,513,742 | ---- | C] () -- C:\Users\biscottee\AppData\Roaming\UserTile.png [2009/03/06 23:39:33 | 000,119,296 | ---- | C] () -- C:\Users\biscottee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/06 11:30:19 | 000,000,249 | ---- | C] () -- C:\ProgramData\hpqp.ini [2009/03/06 11:25:52 | 000,113,489 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/03/06 11:25:24 | 000,113,489 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== ZeroAccess Check ========== [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/08/11 20:48:52 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\ActiPlayer [2012/01/01 18:32:57 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\Bump Technologies, Inc [2012/08/20 22:05:47 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\Capturino [2009/06/10 18:22:55 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\GARMIN [2009/12/12 23:18:07 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\Grafouillette [2010/04/12 09:48:08 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\HARVEST S.A [2012/11/11 16:51:33 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\INB Concept [2010/04/04 16:32:30 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\muvee Technologies [2009/04/15 21:00:47 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\Opera [2009/05/24 21:57:38 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\PeerNetworking [2010/01/28 10:22:45 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\PhotoFiltre [2012/01/21 21:02:18 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\Samsung [2011/06/04 13:55:58 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\TeamViewer [2011/07/12 21:36:32 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\TomTom [2009/11/16 22:21:32 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\TuneUp Software [2011/04/24 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\Uniblue [2012/08/05 17:49:37 | 000,000,000 | ---D | M] -- C:\Users\biscottee\AppData\Roaming\Wise Registry Cleaner ========== Purity Check ========== < End of report >
  15. maribo
    là avec le scipt du post 103 rapport OTL All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6932D140-ABC4-4073-A44C-D4A541665E35} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6932D140-ABC4-4073-A44C-D4A541665E35}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Post Image to Blog\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Tag This Image\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Transload Image to ImageShack\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Upload All Images to ImageShack\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Upload Image to ImageShack\ not found. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found. Starting removal of ActiveX control {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found. Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Starting removal of ActiveX control {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Adobe Reader Speed Launcher\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Malwarebytes Anti-Malware (cleanup)\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NvCplDaemon\ not found. C:\Users\biscottee\cfw_installer.exe moved successfully. C:\Program Files\Common Files\AskToolbarInstaller.exe moved successfully. C:\Users\biscottee\AppData\Roaming\SUPERAntiSpyware.com folder moved successfully. C:\Users\biscottee\AppData\Roaming\Symantec\NPMDataStore folder moved successfully. C:\Users\biscottee\AppData\Roaming\Symantec folder moved successfully. ADS C:\ProgramData\TEMP:206E2596 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: biscottee ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 245145988 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 4306 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 225963 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 102440046 bytes Total Files Cleaned = 332,00 mb [EMPTYFLASH] User: All Users User: biscottee ->Flash cache emptied: 0 bytes User: Default User: Default User User: Public Total Flash Files Cleaned = 0,00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 11112012_170336 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
  16. maribo
    Tu as bien une partition Windows XP, et Windows Vista sur cette ordinateur HP euh, je ne sais pas......je croyais que j'étais sous vista ???? comment je peux savoir pour te dire .?????? j'en ai meme plusieurs puisque j'ai essayé plusieurs fois le dernier est celui çi, mais tjrs pas finit..... Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess\ scheduled to be deleted on reboot. sinon je te montre ce que je vais faire suite à ta corection
  17. maribo
    non je viens de refaire comme tu as mis et il met une fois que j'appuie sur CORRECTION il tourne un tout petit peu et ça met OTL ne répond pas et c bloqué, quand je rallume l'ordi j'ai ce rapport Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess\ scheduled to be deleted on reboot.
  18. maribo
    TOMTOM j'essaye de faire OTL je copie colle le script que tu m'as mis, mais ça me mets ce programme ne réponds pas il doit rester bloquer... que dois-je faire ??? merci
  19. maribo
    rapport dns RogueKiller V8.2.3 [07/11/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/63) Website: RogueKiller Blog: tigzy-RK Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur : biscottee [Droits d'admin] Mode : DNS RAZ -- Date : 10/11/2012 21:45:02 ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 4 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{6459735B-7B14-4FC9-80FE-7BE609119E19} : NameServer (8.26.56.26,156.154.70.22) -> REMPLACÉ () [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{A9E7ED88-3E55-4E1D-8282-AF860B0697FB} : NameServer (8.26.56.26,156.154.70.22) -> REMPLACÉ () [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{6459735B-7B14-4FC9-80FE-7BE609119E19} : NameServer (8.26.56.26,156.154.70.22) -> REMPLACÉ () [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{A9E7ED88-3E55-4E1D-8282-AF860B0697FB} : NameServer (8.26.56.26,156.154.70.22) -> REMPLACÉ () ¤¤¤ Driver : [CHARGE] ¤¤¤ Termine : << RKreport[2]_DN_10112012_214502.txt >> RKreport[1]_S_10112012_214457.txt ; RKreport[2]_DN_10112012_214502.txt ___________________________________________________ RogueKiller V8.2.3 [07/11/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/63) Website: RogueKiller Blog: tigzy-RK Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur : biscottee [Droits d'admin] Mode : Recherche -- Date : 10/11/2012 21:44:57 ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 4 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{6459735B-7B14-4FC9-80FE-7BE609119E19} : NameServer (8.26.56.26,156.154.70.22) -> TROUVÉ [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{A9E7ED88-3E55-4E1D-8282-AF860B0697FB} : NameServer (8.26.56.26,156.154.70.22) -> TROUVÉ [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{6459735B-7B14-4FC9-80FE-7BE609119E19} : NameServer (8.26.56.26,156.154.70.22) -> TROUVÉ [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{A9E7ED88-3E55-4E1D-8282-AF860B0697FB} : NameServer (8.26.56.26,156.154.70.22) -> TROUVÉ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: FUJITSU MHZ2250BH G2 ATA Device +++++ --- User --- [MBR] 8064c9bfdc6e8e99174c47f08eeded98 [bSP] a967624eae82e1dd854f5efe5cb6850f : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: FUJITSU MHZ2250BH G2 ATA Device +++++ --- User --- [MBR] b55f124537908544b98e4926f7420f3c [bSP] 709a88ba9f9fba8b85f93dc7d7abf4ca : HP tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 228916 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 468822016 | Size: 9555 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: JMCR SD/MMC SCSI Disk Device +++++ --- User --- [MBR] 83b42057fb3fd1d945874c9bf1406a5b [bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[1]_S_10112012_214457.txt >> RKreport[1]_S_10112012_214457.txt
  20. maribo
    oups !!!!!! je me suis trompée dans les rapports raccourci RAZ RogueKiller V8.2.3 [07/11/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/63) Website: RogueKiller Blog: tigzy-RK Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur : biscottee [Droits d'admin] Mode :Raccourcis RAZ -- Date : 08/11/2012 22:47:23 ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ ¤¤¤ Attributs de fichiers restaures: ¤¤¤ Bureau: Success 1 / Fail 0 Lancement rapide: Success 0 / Fail 0 Programmes: Success 21 / Fail 0 Menu demarrer: Success 0 / Fail 0 Dossier utilisateur: Success 279 / Fail 0 Mes documents: Success 9 / Fail 9 Mes favoris: Success 0 / Fail 0 Mes images: Success 2 / Fail 0 Ma musique: Success 6 / Fail 0 Mes videos: Success 0 / Fail 0 Disques locaux: Success 316 / Fail 0 Sauvegarde: [NOT FOUND] Lecteurs: [C:] \Device\HarddiskVolume1 -- 0x3 --> Restored [D:] \Device\HarddiskVolume3 -- 0x3 --> Restored [E:] \Device\HarddiskVolume2 -- 0x3 --> Restored [F:] \Device\CdRom0 -- 0x5 --> Skipped [G:] \Device\HarddiskVolume4 -- 0x2 --> Restored Termine : << RKreport[6]_SC_08112012_224723.txt >> RKreport[1]_S_08112012_224535.txt ; RKreport[2]_D_08112012_224600.txt ; RKreport[3]_H_08112012_224611.txt ; RKreport[4]_PR_08112012_224618.txt ; RKreport[5]_DN_08112012_224626.txt ; RKreport[6]_SC_08112012_224723.txt __________________________________________________________ rapport HOST RAZ RogueKiller V8.2.3 [07/11/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/63) Website: RogueKiller Blog: tigzy-RK Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur : biscottee [Droits d'admin] Mode : HOSTS RAZ -- Date : 08/11/2012 22:46:11 ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 0 ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ Nouveau fichier HOSTS: ¤¤¤ 127.0.0.1 localhost Termine : << RKreport[3]_H_08112012_224611.txt >> RKreport[1]_S_08112012_224535.txt ; RKreport[2]_D_08112012_224600.txt ; RKreport[3]_H_08112012_224611.txt _____________________________________________________ RAPPORT DNS RogueKiller V8.2.3 [07/11/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/63) Website: RogueKiller Blog: tigzy-RK Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur : biscottee [Droits d'admin] Mode : DNS RAZ -- Date : 08/11/2012 22:46:26 ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 4 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{6459735B-7B14-4FC9-80FE-7BE609119E19} : NameServer (8.26.56.26,156.154.70.22) -> NON SELECTIONNÉ [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{A9E7ED88-3E55-4E1D-8282-AF860B0697FB} : NameServer (8.26.56.26,156.154.70.22) -> NON SELECTIONNÉ [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{6459735B-7B14-4FC9-80FE-7BE609119E19} : NameServer (8.26.56.26,156.154.70.22) -> NON SELECTIONNÉ [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{A9E7ED88-3E55-4E1D-8282-AF860B0697FB} : NameServer (8.26.56.26,156.154.70.22) -> NON SELECTIONNÉ ¤¤¤ Driver : [CHARGE] ¤¤¤ Termine : << RKreport[5]_DN_08112012_224626.txt >> RKreport[1]_S_08112012_224535.txt ; RKreport[2]_D_08112012_224600.txt ; RKreport[3]_H_08112012_224611.txt ; RKreport[4]_PR_08112012_224618.txt ; RKreport[5]_DN_08112012_224626.txt __________________________________________________ Proxy raz RogueKiller V8.2.3 [07/11/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/63) Website: RogueKiller Blog: tigzy-RK Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur : biscottee [Droits d'admin] Mode : Proxy RAZ -- Date : 08/11/2012 22:46:18 ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 0 ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ Termine : << RKreport[4]_PR_08112012_224618.txt >> RKreport[1]_S_08112012_224535.txt ; RKreport[2]_D_08112012_224600.txt ; RKreport[3]_H_08112012_224611.txt ; RKreport[4]_PR_08112012_224618.txt __________________________________________________________
  21. maribo
    rapports RogueKiller V8.2.3 [07/11/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/63) Website: RogueKiller Blog: tigzy-RK Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur : biscottee [Droits d'admin] Mode : Recherche -- Date : 08/11/2012 22:45:35 ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 14 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{6459735B-7B14-4FC9-80FE-7BE609119E19} : NameServer (8.26.56.26,156.154.70.22) -> TROUVÉ [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{A9E7ED88-3E55-4E1D-8282-AF860B0697FB} : NameServer (8.26.56.26,156.154.70.22) -> TROUVÉ [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{6459735B-7B14-4FC9-80FE-7BE609119E19} : NameServer (8.26.56.26,156.154.70.22) -> TROUVÉ [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{A9E7ED88-3E55-4E1D-8282-AF860B0697FB} : NameServer (8.26.56.26,156.154.70.22) -> TROUVÉ [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> TROUVÉ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> TROUVÉ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> TROUVÉ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> TROUVÉ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> TROUVÉ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> TROUVÉ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> TROUVÉ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> TROUVÉ [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: FUJITSU MHZ2250BH G2 ATA Device +++++ --- User --- [MBR] 8064c9bfdc6e8e99174c47f08eeded98 [bSP] a967624eae82e1dd854f5efe5cb6850f : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: FUJITSU MHZ2250BH G2 ATA Device +++++ --- User --- [MBR] b55f124537908544b98e4926f7420f3c [bSP] 709a88ba9f9fba8b85f93dc7d7abf4ca : HP tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 228916 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 468822016 | Size: 9555 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: JMCR SD/MMC SCSI Disk Device +++++ --- User --- [MBR] 83b42057fb3fd1d945874c9bf1406a5b [bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[1]_S_08112012_224535.txt >> RKreport[1]_S_08112012_224535.txt ____________________________________________________________ RogueKiller V8.2.3 [07/11/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/63) Website: RogueKiller Blog: tigzy-RK Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur : biscottee [Droits d'admin] Mode : Suppression -- Date : 08/11/2012 22:46:00 ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 14 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{6459735B-7B14-4FC9-80FE-7BE609119E19} : NameServer (8.26.56.26,156.154.70.22) -> NON SUPPRIMÉ, UTILISER DNS RAZ [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{A9E7ED88-3E55-4E1D-8282-AF860B0697FB} : NameServer (8.26.56.26,156.154.70.22) -> NON SUPPRIMÉ, UTILISER DNS RAZ [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{6459735B-7B14-4FC9-80FE-7BE609119E19} : NameServer (8.26.56.26,156.154.70.22) -> NON SUPPRIMÉ, UTILISER DNS RAZ [DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{A9E7ED88-3E55-4E1D-8282-AF860B0697FB} : NameServer (8.26.56.26,156.154.70.22) -> NON SUPPRIMÉ, UTILISER DNS RAZ [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> SUPPRIMÉ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REMPLACÉ (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REMPLACÉ (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REMPLACÉ (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REMPLACÉ (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REMPLACÉ (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REMPLACÉ (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REMPLACÉ (1) [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: FUJITSU MHZ2250BH G2 ATA Device +++++ --- User --- [MBR] 8064c9bfdc6e8e99174c47f08eeded98 [bSP] a967624eae82e1dd854f5efe5cb6850f : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: FUJITSU MHZ2250BH G2 ATA Device +++++ --- User --- [MBR] b55f124537908544b98e4926f7420f3c [bSP] 709a88ba9f9fba8b85f93dc7d7abf4ca : HP tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 228916 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 468822016 | Size: 9555 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: JMCR SD/MMC SCSI Disk Device +++++ --- User --- [MBR] 83b42057fb3fd1d945874c9bf1406a5b [bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[2]_D_08112012_224600.txt >> RKreport[1]_S_08112012_224535.txt ; RKreport[2]_D_08112012_224600.txt _________________________________________________________ RogueKiller V8.2.3 [07/11/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/63) Website: RogueKiller Blog: tigzy-RK Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur : biscottee [Droits d'admin] Mode : HOSTS RAZ -- Date : 08/11/2012 22:46:11 ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 0 ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ Nouveau fichier HOSTS: ¤¤¤ 127.0.0.1 localhost Termine : << RKreport[3]_H_08112012_224611.txt >> RKreport[1]_S_08112012_224535.txt ; RKreport[2]_D_08112012_224600.txt ; RKreport[3]_H_08112012_224611.txt ________________________________________ _______________________________________________ et pour ça il y a qq chose à faire clsched module fait partie des plusieurs programmes CyberLink Sur ton pc tu as QPService qui appartient HP QuickPlay programme CyberLink Comme UCam_Menu Liée à CyberLink YouCam Le problème vient surement de ces logiciels.
  22. maribo
    bonjour tomtom, alors sur D je dois avoir la sauvegarde du PC je crois. sur E se sont mas petites affaires etc........ Pour l'analyse avec l'outil OTL tu n'as pas cocher tous les utilisateurs je dois refaire OTL en sachant que je suis la seule utilisatrice de mon pc, il n'y a pas d'autres comptes... pour le moment je ne fais que ROGKILLER et MALWAREBYTE'S...c cela Biscottee c moi oui, j'ai eu un gros soucis suite à être allée sur un sîte de maquillage que j'allais régulièrement, et après avoir téléphoner à la personne pour le lui dire elle ne savait pas qu'elle avait été piratée..... et cela je me suis faite avoir 2x de suite. C d'ailleurs après cette infection que l'on arrive pas à remettre le pare-feu. RAPPORT ROGKILLER Mon lien RAPPORT MALWAREBYTE'S Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Version de la base de données: v2012.11.08.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 biscottee :: PC-DE-BISCOTTEE [administrateur] 08/11/2012 07:44:47 mbam-log-2012-11-08 (07-44-47).txt Type d'examen: Examen complet (C:\|D:\|E:\|F:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 389032 Temps écoulé: 1 heure(s), 28 minute(s), 2 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 0 (Aucun élément nuisible détecté) (fin) J'ai souvent cette fenêtre qui s'ouvre....
  23. maribo
    rapport OTL Mon lien Mon lien
  24. maribo
    je n'ai pas trouvé recherches windows par contre je vois windows search ici autrement je fait OTL ce soir j'ai téléchargé windows search, c normal que ça me mette ça aussi.......
  25. maribo
    bonjour tomtom, je n'ai pas de windows_search, et j'ai fait l'indexation
×
×
  • Créer...