dogmoa

bonjour, oui j' ai respecté tes consignes. et je suis passé à l' étape suivante . quand je lance GMER la machine s' éteint et se relance toute seule

bonjour ESET refuse de telecharger la base des données voici le message." can not be get update . is the proxy configured?" bon WE

bonsoir lance je vais un peu te décevoir mais je n' ai pas avancé. en fait j' ai téléchargé combofix sur le bureau , fermé toutes les applications et lancé le scan puis la machine s' est relancé toute seule et je ne retrouve pas le rapport. j' ai fait démarrer > chercher et j' ai des trucs que je ne peux pas ouvrir en plus il se passe quelque chose de bizarre , toutes les écritures disparaissent . j' ai été obligé de relancer la machine. @+

quand je télécharge, il va automatiquement dans mes "documents" et le problème reste entier càd a la fin du scan la machine se relance toute seulle et je ne retrouve pas le rapport

merci lance , mais je ne voie rien

bonjour lance_yien j' ai lancé combofix et l' auto scan a commencé puis sans que aucun message ne s' affiche la machine a redémarre et je ne retrouve pas le rapport est ce normal?

quand je lance defogger(en premier) aprés avoir cliqué sur ok quelque temps après (je je suppose que c' est à la fin) une fenêtre s'ouvre avec activer et réactiver je ne sais pas si c' est une invitation à réactiver

All processes killed Error: Unable to interpret <OTL> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ss_bmdm.sys -- (ss_bmdm)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~3.WIN\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)> in the current context! Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found> in the current context! Error: Unable to interpret <O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.> in the current context! Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [] File not found> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Cmaudio] File not found> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [KernelFaultCheck] File not found> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [KiesTrayAgent] File not found> in the current context! Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)> in the current context! Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)> in the current context! Error: Unable to interpret <[2010/11/17 22:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover> in the current context! Error: Unable to interpret <@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1> in the current context! ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur User: Administrateur.WINXPCRA-04724F ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 592 bytes User: Administrateur.WINXPCRA-1E9714 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 348 bytes User: Administrateur.WINXPCRA-E6E327 ->Temp folder emptied: 20662414 bytes ->Temporary Internet Files folder emptied: 267811853 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 53423001 bytes ->Flash cache emptied: 12186 bytes User: All Users User: All Users.WINDOWS User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User.WINDOWS ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService.AUTORITE NT ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService.AUTORITE NT.000 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService.AUTORITE NT.001 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService.AUTORITE NT.002 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService.AUTORITE NT ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService.AUTORITE NT.000 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService.AUTORITE NT.001 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService.AUTORITE NT.002 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: PC ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 1543 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 96183 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 67337760 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 390,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Restore points cleared and new OTL Restore Point set! OTL by OldTimer - Version 3.2.17.3 log created on 11202010_151702 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\ZLT02dc3.TMP not found! File\Folder C:\WINDOWS\temp\ZLT02dc7.TMP not found! Registry entries deleted on Reboot...

bonjour, voici le rapport demandé. Wininit.ini - Le scanner antivirus de Jotti muzapp.exe - Le scanner antivirus de Jotti A+

le 3éme rapport Results of screen317's Security Check version 0.99.5 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Avira AntiVir Personal - Free Antivirus ZoneAlarm Antivirus out of date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 CCleaner (remove only) Java 6 Update 21 Adobe Flash Player 10.1.102.64 Adobe Reader 9.4.0 - Français Mozilla Firefox (3.6.12) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe Zone Labs ZoneAlarm zlclient.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log````````````

bonsoir lance_yien voici le rapport OTL OTL logfile created on: 19/11/2010 21:06:12 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Bureau Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 511,00 Mb Total Physical Memory | 246,00 Mb Available Physical Memory | 48,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 31,48 Gb Total Space | 13,94 Gb Free Space | 44,29% Space Free | Partition Type: NTFS Computer Name: WINXPCRA-E6E327 | User Name: Administrateur | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/11/18 21:47:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Bureau\OTL.exe PRC - [2010/09/20 22:07:44 | 000,932,288 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe PRC - [2010/08/17 13:39:03 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/08/17 13:38:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/08/17 13:38:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/05/14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe PRC - [2010/05/14 10:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe PRC - [2010/05/01 07:50:00 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\system32\dgdersvc.exe PRC - [2010/01/14 22:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/12/22 03:31:26 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe PRC - [2009/03/10 21:18:20 | 000,970,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe PRC - [2009/02/23 14:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/07/09 09:05:20 | 000,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2008/07/09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe PRC - [2008/05/08 00:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010/11/18 21:47:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Bureau\OTL.exe MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2006/05/03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll ========== Win32 Services (SafeList) ========== SRV - [2010/08/17 13:39:03 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/08/17 13:38:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/05/01 07:50:00 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\dgdersvc.exe -- (dgdersvc) SRV - [2009/12/22 03:31:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009/09/26 03:31:58 | 000,149,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2009/07/20 10:51:52 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008/11/11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/07/09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2008/05/08 00:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ss_bmdm.sys -- (ss_bmdm) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~3.WIN\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio) DRV - [2010/08/17 13:39:11 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010/08/17 13:39:11 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/06/17 15:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/06/17 15:27:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2010/05/01 07:50:00 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2009/12/22 03:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009/12/08 16:28:27 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009/09/19 06:30:10 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bserd.sys -- (ss_bserd) DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008/07/09 09:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008/03/17 17:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX) DRV - [2008/03/11 16:18:56 | 000,068,762 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C) DRV - [2008/02/27 03:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan) DRV - [2007/07/19 15:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2007/03/18 17:15:00 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007/03/18 16:15:06 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC) DRV - [2006/01/19 09:17:38 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2006/01/19 04:44:46 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf) DRV - [2004/10/15 18:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb) DRV - [2002/04/11 21:01:22 | 000,003,033 | ---- | M] (VIA Technologies. Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\VIAPFD.SYS -- (VIAPFD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "http://fr.search.yahoo.com/search?fr=ffsp1&p=" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "http://fr.yahoo.com/" FF - prefs.js..extensions.enabledItems: [email protected]:1.19 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - prefs.js..extensions.enabledItems: [email protected]:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: [email protected]:20100720 FF - prefs.js..keyword.URL: "http://start.facemoods.com/results.php?f=5&a=tweak&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/07 19:25:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/07 17:41:04 | 000,000,000 | ---D | M] [2010/08/29 10:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Application Data\Mozilla\Extensions [2010/08/29 10:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Application Data\Mozilla\Extensions\[email protected] [2010/11/17 23:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Application Data\Mozilla\Firefox\Profiles\ngbmol9m.default\extensions [2010/05/26 20:50:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Application Data\Mozilla\Firefox\Profiles\ngbmol9m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/19 21:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Application Data\Mozilla\Firefox\Profiles\ngbmol9m.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010/11/09 20:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Application Data\Mozilla\Firefox\Profiles\ngbmol9m.default\extensions\[email protected] [2009/09/17 20:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Application Data\Mozilla\Firefox\Profiles\ngbmol9m.default\extensions\[email protected] [2009/12/03 10:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Application Data\Mozilla\Firefox\Profiles\ngbmol9m.default\extensions\[email protected] [2010/11/17 23:23:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/09/19 11:13:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/10/27 06:39:58 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2010/10/27 06:39:58 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/10/27 06:39:58 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2010/10/18 13:14:12 | 000,002,037 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchtweak.xml [2010/10/27 06:39:58 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/10/27 06:39:58 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2006/03/02 11:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cmaudio] File not found O4 - HKLM..\Run: [DriverReviver] C:\Program Files\Reviversoft\Driver Reviver\DriverReviver.exe File not found O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC) O4 - HKCU..\Run: [KiesTrayAgent] File not found O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe File not found O4 - HKCU..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe File not found O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm () O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/08/05 22:48:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/11/18 21:47:52 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Bureau\OTL.exe [2010/11/17 22:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover [2010/11/16 20:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ReviverSoft [2010/11/15 12:12:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010/11/13 22:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Application Data\Avira [2010/11/11 16:48:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/11/11 16:48:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/11/11 16:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/11 12:01:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Recent [2010/11/09 20:39:41 | 000,042,384 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\zllsputility_loc040c.dll [2010/11/09 20:39:40 | 000,054,672 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsutil_loc040c.dll [2010/11/09 20:39:32 | 000,075,248 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe [2010/11/09 20:39:18 | 000,127,768 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2010/11/09 20:38:55 | 000,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsregexp.dll [2010/11/09 20:38:53 | 000,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcomm.dll [2010/11/09 20:38:53 | 000,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcommdb.dll [2010/11/09 20:38:48 | 000,046,568 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vswmi.dll [2010/11/09 20:38:47 | 001,086,952 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\zpeng24.dll [2010/11/09 20:38:47 | 000,099,816 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsxml.dll [2010/11/09 20:38:46 | 000,275,944 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vspubapi.dll [2010/11/09 20:38:46 | 000,103,912 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsmonapi.dll [2010/11/09 20:38:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs [2010/11/09 20:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs [2010/11/09 20:38:45 | 000,394,952 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys [2010/11/09 20:37:24 | 000,472,552 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsutil.dll [2010/11/09 20:37:24 | 000,157,160 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsinit.dll [2010/11/09 20:37:24 | 000,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdata.dll [2010/11/07 15:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Application Data\facemoods.com [2010/11/07 14:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Local Settings\Application Data\PackageAware [2010/11/07 14:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Application Data\Registry Mechanic [2010/11/07 14:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP [2010/11/07 14:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Application Data\ATI [2010/11/07 14:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Local Settings\Application Data\ATI [2010/11/07 14:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2010/11/07 14:09:57 | 000,000,000 | ---D | C] -- C:\ATI [2010/11/07 13:57:31 | 000,003,033 | ---- | C] (VIA Technologies. Inc.) -- C:\WINDOWS\System32\drivers\VIAPFD.SYS [2010/11/07 13:57:30 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe [2010/11/07 13:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\WINDOWS [2010/11/07 13:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Application Data\Reviversoft [2010/11/07 13:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Local Settings\Application Data\PC_Drivers_Headquarters [2010/11/07 13:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Driver Whiz [2010/11/07 13:01:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Mes documents\Downloads [2010/11/07 13:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Driver Mender [2010/11/07 12:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Application Data\Carambis [2010/11/06 12:44:51 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed [2010/10/30 11:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight ========== Files - Modified Within 30 Days ========== [2010/11/19 21:05:04 | 000,876,576 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010/11/19 20:53:33 | 000,358,381 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2010/11/19 20:53:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/11/19 20:52:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/11/18 22:39:41 | 000,011,156 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2010/11/18 21:50:50 | 000,869,051 | ---- | M] () -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Bureau\SecurityCheck.exe [2010/11/18 21:47:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Bureau\OTL.exe [2010/11/17 22:54:36 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Bureau\AD-R.lnk [2010/11/17 22:42:47 | 000,017,169 | ---- | M] () -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Mes documents\courbe.xlsx [2010/11/17 19:53:43 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Bureau\Copie de SuiviProjet_courbeSuivi.xls [2010/11/17 19:52:46 | 000,082,944 | ---- | M] () -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Bureau\Copie de courbe inclusion.xls [2010/11/16 20:44:23 | 000,003,688 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/11/16 19:40:30 | 000,000,010 | ---- | M] () -- C:\WINDOWS\Wininit.ini [2010/11/11 21:24:47 | 000,000,212 | -HS- | M] () -- C:\boot.ini [2010/11/11 16:48:33 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk [2010/11/09 20:50:42 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2010/11/07 17:41:08 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/11/07 17:41:08 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Mozilla Firefox.lnk [2010/11/07 15:46:42 | 000,002,140 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini [2010/11/07 15:27:40 | 000,261,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/11/07 12:48:58 | 000,004,990 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\mtbjfghn.xbe [2010/11/07 12:27:19 | 000,000,092 | ---- | M] () -- C:\WINDOWS\CMISETUP.INI [2010/11/07 12:27:19 | 000,000,026 | ---- | M] () -- C:\WINDOWS\CMCDPLAY.INI [2010/11/06 12:44:52 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Bureau\WhoCrashed.lnk [2010/10/31 11:26:21 | 000,513,080 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2010/10/31 11:26:21 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/10/31 11:26:21 | 000,085,404 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2010/10/31 11:26:21 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat ========== Files Created - No Company Name ========== [2010/11/18 21:50:57 | 000,869,051 | ---- | C] () -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Bureau\SecurityCheck.exe [2010/11/17 22:54:35 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Bureau\AD-R.lnk [2010/11/17 22:42:47 | 000,017,169 | ---- | C] () -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Mes documents\courbe.xlsx [2010/11/17 19:53:42 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Bureau\Copie de SuiviProjet_courbeSuivi.xls [2010/11/17 19:52:45 | 000,082,944 | ---- | C] () -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Bureau\Copie de courbe inclusion.xls [2010/11/16 20:44:23 | 000,003,688 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/11/11 21:24:48 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk [2010/11/11 21:24:48 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk [2010/11/11 16:48:33 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk [2010/11/09 20:42:50 | 000,876,576 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010/11/09 20:42:50 | 000,011,156 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2010/11/09 20:39:41 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc040c.dll [2010/11/09 20:39:41 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc040c.dll [2010/11/09 20:38:56 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2010/11/09 20:38:45 | 000,358,381 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml [2010/11/07 12:48:58 | 000,004,990 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\mtbjfghn.xbe [2010/11/07 12:27:19 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2010/11/07 12:27:19 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2010/11/07 12:27:17 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Wininit.ini [2010/11/07 12:27:05 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe [2010/11/07 12:27:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll [2010/11/07 12:25:21 | 000,002,140 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010/11/07 12:25:20 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2010/11/06 12:44:52 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Bureau\WhoCrashed.lnk [2010/06/20 10:53:11 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010/06/20 10:53:11 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010/06/20 10:52:57 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Application Data\$_hpcst$.hpc [2009/11/09 03:08:10 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2009/11/09 03:08:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2009/11/09 03:08:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2009/11/09 03:08:10 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2009/10/06 08:16:00 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/09/30 09:49:11 | 000,000,019 | ---- | C] () -- C:\WINDOWS\compedia.ini [2009/09/28 18:34:47 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009/09/28 18:34:46 | 000,000,434 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009/08/30 09:52:28 | 000,000,395 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log [2009/08/23 21:04:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt [2009/08/23 15:25:22 | 000,000,068 | ---- | C] () -- C:\WINDOWS\spn.INI [2009/08/23 15:24:33 | 000,000,068 | ---- | C] () -- C:\WINDOWS\Crypkey.ini [2009/08/23 15:24:30 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys [2009/08/23 15:24:30 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll [2009/08/23 13:51:47 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/08/23 13:48:26 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2009/08/23 12:12:30 | 000,000,153 | ---- | C] () -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Local Settings\Application Data\fusioncache.dat [2007/05/13 15:12:03 | 000,000,139 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2003/02/19 01:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1 < End of report > ici le deuxième rapport. OTL Extras logfile created on: 19/11/2010 21:06:12 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Bureau Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 511,00 Mb Total Physical Memory | 246,00 Mb Available Physical Memory | 48,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 31,48 Gb Total Space | 13,94 Gb Free Space | 44,29% Space Free | Partition Type: NTFS Computer Name: WINXPCRA-E6E327 | User Name: Administrateur | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = 1 "FirewallOverride" = 1 "DisablePagingExecutive" = 1 "LargeSystemCache" = 0 "SecondLevelDataCache" = 512 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 4 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{0a2f59c4-e5d9-4fed-9d2e-d9935e76ea21}" = Nero 9 Essentials "{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare "{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2}" = Client Windows Rights Management avec Service Pack 2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 21 "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload "{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}" = Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français) "{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns "{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations "{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}" = ArcSoft PhotoImpression 4 "{6901DD22-527A-41EF-9059-E81FEDE9E494}" = Windows Presentation Foundation Language Pack (FRA) "{6DE39343-0C7E-4b3a-8BDC-A846B7A8CAFE}" = CameraDrivers "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{78FD2974-C98B-4b84-9E9F-1AEE16AE0029}" = HP Appareils photos Photosmart 4.5 "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update "{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1 "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12 "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007 "{90120000-0015-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007 "{90120000-0019-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007 "{90120000-001A-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_PROR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_PROR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007 "{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_PROR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90283F22-0731-43B6-81FD-E6DD911A31FB}" = Microsoft SQL Server Native Client "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007 "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{A157DF9D-462F-4BF9-8C5E-3854BC9CC08F}" = HP Digital Photo Advisor "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.0 - Français "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B168C59D-5FCF-4EEC-B464-BFA7A8266150}" = Windows Communication Foundation Language Pack - FRA "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B84C141C-9A13-44BE-9A69-301D7B11D836}" = Windows Workflow Foundation FR Language Pack "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{C74B273E-DF20-4955-899B-15205119894C}" = Microsoft SQL Server VSS Writer "{C79A37F3-C076-48BE-B290-F4C8676ABD74}" = Samsung PC Studio 3 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade "{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}" = Microsoft .NET Framework 3.0 French Language Pack "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{EC905264-BCFE-423B-9C42-C3A106266790}" = SP2 de compatibilité descendante du client Windows Rights Management "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA "{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates "504244733D18C8F63FF584AEB290E3904E791693" = Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Ad-Remover" = Ad-Remover By C_XX "All ATI Software" = ATI - Software Uninstall Utility "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner (remove only) "C-Media Audio Driver" = C-Media WDM Audio Driver "Dual Mode Camera_is1" = Uninstall Dual Mode Camera "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.6 "HijackThis" = HijackThis 2.0.2 "HP Photo & Imaging" = HP Image Zone 4.5 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies "Jhoos" = Jhoos "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA "Microsoft .NET Framework 3.0 French Language Pack" = Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "MyFreeCodec" = MyFreeCodec "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PROPLUS" = Microsoft Office Professional Plus 2007 "PROR" = Version d'évaluation de Microsoft Office Professional 2007 "SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set "Uninstall_is1" = Uninstall 1.0.0.1 "Veetle TV" = Veetle TV 0.9.17 "VLC media player" = VLC media player 1.0.1 "WhoCrashed_is1" = WhoCrashed 2.10 "WIC" = Windows Imaging Component "Windows XP Service" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Installation Windows Live "WinRAR archiver" = WinRAR archiver "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Search Defender" = Yahoo! Search Protection "Yahoo! Software Update" = Yahoo! Software Update "ZoneAlarm" = ZoneAlarm ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "MyFreeCodec" = MyFreeCodec ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 16/11/2010 16:26:04 | Computer Name = WINXPCRA-E6E327 | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré. Error - 16/11/2010 16:30:45 | Computer Name = WINXPCRA-E6E327 | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré. Error - 17/11/2010 14:38:17 | Computer Name = WINXPCRA-E6E327 | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré. Error - 17/11/2010 18:04:44 | Computer Name = WINXPCRA-E6E327 | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré. Error - 18/11/2010 15:17:21 | Computer Name = WINXPCRA-E6E327 | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré. Error - 18/11/2010 16:42:27 | Computer Name = WINXPCRA-E6E327 | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré. Error - 18/11/2010 17:18:59 | Computer Name = WINXPCRA-E6E327 | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré. Error - 18/11/2010 17:23:09 | Computer Name = WINXPCRA-E6E327 | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré. Error - 19/11/2010 15:48:23 | Computer Name = WINXPCRA-E6E327 | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré. Error - 19/11/2010 15:52:45 | Computer Name = WINXPCRA-E6E327 | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré. [ System Events ] Error - 15/11/2010 07:54:25 | Computer Name = WINXPCRA-E6E327 | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 15/11/2010 07:54:30 | Computer Name = WINXPCRA-E6E327 | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 15/11/2010 07:54:35 | Computer Name = WINXPCRA-E6E327 | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 15/11/2010 07:54:40 | Computer Name = WINXPCRA-E6E327 | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 15/11/2010 07:54:45 | Computer Name = WINXPCRA-E6E327 | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 15/11/2010 07:54:49 | Computer Name = WINXPCRA-E6E327 | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 15/11/2010 07:54:54 | Computer Name = WINXPCRA-E6E327 | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 15/11/2010 07:54:59 | Computer Name = WINXPCRA-E6E327 | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 15/11/2010 07:55:04 | Computer Name = WINXPCRA-E6E327 | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 15/11/2010 07:55:09 | Computer Name = WINXPCRA-E6E327 | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. < End of report >

lance_yien, j' ai un souci je ne peux pas exécuter OTL entant que admin. j' ai ce message " impossible d' ouvrie une cession. restriction de compte d' utilisateur. les raisons possibles sont les mots de passe vides". je ne me souviens pas avoir mis un mot de passe et si je l' ai fait je l' ai certainement oublié.

voici le raport MBAM Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 5147 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 18/11/2010 21:37:32 mbam-log-2010-11-18 (21-37-32).txt Type d'examen: Examen complet (C:\|) Elément(s) analysé(s): 293656 Temps écoulé: 1 heure(s), 8 minute(s), 39 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\nigzss.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\PC\nigzss.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\logfile32.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\nigzss.txt (Malware.Trace) -> Quarantined and deleted successfully.

mille fois merci à bientôt.

bonjour lance_yien je te remercie d' avance pour ton aide. je tiens juste à te signaler que certaines instructions qui peuvent paraître banales peuvent devenir pour moi un veritable casse tête par ex:"Prendre l'habitude de désactiver tous les programmes de protection au début de chaque nouvelle étape et de les réactiver à la fin". peux tu m' indiquer la démarche à suivre? j' ai lancé malwarebyte et je te fais signe dés que ce sera terminé. une fois de plus merci

salut tonton, je te signale que Lance_yien de la section analyse et éradication des malwares m' apris en charge. le problème c' est que ses instructions sont longues et je n' ai pas d' imprimante j' espère que j' y parviendrai. en revanche qu'est ce que je fait de tes instuctions? j' ai lancer MBAM;

Au secours on m' a oublié!!!!!! voici le lien de mon sujet. http://forum.zebulon.fr/pc-infecte-par-malware-t180888.html&pid=1519762?do=findComment&comment=1519762 je vous souhaite une agréable journée. dogmoa

pour les programmes au démarrage, j'ai fait la manup et je n' arrive pas identifier les programmes que je dois ne pas decocher. cependant je crois que l' entivirus c' est avgnt car j' ai avira et le pare feu doit etre zlclient (zonealarm) pour la connection internet franchement je ne vois pas à quoi celà peu correspondre j' utilise "free"; si tu me confirme pour les deux autre je passe à l' action.

======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 11/11/10 à 11:40 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: TEAM X SCRIPT : UsbFix - AD-Remover - FindyKill C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 23:01:23 le 17/11/2010, Mode normal Microsoft Windows XP Professionnel Service Pack 3 (X86) Administrateur@WINXPCRA-E6E327 ( ) ============== ACTION(S) ============== (!) -- Fichiers temporaires supprimés. ============== SCAN ADDITIONNEL ============== ** Mozilla Firefox Version [3.6.12 (fr)] ** -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Application Data\Mozilla\FireFox\Profiles\ngbmol9m.default\Prefs.js -- browser.search.defaultenginename, Yahoo browser.search.defaulturl, hxxp://fr.search.yahoo.com/search?fr=ffsp1&p= browser.search.selectedEngine, Search browser.startup.homepage, hxxp://fr.yahoo.com/ browser.startup.homepage_override.mstone, rv:1.9.2.12 keyword.URL, hxxp://start.facemoods.com/results.php?f=5&a=tweak&q= ======================================== ** Internet Explorer Version [8.0.6001.18702] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files\Ad-Remover\Backup: 14 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 17/11/2010 (497 Octet(s)) C:\Ad-Report-SCAN[1].txt - 17/11/2010 (2374 Octet(s)) Fin à: 23:02:51, 17/11/2010 ============== E.O.F ==============

====== RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 11/11/10 à 11:40 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: TEAM X SCRIPT : UsbFix - AD-Remover - FindyKill C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 22:55:03 le 17/11/2010, Mode normal Microsoft Windows XP Professionnel Service Pack 3 (X86) Administrateur@WINXPCRA-E6E327 ( ) ============== RECHERCHE ============== ============== SCAN ADDITIONNEL ============== ** Mozilla Firefox Version [3.6.12 (fr)] ** -- C:\Documents and Settings\Administrateur.WINXPCRA-E6E327\Application Data\Mozilla\FireFox\Profiles\ngbmol9m.default\Prefs.js -- browser.search.defaultenginename, Yahoo browser.search.defaulturl, hxxp://fr.search.yahoo.com/search?fr=ffsp1&p= browser.search.selectedEngine, Search browser.startup.homepage, hxxp://fr.yahoo.com/ browser.startup.homepage_override.mstone, rv:1.9.2.12 keyword.URL, hxxp://start.facemoods.com/results.php?f=5&a=tweak&q= ======================================== ** Internet Explorer Version [8.0.6001.18702] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files\Ad-Remover\Backup: 1 Fichier(s) C:\Ad-Report-SCAN[1].txt - 17/11/2010 (452 Octet(s)) Fin à: 22:56:58, 17/11/2010 ============== E.O.F ==============

salut tonton , j' ai mis à jour MBAM l'analyse est lancée et je te fais signe quand c' est terminé. merci de ta réaction

bonsoir tonton, je crois que l' on m'a vraiment oublié à bientôt

bonjour à tous, je crois que l' on m' a oublié depuis le 11 nov. 10 voici le lien: http://forum.zebulon.fr/pc-infecte-par-malware-t180888.html&pid=1519762?do=findComment&comment=1519762 je vous remercie d' avance.

bonjour tonton, c' est quoi un UP?

bonsoir tonton, je n' ai toujours pas de retour de la section analyse et éradication des malwares. A+