mrtatou

Déjà essaye de reconfigurer le bios. Sinon effectivement un composant est peut être HS, il va falloir tester la ram, la carte graphique, le proc et la carte mere. Bon c'est pas forcément évident car on a rarement le tout en double sous la main. Commence peut etre dejà par la ram, si tu as deux barrettes, tu en enlèves une et tu test. Apres commmence par changer le ventilo qui est peut etre défectueux. Bon courage. www.pcdepanne.com

ok je suis partant, comment cela se passe? www.pcdepanne.com

voila sur mon pc (win xp) j'ai regulierement des fenetres de pub qui s'ouvrent. Cela intervient souvent quand je suis sur firefox et que je clic sur un lien et egalement des fenetres sou IE alors que je ne clic nul part. J'ai lancé un scan ad-aware, spybot malwarebytes mais rien n'y fait. Voila le log HIjachthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 01:42:09, on 03/12/2010 Platform: Windows XP SP3, v.5973 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\Program Files\ATKGFNEX\GFNEXSrv.exe D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\WINDOWS\Explorer.EXE D:\Program Files\ASUS\ATK Media\DMEDIA.EXE D:\Program Files\ATK Hotkey\Hcontrol.exe D:\WINDOWS\RTHDCPL.EXE D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe D:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\Avira\AntiVir Desktop\avshadow.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\CDBurnerXP\NMSAccessU.exe D:\Program Files\Notebook Hardware Control\nhcservice.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe D:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe D:\Program Files\ATK Hotkey\ATKOSD.exe D:\WINDOWS\system32\wbem\wmiapsrv.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe D:\Program Files\Windows Live\Contacts\wlcomm.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.102.1:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ATKMEDIA] D:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [ATKHOTKEY] "D:\Program Files\ATK Hotkey\Hcontrol.exe" O4 - HKLM\..\Run: [AzMixerSel] D:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NotebookHardwareControl] "D:\Program Files\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [startCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [uO8KTAT1GY] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Udl.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - Startup: CCC.lnk = ? O4 - Startup: setup_9.0.0.722_22.11.2010_18-11.lnk = D:\Documents and Settings\Administrateur\Bureau\Virus Removal Tool\setup_9.0.0.722_22.11.2010_18-11\startup.exe O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - D:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - D:\WINDOWS\system32\imapi.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - D:\Program Files\ma-config.com\maconfservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - D:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Notebook Hardware Control Service - Notebook Hardware Control (NHC) - Homepage, Downloads, Help, Docu, FAQ, News - www.NotebookHardwareControl.net - D:\Program Files\Notebook Hardware Control\nhcservice.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: Activateur d'Acronis OS Selector (OS Selector) - Unknown owner - D:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - D:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 8560 bytes Vous en pensez quoi svp? Merci à vous.

bon virus total me dit que ce fichier a déjà été analysé par le passé, c'est le meme genre d'info d'info basique .... voila pour le log sinon, tout semble bon,non? : All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found. Starting removal of ActiveX control Microsoft XML Parser for Java Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found. ========== FILES ========== C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Famille Sonnet ->Temp folder emptied: 110393 bytes ->Temporary Internet Files folder emptied: 556588 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 3395393 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Mathieu ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 483 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 4,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 11232010_220027 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

ok je fais ca. mais petite question pourquoi analyser plus particulierement "awxcteoq.sys" plutot qu'un autre? qu'est ce qui vous met la puce à l'oreille? merci

Je fais quoi maintenant?

voila les rapports d'OTL: OTL Extras logfile created on: 23/11/2010 15:18:48 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Famille Sonnet\Bureau Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 220,87 Gb Total Space | 40,82 Gb Free Space | 18,48% Space Free | Partition Type: NTFS Drive D: | 12,00 Gb Total Space | 7,97 Gb Free Space | 66,41% Space Free | Partition Type: NTFS Drive K: | 3,73 Gb Total Space | 1,00 Gb Free Space | 26,90% Space Free | Partition Type: FAT32 Computer Name: HP20881221992 | User Name: Famille Sonnet | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Virtual Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- () "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios) "C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype\Skype.exe" = C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe" = C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA) "C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Disabled:Age of Empires II Expansion -- (Microsoft Corporation) "C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe" = C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Disabled:Microsoft Flight Simulator -- (Microsoft Corporation) "C:\Program Files\EA GAMES\MOHDA\moh_Breakthrough.exe" = C:\Program Files\EA GAMES\MOHDA\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault Breakthrough -- (Electronic Arts Inc.) "C:\Program Files\EA GAMES\MOHDA\moh_spearhead.exe" = C:\Program Files\EA GAMES\MOHDA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault Spearhead -- (Electronic Arts Inc.) "C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.) "C:\Program Files\EA GAMES\MOHDA\MOHAA.exe" = C:\Program Files\EA GAMES\MOHDA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault -- (Electronic Arts Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FDE56E-F241-4974-A91F-F772A732F5B6}" = Lockheed Martin C-130J-30 for FS2004 "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor débarquement allié "{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1 "{14200F59-A161-42D3-BC04-1EB7FA71187E}" = Saab 35 Draken jet fighter v3.1 FS2004 "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig "{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1A9DEF19-760C-4e01-958F-D9B8E6C61B90}" = c5100_Help "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{1C3BDDB9-4823-4E42-87EF-471856632534}" = Robin R2160 Alpha 160A for FS2004 "{1CA456D7-C35D-41FE-9718-BDFB48E06556}" = Cessena 414A Chancellor For FS2004 "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{20C3A767-D969-4332-BB61-FB131F533A56}" = Airbus A380 Air France FS2004 "{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress "{258B0638-7E2B-4947-BE52-78FF591AF55E}" = Concorde Collection FS2004 "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16 "{27148014-3B0A-402B-8130-6B056357D12D}" = BitDefender Internet Security 2009 "{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228 "{2F44EACA-B7C1-413C-8329-CF790619319C}" = Fairchild C-123 K Provider Package FS2004 "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1 "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone "{3A7E75A0-A07D-47B0-A160-6877F1062A7B}" = Project Tupolev Tu-154m 2.03 for FS2004 "{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager "{402BAA01-FC85-4668-9085-8C182E3BBAD0}" = LOCKHEED MARTIN F-16 Fighting Falcon (VIPER) FS2004 "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1 "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm "{47BCFB80-563C-409B-B5BE-5232DA4FEC5E}" = La flotte Air France 1.0.4 "{4E2E6EEF-B81E-46B1-B130-0F673D24C579}" = Lockheed Constellation (Alphasim) FS2004 "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant "{52407EC6-936E-44F3-831B-2BE500E00657}" = Fouga Zéphyr CM175 v1.1 FS2004 "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder "{555D4A32-829C-4EEA-ACD7-FA497E5D28D8}" = Sikorsky Pavehawk UH-60 Blackhawk FS2004 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FF98A0D-8F16-4ACC-B506-F22017AE8263}" = Aero Vodochody L159A FS2004 "{60CA6A6D-F98C-4A54-B27E-BF3E43AAEB82}" = Ciel Gestion Commerciale 12.40 "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{66EF4249-9224-4833-8B9B-082BDD441E2F}" = Tupolev TU-144 complete package 2.0 FS2004 "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Les Sims 2 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Débarquement allié En Formation "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder "{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Altiris Software Virtualization Agent "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI "{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Débarquement Allié l'Offensive "{82CFCC6A-795A-48F5-8035-57D409002391}" = Ready For Pushback Boeing 747-200v2 FS2004 "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload "{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4 "{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12 "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007 "{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{B0981417-29EC-4551-9B3C-7E15AC098358}" = Shorts SD3-30 FS2004 "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig "{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner "{B3B9BC18-2A09-4728-9B46-12E85FF3F628}" = C5100 "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config "{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C19362F1-0874-4172-8127-E14F49EFF507}" = Dassault Falcon 7X for FS2004 "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter "{C802A493-797C-4391-9738-E86A9B311726}" = Piaggio PD-808RM FS2004 V2.0 "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas "{D5B35376-6F9E-47B3-A9F8-791824EBFE0D}" = Samsung PC Studio 3 "{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{DD696C83-E762-48BB-B77F-7948692F90EC}" = Sikorsky S-55 Whirlwind FS2004 "{E149E957-F289-45E3-8645-1794A173F5AB}" = Pacific Fighters "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch "{EA0029FC-E059-4C42-ADBE-8DBB064448FD}" = DeHavilland DHC8-300 Package for FS2004 "{EBF093E3-F425-4D48-9F22-E9FF2A0854C8}" = Bombardier Canadair CL-215 FS2004 "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1 "{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}" = VirginMega.Fr Premium "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC "{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan "{F3DDB842-848E-4986-BF19-35691458A639}" = Boeing 7072 Orion Supersonic transport FSX "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA "{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer "{ORAHSS}.UninstallSuite" = Connexion Internet Orange "34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Package de pilotes Windows - Nokia Modem (06/09/2010 4.5) "504244733D18C8F63FF584AEB290E3904E791693" = Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Age of Empires 2.0" = Microsoft Age of Empires II "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II : The Conquerors Expansion "Airbus A300-600ST Beluga" = Airbus A300-600ST Beluga "Airbus A380-800 Palestinian Airlines" = Airbus A380-800 Palestinian Airlines "Antonov 225 Sovjet Space Agency MRIYA/DREAM" = Antonov 225 Sovjet Space Agency MRIYA/DREAM "Antonov AN-124 Antonov Airlines" = Antonov AN-124 Antonov Airlines "Avions Futur" = Avions Futur "B-52D" = B-52D "Boeing 767-400 House Colours" = Boeing 767-400 House Colours "Bombardier CL-415" = Bombardier CL-415 "CCleaner" = CCleaner "Clavier+_is1" = Clavier+ 10.6.1 "Dassault Mirage 5 and 5 Modernized" = Dassault Mirage 5 and 5 Modernized "Dauphin 365F" = Dauphin 365F "DivX Setup.divx.com" = Configuration DivX "EEEE705096F837B7907659F100C9FE6DA001970F" = Package de pilotes Windows - Nokia Modem (06/09/2010 7.01.0.7) "Eurocopter EC145 REGA" = Eurocopter EC145 REGA "Eurocopter_EC-145_Gendarmerie_française" = Eurocopter_EC-145_Gendarmerie_française "F-14d_Tomcat&Porte_avion" = F-14d_Tomcat&Porte_avion "Flight Simulator 9.0" = Microsoft Flight Simulator 2004 Un siècle d'aviation "Foxit Reader" = Foxit Reader "GameSpy Arcade" = GameSpy Arcade "Google Chrome" = Google Chrome "HDMI" = Intel® Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Document Viewer" = HP Document Viewer 7.0 "HP Imaging Device Functions" = HP Imaging Device Functions 7.0 "HP Photo & Imaging" = HP Photosmart Premier Software 6.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0 "HPExtendedCapabilities" = HP Customer Participation Program 7.0 "HPOCR" = OCR Software by I.R.I.S 7.0 "ie8" = Windows Internet Explorer 8 "InstallShield_{51F24145-A833-4BD5-AA38-AFC5268928E5}" = PF+FB+AEP "InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4 "InstallShield_{E149E957-F289-45E3-8645-1794A173F5AB}" = Pacific Fighters "Jaguar" = Jaguar "L-410 UVP-T" = L-410 UVP-T "LFMLSHOW" = LFMLSHOW "LimeWire" = LimeWire 5.3.6 "MailNotifier" = Notification Mail "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MiG-31 Firefox" = MiG-31 Firefox "Mozilla Firefox (2.0.0.15)" = Mozilla Firefox (2.0.0.15) "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "ndjamena" = ndjamena "Nokia PC Suite" = Nokia PC Suite "OrangeToolbarFR" = barre d'outils Orange "PB4Y-2_Privateer" = PB4Y-2_Privateer "PDF Complete" = PDF Complete "Princess Juliana" = Princess Juliana "rafale" = rafale "RocketDock_is1" = RocketDock 1.3.5 "SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SEA KING HAR3A" = SEA KING HAR3A "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "Shuttle Launch 06" = Shuttle Launch 06 "ST4UNST #1" = LeTraducteur "ST4UNST #2" = LeTraducteur (C:\Document\Mathieu\Mes docu\St Stani\Espagnol\) "Stratojet Merlin" = Stratojet Merlin "VLC media player" = VLC media player 1.0.1 "vmt_atlant_0GT" = vmt_atlant_0GT "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "Windows XP Service" = Windows XP Service Pack 3 "WinRAR archiver" = Logiciel d'archivage WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{6D5D8D2B-16DC-4C2B-984C-88CF41FA9A86}" = Supermarine Spitfire Mk XIX FS2004 [Famille Sonnet] "Alphajets Patrouille de France" = Alphajets Patrouille de France ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 19/11/2010 19:34:57 | Computer Name = HP20881221992 | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette connexion réseau n'existe pas. Error - 20/11/2010 04:46:58 | Computer Name = HP20881221992 | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : The connection with the server was terminated abnormally Error - 20/11/2010 04:46:58 | Computer Name = HP20881221992 | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette connexion réseau n'existe pas. Error - 20/11/2010 05:15:59 | Computer Name = HP20881221992 | Source = Application Error | ID = 1000 Description = Application défaillante svchost.exe, version 5.1.2600.5512, module défaillant ntdll.dll, version 5.1.2600.5755, adresse de défaillance 0x00023845. Error - 22/11/2010 11:08:42 | Computer Name = HP20881221992 | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : The connection with the server was terminated abnormally Error - 22/11/2010 11:08:42 | Computer Name = HP20881221992 | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette connexion réseau n'existe pas. Error - 22/11/2010 11:24:04 | Computer Name = HP20881221992 | Source = Application Hang | ID = 1002 Description = Application bloquée firefox.exe, version 1.9.2.3951, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 22/11/2010 12:26:28 | Computer Name = HP20881221992 | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : The server name or address could not be resolved Error - 22/11/2010 12:26:34 | Computer Name = HP20881221992 | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette connexion réseau n'existe pas. Error - 22/11/2010 12:26:37 | Computer Name = HP20881221992 | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette connexion réseau n'existe pas. [ OSession Events ] Error - 28/02/2010 08:03:12 | Computer Name = HP20881221992 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7796 seconds with 120 seconds of active time. This session ended with a crash. Error - 19/03/2010 15:27:42 | Computer Name = HP20881221992 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15292 seconds with 2040 seconds of active time. This session ended with a crash. Error - 20/03/2010 18:26:50 | Computer Name = HP20881221992 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 49867 seconds with 540 seconds of active time. This session ended with a crash. Error - 06/04/2010 15:51:35 | Computer Name = HP20881221992 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12472 seconds with 60 seconds of active time. This session ended with a crash. Error - 16/04/2010 08:29:11 | Computer Name = HP20881221992 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15090 seconds with 480 seconds of active time. This session ended with a crash. Error - 20/04/2010 10:58:47 | Computer Name = HP20881221992 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10399 seconds with 3120 seconds of active time. This session ended with a crash. Error - 06/05/2010 09:27:13 | Computer Name = HP20881221992 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21461 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 23/11/2010 07:07:15 | Computer Name = HP20881221992 | Source = Service Control Manager | ID = 7001 Description = Le service Client DNS dépend du service Pilote du protocole TCP/IP qui n'a pas pu démarrer en raison de l'erreur : %%31 Error - 23/11/2010 07:07:15 | Computer Name = HP20881221992 | Source = Service Control Manager | ID = 7001 Description = Le service Assistance TCP/IP NetBIOS dépend du service AFD qui n'a pas pu démarrer en raison de l'erreur : %%31 Error - 23/11/2010 07:07:15 | Computer Name = HP20881221992 | Source = Service Control Manager | ID = 7001 Description = Le service Apple Mobile Device dépend du service Pilote du protocole TCP/IP qui n'a pas pu démarrer en raison de l'erreur : %%31 Error - 23/11/2010 07:07:15 | Computer Name = HP20881221992 | Source = Service Control Manager | ID = 7001 Description = Le service Service Bonjour dépend du service Pilote du protocole TCP/IP qui n'a pas pu démarrer en raison de l'erreur : %%31 Error - 23/11/2010 07:07:15 | Computer Name = HP20881221992 | Source = Service Control Manager | ID = 7001 Description = Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas pu démarrer en raison de l'erreur : %%31 Error - 23/11/2010 07:07:15 | Computer Name = HP20881221992 | Source = Service Control Manager | ID = 7026 Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : AFD bdftdif Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss StarOpen Tcpip Error - 23/11/2010 07:24:14 | Computer Name = HP20881221992 | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 23/11/2010 07:24:17 | Computer Name = HP20881221992 | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 23/11/2010 07:24:17 | Computer Name = HP20881221992 | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 23/11/2010 09:36:46 | Computer Name = HP20881221992 | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF} < End of report > Le 2nd: OTL logfile created on: 23/11/2010 15:18:48 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Famille Sonnet\Bureau Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 220,87 Gb Total Space | 40,82 Gb Free Space | 18,48% Space Free | Partition Type: NTFS Drive D: | 12,00 Gb Total Space | 7,97 Gb Free Space | 66,41% Space Free | Partition Type: NTFS Drive K: | 3,73 Gb Total Space | 1,00 Gb Free Space | 26,90% Space Free | Partition Type: FAT32 Computer Name: HP20881221992 | User Name: Famille Sonnet | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Famille Sonnet\Bureau\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Documents and Settings\Famille Sonnet\Local Settings\Application Data\Clavier+\Clavier.exe (Guillaume Ryder (http://utilfr42.free.fr'>http://utilfr42.free.fr)) PRC - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.) PRC - C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.) PRC - C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe () PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL) PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Orange\Connexion Internet Orange\Systray\SystrayApp.exe (France Telecom SA) PRC - C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe (France Telecom SA) PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA) PRC - C:\Program Files\Orange\Connexion Internet Orange\Connectivity\Corecom\OraConfigRecover.exe (France Telecom SA) PRC - C:\Program Files\Orange\Connexion Internet Orange\Connectivity\Corecom\CoreCom.exe (France Telecom SA) PRC - C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe (France Telecom SA) PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe (France Telecom SA) PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Program Files\RocketDock\RocketDock.exe () PRC - C:\WINDOWS\SMINST\Scheduler.exe () PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Famille Sonnet\Bureau\OTL.exe (OldTimer Tools) MOD - C:\Program Files\RocketDock\RocketDock.dll () MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.) SRV - (LIVESRV) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL) SRV - (scan) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L) SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (FTRTSVC) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA) SRV - (Arrakis3) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe () SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (VcommMgr) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys File not found DRV - (VComm) -- C:\WINDOWS\System32\DRIVERS\VComm.sys File not found DRV - (BT) -- C:\WINDOWS\System32\DRIVERS\btnetdrv.sys File not found DRV - (AFD) -- C:\WINDOWS\System32\drivers\afd.sys () DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (Bdfndisf) -- C:\WINDOWS\system32\drivers\bdfndisf.sys (BitDefender LLC) DRV - (bdftdif) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC) DRV - (btnetBUs) -- C:\WINDOWS\system32\drivers\btnetBus.sys () DRV - (BtHidBus) -- C:\WINDOWS\System32\Drivers\BtHidBus.sys (IVT Corporation.) DRV - (PCAMPR5) -- C:\WINDOWS\system32\pcampr5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (PCANDIS5) -- C:\WINDOWS\system32\pcandis5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (IvtBtBUs) -- C:\WINDOWS\system32\drivers\IvtBtBus.sys (IVT Corporation.) DRV - (Trufos) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.) DRV - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender S.R.L.) DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA) DRV - (BDVEDISK) -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys (BitDefender S.R.L.) DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA) DRV - (Profos) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys () DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (FSLX) -- C:\WINDOWS\system32\drivers\fslx.sys (Altiris, Inc.) DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (ssm_mdm) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys (MCCI) DRV - (ssm_mdfl) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys (MCCI) DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ssm_bus.sys (MCCI) DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation) DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation) DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation) DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation) DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation) DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation) DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation) DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation) DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation) DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation) DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation) DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation) DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation) DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation) DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation) DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ac97intc) Service d'installation du pilote audio Intel® 82801 (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll () IE - HKCU\..\URLSearchHook: {AEEC3B59-CA98-4EBA-A140-57B94E283583} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.15\extensions\\Components: C:\Program Files\Virtual Firefox\components [2010/11/02 09:47:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.15\extensions\\Plugins: C:\Program Files\Virtual Firefox\plugins [2010/11/02 09:47:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2009/11/17 08:29:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{E6768F2A-D4C3-457D-A1A8-3472BF16267D}: C:\Program Files\Orange\ToolbarFR\FirefoxContainer\ [2010/06/16 16:58:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/11/03 20:30:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Virtual Firefox\components [2010/11/02 09:47:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Virtual Firefox\plugins [2010/11/02 09:47:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/10/16 08:48:16 | 000,000,000 | ---D | M] [2009/10/16 19:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille Sonnet\Application Data\Mozilla\Extensions [2010/11/19 10:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille Sonnet\Application Data\Mozilla\Firefox\Profiles\c593fvw5.default\extensions [2010/09/24 11:48:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Famille Sonnet\Application Data\Mozilla\Firefox\Profiles\c593fvw5.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [2009/10/16 21:29:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Famille Sonnet\Application Data\Mozilla\Firefox\Profiles\c593fvw5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/15 17:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Famille Sonnet\Application Data\Mozilla\Firefox\Profiles\c593fvw5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/05/18 22:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille Sonnet\Application Data\Mozilla\Firefox\Profiles\c593fvw5.default\extensions\DivXWebPlayer@divx.com [2010/09/24 11:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille Sonnet\Application Data\Mozilla\Firefox\Profiles\c593fvw5.default\extensions\staged-xpis [2009/10/31 22:29:14 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\Famille Sonnet\Application Data\Mozilla\Firefox\Profiles\c593fvw5.default\searchplugins\recherche-de-vidos-youtube.xml [2009/10/16 19:50:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/11/16 20:47:55 | 000,065,536 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll O1 HOSTS File: ([2006/03/02 08:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender) O3 - HKLM\..\Toolbar: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (Orange) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (Orange) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [bDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.) O4 - HKLM..\Run: [bitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender) O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe (France Telecom SA) O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe () O4 - HKLM..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe () O4 - HKLM..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [Clavier+] C:\Documents and Settings\Famille Sonnet\Local Settings\Application Data\Clavier+\Clavier.exe (Guillaume Ryder (http://utilfr42.free.fr)) O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Famille Sonnet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Famille Sonnet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found ========== Files/Folders - Created Within 30 Days ========== [2010/11/23 15:16:30 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Famille Sonnet\Bureau\OTL.exe [2010/11/23 14:58:27 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Famille Sonnet\Bureau\TFC.exe [2010/11/23 11:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille Sonnet\Application Data\Malwarebytes [2010/11/23 11:43:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/11/23 11:43:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/11/23 11:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/11/23 11:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/22 17:20:13 | 081,940,448 | ---- | C] ( ) -- C:\Documents and Settings\Famille Sonnet\Bureau\setup_9.0.0.722_27.10.2010_15-18.exe [2010/11/22 16:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/11/22 16:16:37 | 000,000,000 | -HSD | C] -- C:\Recycled [2010/11/16 22:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade [2010/11/11 09:54:27 | 000,000,000 | ---D | C] -- C:\Données Ciel [2010/11/11 09:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ciel [2010/11/11 09:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Ciel [2010/11/11 09:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ciel [2010/11/11 09:21:50 | 000,171,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jit.dll [2010/11/11 09:21:50 | 000,139,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaee.dll [2010/11/11 09:21:50 | 000,046,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\setdebug.exe [2010/11/11 09:21:49 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dx3j.dll [2010/11/11 09:21:38 | 000,286,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vmhelper.dll [2010/11/11 09:21:38 | 000,171,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wjview.exe [2010/11/11 09:21:38 | 000,021,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjdbc10.dll [2010/11/11 09:21:37 | 000,172,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jview.exe [2010/11/11 09:21:37 | 000,154,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msawt.dll [2010/11/11 09:21:36 | 000,404,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javart.dll [2010/11/11 09:21:36 | 000,187,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javacypt.dll [2010/11/11 09:21:36 | 000,063,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaprxy.dll [2010/11/11 09:21:36 | 000,015,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jdbgmgr.exe [2010/11/11 09:21:35 | 000,049,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clspack.exe [2010/11/10 23:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple [2010/11/04 19:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille Sonnet\Bureau\Gwen [2010/11/03 20:42:18 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll [2010/11/03 20:34:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille Sonnet\Application Data\PC Suite [2010/11/03 20:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille Sonnet\Application Data\Nokia [2010/11/03 20:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2010/11/03 20:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\PCSuite [2010/11/03 20:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Nokia [2010/11/03 20:30:09 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2010/11/03 20:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2010/11/03 20:29:00 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys [2010/11/03 20:28:59 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys [2010/11/03 20:28:58 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys [2010/11/03 20:28:56 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll [2010/11/03 20:28:56 | 000,662,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll [2010/11/03 20:28:56 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys [2010/11/03 20:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia ========== Files - Modified Within 30 Days ========== [2010/11/23 15:17:06 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/11/23 15:15:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Famille Sonnet\Bureau\OTL.exe [2010/11/23 15:11:49 | 000,000,439 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics [2010/11/23 15:11:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/11/23 15:11:29 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/11/23 15:11:23 | 2137,247,744 | -HS- | M] () -- C:\hiberfil.sys [2010/11/23 15:11:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/11/23 15:10:35 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin [2010/11/23 15:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010/11/23 14:01:14 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Famille Sonnet\Bureau\TFC.exe [2010/11/23 12:02:12 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Famille Sonnet\Bureau\Sans titre.bmp [2010/11/23 11:50:45 | 000,510,742 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2010/11/23 11:50:45 | 000,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/11/23 11:50:45 | 000,084,766 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2010/11/23 11:50:45 | 000,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/11/23 11:50:34 | 000,000,212 | RHS- | M] () -- C:\boot.ini [2010/11/23 11:43:51 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk [2010/11/23 00:02:25 | 000,138,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\afd.sys [2010/11/22 16:24:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk [2010/11/17 23:14:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/11/16 16:29:00 | 000,123,904 | ---- | M] () -- C:\Documents and Settings\Famille Sonnet\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/15 21:54:01 | 000,000,559 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml [2010/11/11 10:24:13 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System32\CRUNX.BIN [2010/11/11 09:24:45 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Ciel Gestion Commerciale.lnk [2010/11/08 20:07:26 | 000,002,593 | ---- | M] () -- C:\Documents and Settings\Famille Sonnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk [2010/11/08 18:58:37 | 000,002,547 | ---- | M] () -- C:\Documents and Settings\Famille Sonnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk [2010/11/08 01:18:00 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk [2010/11/03 20:42:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2010/11/03 20:42:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010/11/02 16:28:48 | 000,012,933 | ---- | M] () -- C:\Documents and Settings\Famille Sonnet\Mes documents\30 ans marco.docx [2010/10/28 19:57:02 | 000,044,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\awxcteoq.sys [2010/10/27 17:01:14 | 081,940,448 | ---- | M] ( ) -- C:\Documents and Settings\Famille Sonnet\Bureau\setup_9.0.0.722_27.10.2010_15-18.exe [2010/10/26 14:40:04 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll ========== Files Created - No Company Name ========== [2010/11/23 14:37:34 | 2137,247,744 | -HS- | C] () -- C:\hiberfil.sys [2010/11/23 12:02:12 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Famille Sonnet\Bureau\Sans titre.bmp [2010/11/23 11:43:51 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk [2010/11/22 16:24:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk [2010/11/11 09:25:27 | 000,000,247 | ---- | C] () -- C:\WINDOWS\System32\CRUNX.BIN [2010/11/11 09:22:12 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Ciel Gestion Commerciale.lnk [2010/11/11 09:21:50 | 000,007,315 | ---- | C] () -- C:\WINDOWS\System32\javasup.vxd [2010/11/11 09:21:49 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2010/11/11 09:21:39 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedon.reg [2010/11/11 09:21:38 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedoff.reg [2010/11/03 20:42:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2010/11/03 20:42:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010/11/02 16:28:47 | 000,012,933 | ---- | C] () -- C:\Documents and Settings\Famille Sonnet\Mes documents\30 ans marco.docx [2010/10/28 16:01:14 | 000,044,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\awxcteoq.sys [2010/09/29 15:11:22 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\Famille Sonnet\Local Settings\Application Data\X-Plane Installer.prf [2010/09/29 13:54:45 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\Famille Sonnet\Local Settings\Application Data\x-plane_install.txt [2010/04/21 19:11:42 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll [2010/04/21 19:11:42 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2010/04/02 15:27:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt [2010/04/02 15:25:43 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2009/11/20 14:29:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI [2009/11/02 11:55:21 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini [2009/10/19 20:29:40 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2009/10/19 20:23:57 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009/10/16 21:24:34 | 000,123,904 | ---- | C] () -- C:\Documents and Settings\Famille Sonnet\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/16 07:48:52 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Famille Sonnet\Local Settings\Application Data\fusioncache.dat [2009/10/15 22:11:45 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll [2009/10/15 22:04:45 | 000,000,986 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009/10/15 11:09:53 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI [2009/10/15 09:30:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/09/24 12:41:06 | 000,029,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys [2008/10/09 15:31:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll [2007/05/09 20:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll [2006/05/08 17:21:30 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/04 07:14:16 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\afd.sys [2001/07/07 02:00:00 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI [1997/06/14 09:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006/03/02 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2009/10/16 14:15:01 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2009/10/16 14:15:01 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: AHCIX86.SYS > [2007/10/26 13:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\ahcix86.sys [2007/10/26 13:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\WINDOWS\DRIVERS\STORAGE\ahcix86.sys < MD5 for: ATAPI.SYS > [2006/03/02 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2009/10/16 14:15:01 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2009/10/16 14:15:01 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys [2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2004/08/20 00:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll [2009/01/20 18:16:14 | 000,001,536 | ---- | M] () MD5=58B81BFA8841E41639BDD81A7FEE2B8E -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll < MD5 for: NETLOGON.DLL > [2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll [2004/08/20 00:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009/02/06 19:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009/02/06 19:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: NVGTS.SYS > [2007/12/13 15:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\Compaq\HPBackup\update\DRIVERS\STORAGE\nvgts.sys [2007/12/13 15:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\WINDOWS\DRIVERS\STORAGE\nvgts.sys < MD5 for: SCECLI.DLL > [2004/08/20 00:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < End of report >

voila le log de malaware's bytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 5174 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 23/11/2010 14:36:24 mbam-log-2010-11-23 (14-36-24).txt Type d'examen: Examen complet (C:\|D:\|) Elément(s) analysé(s): 389838 Temps écoulé: 2 heure(s), 27 minute(s), 49 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Mathieu\Local Settings\Temp\utt139.tmp.exe (Trojan.Pakes) -> Quarantined and deleted successfully. C:\Documents and Settings\Mathieu\Local Settings\Temp\pdfupd.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Mathieu\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully. Sinon TDSSKiller n'a rien trouvé lui... Là, j'attends le rapport de OTL.

ok je vais lancer tout ca, pour le moment j'ai lancé un scan minutieux avec malwarebyte's, peut etre faudrait il attendre la fin non? Que me reste -t-il comme virus d'apres vous? juste le trojan win32 generic non?

Voila , j'ai passé un scan avec kasperspy remoove tools sur un pc equipé de windows xp donc voici le rapport, j'ai comme l'impression qu'il n'a pas put supprime le trojan win32 generic: Analyse automatique: terminée : il y a 1 heure (évênements : 21, objets : 1019473, durée : 16:30:39) 22/11/2010 20:19:15 Supprimés: Trojan-Dropper.Win32.TDSS.jpx C:\Documents and Settings\Mathieu\Local Settings\Temp\1C8.tmp 22/11/2010 20:19:12 Supprimés: Trojan-Dropper.Win32.TDSS.jpx C:\Documents and Settings\Mathieu\Local Settings\Temp\1CA.tmp 22/11/2010 20:19:08 Supprimés: Trojan-Dropper.Win32.TDSS.jpx C:\Documents and Settings\Mathieu\Local Settings\Temp\1C6.tmp 22/11/2010 20:18:20 Supprimés: Trojan-Downloader.Java.Agent.hf C:\Documents and Settings\Mathieu\Application Data\Sun\Java\Deployment\cache\6.0\13\1b4f7dcd-544b2686/JavaUpdateManager.class 22/11/2010 20:18:21 Supprimés: Exploit.Java.Agent.du C:\Documents and Settings\Mathieu\Application Data\Sun\Java\Deployment\cache\6.0\53\7fa50935-450791d5/vmain.class 22/11/2010 20:18:20 Supprimés: Exploit.Java.Agent.dm C:\Documents and Settings\Mathieu\Application Data\Sun\Java\Deployment\cache\6.0\13\1b4f7dcd-544b2686/JavaUpdateApplication.class 23/11/2010 08:39:36 Réparés: Virus.Win32.TDSS.b C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP60\A0040205.sys 23/11/2010 08:39:36 Réparés: Virus.Win32.TDSS.b C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP60\A0040205.sys 23/11/2010 00:02:25 Réparés: Virus.Win32.TDSS.b C:\WINDOWS\system32\drivers\afd.sys 23/11/2010 00:02:19 Réparés: Virus.Win32.TDSS.b C:\WINDOWS\system32\drivers\afd.sys 22/11/2010 17:29:26 Lancement de la tâche 23/11/2010 10:00:05 Fin de la tâche 23/11/2010 08:39:34 Détectés: Virus.Win32.TDSS.b C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP60\A0040205.sys 23/11/2010 00:02:11 Détectés: Virus.Win32.TDSS.b C:\WINDOWS\system32\drivers\afd.sys 22/11/2010 20:18:54 Détectés: Trojan-Dropper.Win32.TDSS.jpx C:\Documents and Settings\Mathieu\Local Settings\Temp\1CA.tmp 22/11/2010 20:18:54 Détectés: Trojan-Dropper.Win32.TDSS.jpx C:\Documents and Settings\Mathieu\Local Settings\Temp\1C8.tmp 22/11/2010 20:18:54 Détectés: Trojan-Dropper.Win32.TDSS.jpx C:\Documents and Settings\Mathieu\Local Settings\Temp\1C6.tmp 22/11/2010 20:18:20 Détectés: Trojan-Downloader.Java.Agent.hf C:\Documents and Settings\Mathieu\Application Data\Sun\Java\Deployment\cache\6.0\13\1b4f7dcd-544b2686/JavaUpdateManager.class 23/11/2010 00:04:53 Détectés: HEUR:Trojan.Win32.Generic C:\WINDOWS\Temp\mpec\setup.exe/UPX 22/11/2010 20:18:19 Détectés: Exploit.Java.Agent.du C:\Documents and Settings\Mathieu\Application Data\Sun\Java\Deployment\cache\6.0\53\7fa50935-450791d5/vmain.class 22/11/2010 20:18:19 Détectés: Exploit.Java.Agent.dm C:\Documents and Settings\Mathieu\Application Data\Sun\Java\Deployment\cache\6.0\13\1b4f7dcd-544b2686/JavaUpdateApplication.class

Voila je suis en train de tenter une récupération de données sur un disque dur formater avec installé dessus windows xp. En fait j'ai demonté le disque dur et l'ai mit dans un boitier en usb sur mon pc. J'ai lancé PC inspector puis une recherche de données par cluster. Bon jusque là pas de soucis, il me retrouve pas mal de données, je choisi les photos et je les enregistres sur mon disque dur. Le probleme est que les photos sont pour la plupart coupées en deux, c'est à dire qu'une moitié est visible, l'autre est grisée! Que faire? Ai je le bon logiciel? merci

Déjà essayé X fois d'installer les drivers pour ces periph, rien n'y fait! Et tout ces problemes existaient avant l'installation de la carte mere. Je pensai à une CM défectueuse c'est pour ca que je l'ai changé, mais rien n'y fait!

non, pourquoi? il manque beaucoup de drivers certes. Mais comment réinstaller ces pilotes?

Donc, j'ai mis du temps à repondre car le pc n'est pas chez moi mais chez un ami. Du coup aujourd'hui j'ai fait un clear CMOS, supprimer la valeur du Lowerfilters, réinstallé les pilotes X fois et rien... Du coup aujourd'hui j'ai racheter une carte mere gigabyte avec son integré, j'installe tout les pilotes, tout fonctionne sauf le son et la webcam sur le port USB, j'ai encore une fois tenté X fois la réinstalle des pilotes mais ca ne fonctionne pas. Du coup le probleme doit venir d'autre part, mais où??? Je vous met une capture de ce que j'ai dans le gestionnaire de peiphériques: Mon lien

Voila j'ai une multitude de processus msfeedssync.exe par moment, ils peuvent rester 3secondes ou 10 minutes, il peu y en avoir jusqu'à 15 en meme temps! Cela ralenti mon pc, que faire?

nouveau soucis: par exemple je telecharge MBAM pour tester, pas de soucis il le telecharge en entier, puis je fais executer et là j'ai "erreur systeme 1814 est survenue........." Je ne comprends pas...

ok je comprends parfaitement. Je viens de rebooter apres la fin de OTC. Par contre je ne trouve pas de synertel sur le pc... Puis je à présent lancer un windows update? Ou faut il lancer un dernier scan afin d'etre sur de ma désinfection? merci

ah oui je precise aussi que j'ai toujours le logiciel de sauvegarde sous windows qui me dit que "la sauvegarde automatique des fichiers n'est pas possible".

donc une fois lancé le logiciel me demande de se relancer, je dis "ok". Au redemarrage un scan est lancé juste avant windows de "g:/". Du coup je ne sais pas ce qu'il y a écrit dans "results". Mais voici ce qu'il y a dans le log, tout semble ok, non? Pourtant le proc tourne à 100% alors que j'ai rien de lancer, de plus depuis ce matin ca semblai mieux mais la ca repart ... All processes killed Error: Unable to interpret <Go> in the current context! ========== FILES ========== File/Folder C:\Documents and Settings\Mano\Downloads\synertel.exe not found. File/Folder :Reg not found. File/Folder :Commands not found. File/Folder [purity] not found. File/Folder [emptytemp] not found. File/Folder [start explorer] not found. File/Folder [reboot] not found. OTM by OldTimer - Version 3.1.17.1 log created on 10282010_162634

Don l'usb fonctionne mais pas en USB2. Et l'audio ne fonctionne toujours pas, j'ai désinstallé le periph dans le gestionnaire des taches, au redemarrage il me demande les drivers que je n'ai pas! De plus sous Everest il n'y a rien dans la section audion donc je ne peux chercher les drivers, des idées?

Ca vous semble bon ou pas? Car apparemment, le startpage est pas désinfecté...

Je n'ai pas tenté le clear CMOS, je vais tenter ca. Pour le bios, je suis allé dedans et tout semble ok. Par contre dans le gestionnaire des periheriques effectivement j'ai le point d'exclamation avec: "Windows ne peut pas charger le pilote de périphérique de ce matériel. Ce pilote est peut-être endommagé ou absent. (code 39)"

Voila, j'ai un pc qui tourne sous xp et les ports USB (seulement ceux qui sont à l'arrière de la tour) ainsi que le son ne fonctionnent plus (carte son intégré à la carte mere). Par contre les ports USB en facade fonctionnent. En fait sous le gestionnaire de tache on ne peut meme pas réinstallé les drivers car apparemment les périphériques ne fonctionnent plus. Que faire?

et voila le resultat avec le log: 27/10/2010 22:36:17 Lancement de la tâche 27/10/2010 23:07:58 Détectés: HEUR:Trojan.Win32.StartPage C:\Documents and Settings\Mano\Downloads\synertel.exe/synertel.exe 28/10/2010 01:01:48 Détectés: Trojan-Downloader.WMA.GetCodec.s D:\DJ MANO\T-5867301-remix get you tiesto new rocks.au 28/10/2010 01:01:57 Réparés: Trojan-Downloader.WMA.GetCodec.s D:\DJ MANO\T-5867301-remix get you tiesto new rocks.au 28/10/2010 01:01:57 Réparés: Trojan-Downloader.WMA.GetCodec.s D:\DJ MANO\T-5867301-remix get you tiesto new rocks.au 28/10/2010 03:46:03 Fin de la tâche

resultat: rien, aucune infection détéctée. Je ne peux toujours pas poster le log car impossible d'ouvrir le fichier texte, a moins de connaitre le chemin. Et il n'y a rien en quarantaine...