Philoo

Merci pour les tuyaux, utilitaires très intéressants et efficaces !!!! :super: Bonne continuation et merci encore Philoo

Bonsoir Lance-Yien, ça y est, de nouveau opérationnel après quelques péripéties... En fait, à partir de l'écran de réparation de windows 7, je me suis dit autant essayer de lancer combo fix à partir de "ligne de commande uniquement" pour voir si ça fonctionnait et te mettre un rapport en ligne... Effectivement, il ne plantait pas par un écran bleu, mais me disait que je n'avais pas les droits administrateurs... Donc dans la foulée, je me suis dit, tant qu'à faire, il reste tdsskiller sur le bureau de mon compte autant le lancer par la ligne de commande. Et là, bigo il détecte TDL4 et me demande si je veux "Cure", je sélectionne bien sûr oui, et je me dit c'est la fête !!!! Et ben en fait non au redémarrage écran bleu pendant le chargement, impossible de redémarrer ni en mode sans échec ni en mode normal.... Finalement, retour par la fenêtre de réparation pour restaurer le système avec une image du disque antérieure (3DVD) et bien sûr il ne la trouve pas... Au final, si ça peut servir à quelqu'un, la restauration acer avec une mise à jour vista vers seven ne fonctionne pas sous windows 7... Obligé de reparamètrer le boot pour booter sur le cd (pas compliqué mais à savoir que ce qui est préconiser avec acer e management n'est pas possible sous seven...). Enfin voilà pour la journée de réinstallation... Concernant les suggestions de protection/optimisation, je suis preneur. concernant l'antivirus, j'ai mis avast, mais j'ai la possibilité d'avoir symantec (version 2007 mise à jour, mais version logicielle ancienne). Je ne sais pas ce qui est le mieux. Et très bientôt, je devrais pouvoir avoir la version symantec endpoint compatible windows 7. Que me conseillerais-tu ? Enfin bref, je suis preneur de toute suggestions d'optimisation/sécurisation de mon pc. Dernière petite question, est-ce sûr que suite à cette restauration "usine", mon pc est sain de toute infection ? Histoire que je refasse un disque image du système, une fois que j'aurais tout réinstallé en windows 7. En espérant que ça ne m'arrive pas de nouveau, mais faut mieux prévoir... Merci encore

PC en cours de formatage... Je donnerai + de news 1 fois opérationnel...

Mais impossible de mettre le lien zhpdiag, cijoint se réinitialise à chaque fois...

Ah ok. Pas d'acharnement sur combofix alors, je préférerai éviter de tout planter. J'ai essayer de lancer la réparation, mais il y a pas mal d'options, j'ai fait un test de mémoire dans les outils de réparation. RAS. Impossible de faire un retour avec une image précédente (aucune sur le pc). Je vais sûrement lancer une réparation à partir des cds d'installation demain dans la journée en bootant dessus. Sinon j'ai effectué un rapport ZHP diag et il indique à la fin "infection possible rootkit TDL3", est-ce que ça correspondrait à ce que j'ai chopé ? Sinon je viens de trouver ça en regardant les fichiers modifié récemment dans system32... et en utilisant le scanne de jotti que tu m'as transmis et modifiant les autorisations d'accès de ce fichiers (elles étaient bloquées...). config3.dll - Le scanner antivirus de Jotti Penses-tu que ça peux expliquer ce qui m'arrive ? En tout cas, merci de tous tes conseils et de ton aide.

Bonjour Lance_yien, Pour le pb du point d'interrogation, je suis d'accord. Pour les documents persos, j'avais fait une copie de tous les documents persos + identities mails . Par contre, avant d'employer les "grands moyens" de derniers recours, penses-tu que ça vaille le coup d'essayer de lancer combofix à partir du hiren cd boot. J'avais utiliser ce dernier pour une infection sur un pc de la famille qui ne démarrer plus afin de récupérer les documents persos (très pratique). Par contre, je ne sais pas si lancer combofix à partir de ce dernier serait intéressant ou non ? Merci de ta réponse. Dans la négative, je ferai une réparation usine... En tout cas, merci de ta patience et de ta réactivité

J'ai une question concernant tdsskiller, est-ce normal que le scan ne dure "que" 6 secondes ?

ça y est j'ai retrouvé le live cd dont je parlais. hiren's boot 6.0 . C'était ça que j'avais du utiliser...

Ci-dessous le rapport TDSSKiller 2011/04/28 20:38:47.0994 1964 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/28 20:38:48.0009 1964 ================================================================================ 2011/04/28 20:38:48.0009 1964 SystemInfo: 2011/04/28 20:38:48.0009 1964 2011/04/28 20:38:48.0009 1964 OS Version: 6.1.7600 ServicePack: 0.0 2011/04/28 20:38:48.0009 1964 Product type: Workstation 2011/04/28 20:38:48.0009 1964 ComputerName: PC 2011/04/28 20:38:48.0009 1964 UserName: Philippe 2011/04/28 20:38:48.0009 1964 Windows directory: C:\Windows 2011/04/28 20:38:48.0009 1964 System windows directory: C:\Windows 2011/04/28 20:38:48.0009 1964 Processor architecture: Intel x86 2011/04/28 20:38:48.0009 1964 Number of processors: 4 2011/04/28 20:38:48.0009 1964 Page size: 0x1000 2011/04/28 20:38:48.0009 1964 Boot type: Normal boot 2011/04/28 20:38:48.0009 1964 ================================================================================ 2011/04/28 20:38:48.0150 1964 Initialize success 2011/04/28 20:38:51.0972 2196 ================================================================================ 2011/04/28 20:38:51.0972 2196 Scan started 2011/04/28 20:38:51.0972 2196 Mode: Manual; 2011/04/28 20:38:51.0972 2196 ================================================================================ 2011/04/28 20:38:57.0244 2196 ================================================================================ 2011/04/28 20:38:57.0244 2196 Scan finished 2011/04/28 20:38:57.0244 2196 ================================================================================ Sinon aucun point d'exclamation jaune dans mon gestionnaire de périf. juste un périphérique inconnu que j'avais remarqué il y a quelque temps avec un point d’interrogation et sous le nom inconnu qui quand je déroule s'appelle : PDI Kernel Ports Device Driver du fabricant Portrait Displays. Pour le CD de windows, c'est un windows vista d'origine sur pc acer, j'avais gravé les cd recovery (3 DVD) et j'ai le cd de mise à jour vers windows seven : "Windows 7 upgrade kit" qui se décompose en 2 DVD : acer upgrade dvd et windows 7 upgrade media", je pense que cd de recovery + update devraient convenir ?

alors RAS sur sfc /scannow par conter impossible de lancer chkdsk... j'avais essayé en premier dimanche dernier, généralement ça me résolvait qques pbs auparavant. Mais là il se lance pas au redémarrage... Je ne sais pas si ça vient pas de l'écran bleu que j'ai à chaque arrêt du pc juste après le fermeture de session, pendant "arrêt en cours". En tout cas, impossible de faire un chkdsk... J'en ai lancé 1 sous windows même si il ne pourra rien corriger, juste pour voir et il a a priori rien trouvé de spécial... Sinon pour le live cd, c'était un cd windows xp je crois. Mais je n'arrive plus à mettre la main dessus, si ça vient au goût du jour, mais si on peut faire sans, c cool. Concernant le pc, toujours pareil; ie bloque très souvent, FF marche assez bien à part des redirections de tps en tps. écran bleu à chaque arrêt et redémarrage, obligé d'arrêter en appuyant sur le on/off 3 secondes... En tout cas, merci de ta patience. @ bientôt

rapport OTL : All processes killed ========== OTL ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== File move failed. C:\Windows\tasks\rpqvpimpt.job scheduled to be moved on reboot. C:\Windows\setup_9.0.0.722_28.04.2011_00-08drv.spi moved successfully. C:\Users\Philippe\AppData\Local\Temp20.html moved successfully. C:\Users\Philippe\AppData\Local\Temp1.html moved successfully. C:\Windows\System32\drivers\vmjj.sys moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: User 2 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 484813 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: User 3 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Invité ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: User 4 ->Temp folder emptied: 1571 bytes ->Temporary Internet Files folder emptied: 4243840 bytes ->Flash cache emptied: 456 bytes User: NeroMediaHomeUser.4 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Philippe ->Temp folder emptied: 5424178 bytes ->Temporary Internet Files folder emptied: 92889960 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 57528198 bytes ->Flash cache emptied: 920 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 140 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 153,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: User 2 ->Flash cache emptied: 0 bytes User: User 3 ->Flash cache emptied: 0 bytes User: Invité ->Flash cache emptied: 0 bytes User: User 4 ->Flash cache emptied: 0 bytes User: NeroMediaHomeUser.4 ->Flash cache emptied: 0 bytes User: Philippe ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04282011_165959 Files\Folders moved on Reboot... File move failed. C:\Windows\tasks\rpqvpimpt.job scheduled to be moved on reboot. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...

Youpi J'ai le rapport extras.txt Avec purge outils ça me l'a désinstallé correctement... OTL Extras logfile created on: 28/04/2011 15:33:21 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Philippe\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,59 Gb Total Space | 120,85 Gb Free Space | 51,96% Space Free | Partition Type: NTFS Drive D: | 596,17 Gb Total Space | 531,39 Gb Free Space | 89,13% Space Free | Partition Type: NTFS Drive E: | 348,93 Gb Total Space | 347,56 Gb Free Space | 99,61% Space Free | Partition Type: NTFS Computer Name: PC | User Name: Philippe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Pixum EasyBook] -- "C:\Program Files\Pixum\Pixum EasyBook\Pixum EasyBook.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0017A998-81D6-3C60-37BA-CC0270227FE4}" = CCC Help Norwegian "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{05308138-2A97-6457-DEFD-A9DAA0A4BB6B}" = Catalyst Control Center Localization Spanish "{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0AD63F91-AC37-E543-AB30-2E31F101C6FD}" = Skins "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery "{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK "{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack "{1294D937-4D0A-2481-0AE5-713E10803544}" = CCC Help Japanese "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit "{1EFAA3FF-06D7-463A-0116-5AF5A9801BC3}" = Catalyst Control Center Localization Swedish "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26163681-B371-4C9B-873B-9250E96FE6CD}" = LUHotFix "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 24 "{28FA3609-B6E2-4BCA-B089-F5122AC417C5}" = Belkin N Wireless USB Adapter Setup "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2C11389D-7D84-25A8-6511-EDAC3C894CDF}" = Catalyst Control Center Localization Norwegian "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{3474C36B-005C-5D61-3806-319C9F22B014}" = Catalyst Control Center Localization Finnish "{3510C83C-0103-D6A6-42E2-2393D95E130A}" = Catalyst Control Center Graphics Full New "{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.7.4 "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD "{465E6ED3-E9C8-0578-2EAF-14306B537947}" = Catalyst Control Center Core Implementation "{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{51BB0AA0-424C-67E9-0F3D-8A950B591FC0}" = ccc-utility "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5506C4D6-B86C-841A-C8FB-C0A1778DE588}" = Catalyst Control Center Localization Danish "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher "{5903BD7F-67A1-3EB7-1E38-D8E916DA18C6}" = CCC Help Dutch "{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup "{64D7A8CF-A1C5-F905-437F-E71DB9C20318}" = CCC Help Spanish "{675F649A-1775-7D59-0724-906116A4FA41}" = Catalyst Control Center Localization Italian "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{70080BD1-A2DE-E4B2-AB57-4C1A940BCC72}" = Catalyst Control Center Localization German "{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center "{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{739941B6-3C0F-290A-0B76-08C7CEA6F0F3}" = Catalyst Control Center InstallProxy "{74656168-CF28-40BD-9D87-700B07BAF9B6}" = HTC Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{81B109ED-6ECA-49FF-9238-8E31FA5DB1A9}_is1" = RescuePRO 3.4.0.34 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83A0E37B-17DF-161A-7D5F-6CEB5B59D8C5}" = CCC Help French "{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19 "{887B7708-C997-4CD9-B3F6-270B97633CD2}" = Micro Application - Faire-part 2006 "{895B75F0-0EDA-6CC3-03FA-18068BC27ED4}" = Catalyst Control Center Localization Dutch "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage "{934528B2-09B3-C6E5-288A-4E554E6DF2B9}" = ATI Catalyst Install Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9CF9ED6F-4AAC-DF47-0B98-D77B44F8FE58}" = CCC Help English "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A586DC50-B18D-48FB-B7CC-A598200457C2}" = Acer eDisplay Management "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1036-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Français "{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator "{B69991AB-BE6D-C759-B3BC-5D318753592E}" = CCC Help Swedish "{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{C06EFB22-B5DB-46C5-9215-BCB5C19C0858}" = LauncherMA "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C3F677EC-AC3C-22AD-FF91-1FF1918CB182}" = Catalyst Control Center Localization Japanese "{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth "{C885D139-5092-D20B-EC30-3FCAF3AC3EF2}" = CCC Help Danish "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix "{E0326792-4269-7E77-2CA0-FAE03F45A388}" = Catalyst Control Center Graphics Previews Vista "{E0E21795-C479-927B-AE38-968CDBC932EF}" = ccc-core-static "{E40096C5-F047-C5A9-7119-A4DFB0DE0775}" = Catalyst Control Center Localization French "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{ED854376-A148-5760-598B-EF3EFD647222}" = Catalyst Control Center Graphics Full Existing "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2F704C8-0B59-A3B3-D69B-805D06629B08}" = CCC Help Italian "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician "{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician "{F8C7A3FD-81B8-E9F1-7989-D138A7D59047}" = Catalyst Control Center Graphics Light "{FD06CF26-F9DB-C201-B3B0-6155DAB99514}" = CCC Help German "{FD3D5956-1F39-9DA1-5780-4749847B965A}" = CCC Help Finnish "504244733D18C8F63FF584AEB290E3904E791693" = Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3 "avast" = avast! Free Antivirus "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon RAW Codec" = Canon RAW Codec "Canon Setup Utility 2.0" = Canon Setup Utility 2.0 "CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200 "DPP" = Canon Utilities Digital Photo Professional 3.5 "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox "Easy-WebPrint" = Easy-WebPrint "EOS Utility" = Canon Utilities EOS Utility "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FileZilla Client" = FileZilla Client 3.2.2.1 "FreeCommander_is1" = FreeCommander 2009.02a "Freeplayer" = Freeplayer "HijackThis" = HijackThis 2.0.2 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix "InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies "InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA "Mozilla Firefox 4.0 (x86 fr)" = Mozilla Firefox 4.0 (x86 fr) "MyCamera" = Canon Utilities MyCamera "MyCameraDC" = Canon Utilities MyCamera DC "NVIDIA Drivers" = NVIDIA Drivers "Original Data Security Tools" = Canon Utilities Original Data Security Tools "Pdf995" = Pdf995 "Permis de construire Expert CAD_is1" = Permis de construire Expert CAD "PhotoRecord Gold" = Canon PhotoRecord Gold "PhotoStitch" = Canon Utilities PhotoStitch "Picture Style Editor" = Canon Utilities Picture Style Editor "Pixum EasyBook" = Pixum EasyBook "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureDC" = Canon Utilities RemoteCapture DC "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "SpeedFan" = SpeedFan (remove only) "VLC media player" = VLC media player 1.1.7 "WhoCrashed_is1" = WhoCrashed 3.01 "WinLiveSuite_Wave3" = Installation Windows Live "WinRAR archiver" = Logiciel d'archivage WinRAR "WMInstall_is1" = WMInstall "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28/04/2011 02:00:26 | Computer Name = PC | Source = SideBySide | ID = 16842785 Description = La création du contexte d’activation a échoué pour « C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDScsp.exe ». Assembly dépendant Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error - 28/04/2011 02:00:35 | Computer Name = PC | Source = SideBySide | ID = 16842785 Description = La création du contexte d’activation a échoué pour « C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe ». Assembly dépendant Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error - 28/04/2011 02:00:38 | Computer Name = PC | Source = SideBySide | ID = 16842785 Description = La création du contexte d’activation a échoué pour « C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe ». Assembly dépendant Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error - 28/04/2011 02:00:44 | Computer Name = PC | Source = SideBySide | ID = 16842785 Description = La création du contexte d’activation a échoué pour « C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDS_CCPSD.exe ». Assembly dépendant Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error - 28/04/2011 02:00:57 | Computer Name = PC | Source = SideBySide | ID = 16842815 Description = La création du contexte d’activation a échoué pour « c:\program files\freecommander\DelZip179.dll ». Erreur dans le fichier de manifeste ou de stratégie « c:\program files\freecommander\DelZip179.dll » à la ligne 8. La valeur « * » de l’attribut « language » de l’élément « assemblyIdentity » n’est pas valide. Error - 28/04/2011 02:01:26 | Computer Name = PC | Source = SideBySide | ID = 16842785 Description = La création du contexte d’activation a échoué pour « c:\program files\pdf995\res\drivedir\copy64.exe ». Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error - 28/04/2011 02:02:13 | Computer Name = PC | Source = SideBySide | ID = 16842785 Description = La création du contexte d’activation a échoué pour « c:\program files\Acer\empowering technology\edatasecurity\x64\eDScsp.exe ». Assembly dépendant Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error - 28/04/2011 02:02:13 | Computer Name = PC | Source = SideBySide | ID = 16842785 Description = La création du contexte d’activation a échoué pour « c:\program files\Acer\empowering technology\edatasecurity\x64\eDSLoader.exe ». Assembly dépendant Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error - 28/04/2011 02:02:13 | Computer Name = PC | Source = SideBySide | ID = 16842785 Description = La création du contexte d’activation a échoué pour « c:\program files\Acer\empowering technology\edatasecurity\x64\eDStbmngr.exe ». Assembly dépendant Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error - 28/04/2011 02:02:13 | Computer Name = PC | Source = SideBySide | ID = 16842785 Description = La création du contexte d’activation a échoué pour « c:\program files\Acer\empowering technology\edatasecurity\x64\eDS_CCPSD.exe ». Assembly dépendant Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. [ System Events ] Error - 28/04/2011 09:03:36 | Computer Name = PC | Source = Service Control Manager | ID = 7001 Description = Le service SBSD Security Center Service dépend du service Centre de sécurité qui n’a pas pu démarrer en raison de l’erreur : %%1058 Error - 28/04/2011 09:03:39 | Computer Name = PC | Source = Service Control Manager | ID = 7026 Description = Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger : DwProt Error - 28/04/2011 09:03:45 | Computer Name = PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Une erreur s’est produite lors de la lecture du fichier d’hôtes local. Error - 28/04/2011 09:30:16 | Computer Name = PC | Source = BugCheck | ID = 1001 Description = Error - 28/04/2011 09:30:28 | Computer Name = PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Une erreur s’est produite lors de la lecture du fichier d’hôtes local. Error - 28/04/2011 09:30:28 | Computer Name = PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Une erreur s’est produite lors de la lecture du fichier d’hôtes local. Error - 28/04/2011 09:30:34 | Computer Name = PC | Source = Service Control Manager | ID = 7001 Description = Le service SBSD Security Center Service dépend du service Centre de sécurité qui n’a pas pu démarrer en raison de l’erreur : %%1058 Error - 28/04/2011 09:30:36 | Computer Name = PC | Source = Service Control Manager | ID = 7026 Description = Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger : DwProt Error - 28/04/2011 09:30:41 | Computer Name = PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Une erreur s’est produite lors de la lecture du fichier d’hôtes local. Error - 28/04/2011 09:30:41 | Computer Name = PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Une erreur s’est produite lors de la lecture du fichier d’hôtes local. < End of report >

Par contre toujours pas de rapport extras... c'est indiqué run 7 ... Il était peut-être pas si bien désinstaller que ça hier. Par contre, pour combofix, est-ce que ça vaut le coup que je le lance à partir d'un live cd (pas windows 7), déjà utiliser pour dépanner la famille sur une infection qui avait vérolé le pilote clavier... ou non ?

rapport OTl : (pour info, ie ne fonctionne pratiquement plus en mode normal, par contre mozilla, ça va si pas de recherches google...) OTL logfile created on: 28/04/2011 15:06:01 - Run 7 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Philippe\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free 6,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,59 Gb Total Space | 120,86 Gb Free Space | 51,96% Space Free | Partition Type: NTFS Drive D: | 596,17 Gb Total Space | 531,39 Gb Free Space | 89,13% Space Free | Partition Type: NTFS Drive E: | 348,93 Gb Total Space | 347,56 Gb Free Space | 99,61% Space Free | Partition Type: NTFS Computer Name: PC | User Name: Philippe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/04/28 15:05:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Philippe\Desktop\OTL.exe PRC - [2011/04/18 19:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011/04/18 19:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2010/10/28 18:55:02 | 000,294,912 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2010/10/27 12:36:24 | 003,365,176 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2010/09/16 15:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010/09/06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe PRC - [2010/09/06 09:11:32 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009/11/25 05:17:34 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009/11/25 05:17:04 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/08/13 16:54:30 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2008/09/08 12:09:40 | 000,184,320 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe PRC - [2008/08/04 11:16:00 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe PRC - [2008/06/04 18:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe ========== Modules (SafeList) ========== MOD - [2011/04/28 15:05:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Philippe\Desktop\OTL.exe MOD - [2011/04/18 19:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011/04/18 19:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/09/16 15:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010/09/06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc) SRV - [2010/09/06 09:11:32 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010/06/14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009/11/25 05:17:04 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009/08/21 22:10:05 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/08/13 16:54:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008/09/08 12:09:40 | 000,184,320 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2008/07/29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC) SRV - [2008/06/04 18:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2008/05/20 18:50:50 | 000,269,448 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) ========== Driver Services (SafeList) ========== DRV - [2011/04/18 19:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011/04/18 19:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/04/18 19:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/04/18 19:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/04/18 19:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011/04/18 19:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010/09/06 09:16:58 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2010/09/06 09:11:32 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010/08/28 16:23:11 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2010/08/28 16:23:11 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2010/08/12 13:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2010/07/20 12:38:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2010/07/20 12:38:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2010/07/20 12:38:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010/06/23 11:24:56 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010/04/27 04:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010/04/27 04:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2010/04/27 04:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010/04/25 18:32:20 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2010/04/25 18:32:18 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2010/04/25 18:32:18 | 000,139,296 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvrd32.sys -- (nvrd32) DRV - [2010/02/26 15:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010/02/26 15:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010/02/26 15:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010/02/26 15:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009/11/25 05:51:32 | 005,143,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009/10/26 09:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009/08/06 04:59:30 | 000,750,592 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/03/19 22:07:10 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008/10/01 11:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008/08/26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008/07/22 05:11:16 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\NVAMACPI.sys -- (nvamacpi) DRV - [2008/07/07 21:32:52 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008/06/04 18:59:50 | 000,017,064 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts) DRV - [2007/09/12 10:20:58 | 000,046,112 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2006/09/24 15:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan) DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=vp32&d=1208&m=aspire_m7711 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data] IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data] IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=vp32&d=1208&m=aspire_m7711 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=vp32&d=1208&m=aspire_m7711 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data] IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data] IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=vp32&d=1208&m=aspire_m7711 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1776301142-913054847-3571437473-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1776301142-913054847-3571437473-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-1776301142-913054847-3571437473-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1776301142-913054847-3571437473-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1776301142-913054847-3571437473-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/24 16:46:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/27 22:59:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/27 23:06:11 | 000,000,000 | ---D | M] [2010/01/02 23:07:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philippe\AppData\Roaming\mozilla\Extensions [2010/03/11 21:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philippe\AppData\Roaming\mozilla\Firefox\Profiles\0o42spbo.default\extensions [2011/04/24 14:14:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Philippe\AppData\Roaming\mozilla\Firefox\Profiles\0o42spbo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/04/27 22:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/04/27 17:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2011/03/18 19:58:47 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/04/27 17:21:56 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml [2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml [2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml [2010/01/01 10:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml Hosts file not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-1776301142-913054847-3571437473-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKU\S-1-5-20..\Run: [4E3E0230F5B9F1D3] File not found O4 - HKU\S-1-5-21-1776301142-913054847-3571437473-1000..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1776301142-913054847-3571437473-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint Impression rapide - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint Imprimer - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint Prévisualiser - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - File not found O13 - gopher Prefix: missing O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} https://picasaweb.google.com/s/v/71.37/uploader2.cab (UploadListView Class) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1282142814755 (MUCatalogWebControl Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.photoweb.fr/telechargement/telechargement-photoweb-6.5.6.cab (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} https://vpnssl.cea.fr/postauthACC/SodaAgent.CAB (SodaAgt Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKU\S-1-5-21-1776301142-913054847-3571437473-1000..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-1776301142-913054847-3571437473-1000\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/04/28 15:05:08 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Philippe\Desktop\OTL.exe [2011/04/28 15:02:03 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW [2011/04/27 23:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed [2011/04/27 23:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed [2011/04/27 20:46:50 | 000,000,000 | ---D | C] -- C:\Users\Philippe\DoctorWeb [2011/04/27 18:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS [2011/04/27 18:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\NOS [2011/04/27 17:44:30 | 000,000,000 | ---D | C] -- C:\Users\Philippe\Pavark [2011/04/27 17:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011/04/27 17:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/04/27 17:22:00 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011/04/27 17:22:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011/04/27 17:22:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011/04/27 17:22:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011/04/27 17:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011/04/26 22:27:16 | 000,000,000 | ---D | C] -- C:\Users\Philippe\Desktop\Starter [2011/04/26 15:18:48 | 000,000,000 | ---D | C] -- C:\Users\Philippe\AppData\Roaming\Ovot [2011/04/26 15:18:48 | 000,000,000 | ---D | C] -- C:\Users\Philippe\AppData\Roaming\Bozeoz [2011/04/24 21:36:58 | 000,000,000 | ---D | C] -- C:\FyK [2011/04/24 20:30:45 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Philippe\Desktop\HiJackThis.exe [2011/04/24 16:46:41 | 000,307,288 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011/04/24 16:46:41 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011/04/24 16:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2011/04/24 16:46:40 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011/04/24 16:46:40 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011/04/24 16:46:40 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011/04/24 16:46:40 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011/04/24 16:46:35 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011/04/24 16:46:35 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011/04/24 16:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2011/04/24 16:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2011/04/24 14:18:26 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011/04/16 22:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Nero [2011/04/15 21:22:24 | 000,000,000 | R--D | C] -- C:\Users\Philippe\Dropbox [2011/04/15 21:20:51 | 000,000,000 | ---D | C] -- C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011/04/15 21:20:40 | 000,000,000 | ---D | C] -- C:\Users\Philippe\AppData\Roaming\Dropbox [2008/10/31 14:57:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2011/04/28 15:05:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Philippe\Desktop\OTL.exe [2011/04/28 15:03:38 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/04/28 15:03:27 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\rpqvpimpt.job [2011/04/28 15:03:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/04/28 15:02:58 | 3488,849,920 | -HS- | M] () -- C:\hiberfil.sys [2011/04/28 14:44:38 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/04/28 14:44:38 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/04/28 14:41:43 | 000,704,242 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2011/04/28 14:41:43 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/04/28 14:41:43 | 000,130,548 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2011/04/28 14:41:43 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/04/28 14:31:59 | 004,332,172 | ---- | M] () -- C:\Users\Philippe\Desktop\ComboFix.exe [2011/04/28 14:31:42 | 000,050,477 | ---- | M] () -- C:\Users\Philippe\Desktop\Defogger.exe [2011/04/28 13:45:12 | 000,002,596 | ---- | M] () -- C:\Users\Philippe\Desktop\DrWeb total.csv [2011/04/28 00:52:43 | 000,000,188 | -HS- | M] () -- C:\Windows\setup_9.0.0.722_28.04.2011_00-08drv.spi [2011/04/27 23:16:10 | 000,027,681 | ---- | M] () -- C:\Users\Philippe\AppData\Local\Temp20.html [2011/04/27 23:15:58 | 000,001,667 | ---- | M] () -- C:\Users\Philippe\AppData\Local\Temp1.html [2011/04/27 23:06:12 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011/04/27 22:59:25 | 000,001,849 | ---- | M] () -- C:\Users\Philippe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/04/27 22:59:08 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/04/27 22:58:06 | 000,000,090 | ---- | M] () -- C:\Users\Philippe\Desktop\DrWeb2.csv [2011/04/27 21:33:57 | 000,000,152 | ---- | M] () -- C:\Users\Philippe\Desktop\DrWeb.csv [2011/04/27 20:46:23 | 060,834,256 | ---- | M] () -- C:\Users\Philippe\Desktop\x4azzb89.exe [2011/04/27 17:21:56 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011/04/27 17:21:56 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011/04/27 17:21:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011/04/27 17:21:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011/04/27 12:27:42 | 000,000,020 | ---- | M] () -- C:\Users\Philippe\defogger_reenable [2011/04/26 20:21:07 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\vmjj.sys [2011/04/26 15:41:35 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2011/04/25 17:02:39 | 000,879,081 | ---- | M] () -- C:\Users\Philippe\Desktop\SecurityCheck.exe [2011/04/24 20:30:48 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Philippe\Desktop\HiJackThis.exe [2011/04/24 19:26:14 | 000,000,037 | ---- | M] () -- C:\Windows\wininit.ini [2011/04/24 16:46:42 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011/04/24 16:46:40 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011/04/24 14:33:42 | 000,098,304 | RHS- | M] () -- C:\Windows\System32\config3.dll [2011/04/18 19:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011/04/18 19:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011/04/18 19:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011/04/18 19:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011/04/18 19:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011/04/18 19:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011/04/18 19:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011/04/18 19:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011/04/15 21:32:11 | 177,620,002 | ---- | M] () -- C:\Users\Philippe\Desktop\Thierry.MOV [2011/04/15 21:22:24 | 000,001,008 | ---- | M] () -- C:\Users\Philippe\Desktop\Dropbox.lnk [2011/04/11 21:57:28 | 000,000,060 | ---- | M] () -- C:\Windows\wpd99.drv [2011/04/11 21:52:55 | 000,090,653 | ---- | M] () -- C:\Users\Philippe\Desktop\tv pix.pdf [2011/03/31 21:52:15 | 000,000,040 | ---- | M] () -- C:\Windows\System32\profile.dat [2011/03/31 21:32:05 | 000,000,000 | ---- | M] () -- C:\Windows\vpc32.INI ========== Files Created - No Company Name ========== [2011/04/28 14:31:42 | 000,050,477 | ---- | C] () -- C:\Users\Philippe\Desktop\Defogger.exe [2011/04/28 14:31:33 | 004,332,172 | ---- | C] () -- C:\Users\Philippe\Desktop\ComboFix.exe [2011/04/28 13:45:12 | 000,002,596 | ---- | C] () -- C:\Users\Philippe\Desktop\DrWeb total.csv [2011/04/27 23:16:10 | 000,027,681 | ---- | C] () -- C:\Users\Philippe\AppData\Local\Temp20.html [2011/04/27 23:15:58 | 000,001,667 | ---- | C] () -- C:\Users\Philippe\AppData\Local\Temp1.html [2011/04/27 23:06:12 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011/04/27 23:06:12 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011/04/27 22:59:08 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011/04/27 22:59:08 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/04/27 22:58:06 | 000,000,090 | ---- | C] () -- C:\Users\Philippe\Desktop\DrWeb2.csv [2011/04/27 21:32:11 | 000,000,152 | ---- | C] () -- C:\Users\Philippe\Desktop\DrWeb.csv [2011/04/27 20:43:11 | 060,834,256 | ---- | C] () -- C:\Users\Philippe\Desktop\x4azzb89.exe [2011/04/27 12:27:28 | 000,000,020 | ---- | C] () -- C:\Users\Philippe\defogger_reenable [2011/04/27 07:03:26 | 000,001,054 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/04/26 20:21:07 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\vmjj.sys [2011/04/26 14:05:10 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2011/04/25 17:02:36 | 000,879,081 | ---- | C] () -- C:\Users\Philippe\Desktop\SecurityCheck.exe [2011/04/24 16:46:42 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011/04/24 16:36:07 | 000,000,037 | ---- | C] () -- C:\Windows\wininit.ini [2011/04/24 14:33:42 | 000,098,304 | RHS- | C] () -- C:\Windows\System32\config3.dll [2011/04/24 14:33:42 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\rpqvpimpt.job [2011/04/15 21:32:10 | 177,620,002 | ---- | C] () -- C:\Users\Philippe\Desktop\Thierry.MOV [2011/04/15 21:22:24 | 000,001,008 | ---- | C] () -- C:\Users\Philippe\Desktop\Dropbox.lnk [2011/04/11 21:52:53 | 000,090,653 | ---- | C] () -- C:\Users\Philippe\Desktop\tv pix.pdf [2011/03/31 21:32:05 | 000,000,000 | ---- | C] () -- C:\Windows\vpc32.INI [2010/11/20 18:58:33 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010/11/20 18:58:33 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010/09/06 09:19:40 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2010/09/06 09:19:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2010/09/06 09:19:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2010/09/06 09:19:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010/08/18 21:40:24 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2010/07/24 16:03:00 | 000,000,571 | ---- | C] () -- C:\Windows\System32\FeMakro.ini [2010/07/24 16:03:00 | 000,000,497 | ---- | C] () -- C:\Windows\System32\FeAnim.ini [2010/06/15 23:28:42 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010/04/25 16:53:43 | 000,000,017 | ---- | C] () -- C:\Users\Philippe\AppData\Local\resmon.resmoncfg [2010/02/09 23:06:43 | 000,003,584 | ---- | C] () -- C:\Users\Philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/03 01:35:13 | 000,698,897 | ---- | C] () -- C:\Windows\unins000.exe [2010/01/03 01:35:13 | 000,008,410 | ---- | C] () -- C:\Windows\unins000.dat [2010/01/02 23:22:21 | 000,022,064 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2010/01/02 22:43:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009/10/22 17:59:00 | 000,196,565 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009/08/20 08:36:33 | 000,000,040 | ---- | C] () -- C:\Windows\INTER.INI [2009/08/20 08:35:27 | 000,284,160 | ---- | C] () -- C:\Windows\unin040c.exe [2009/07/14 10:39:49 | 000,704,242 | ---- | C] () -- C:\Windows\System32\perfh00C.dat [2009/07/14 10:39:49 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat [2009/07/14 10:39:49 | 000,130,548 | ---- | C] () -- C:\Windows\System32\perfc00C.dat [2009/07/14 10:39:49 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 06:33:53 | 001,724,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009/05/16 14:53:35 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini [2009/05/16 14:51:43 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv [2009/05/16 14:51:42 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll [2009/04/05 18:54:36 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS78.DLL [2009/04/02 22:28:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009/03/10 00:03:43 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI [2009/03/09 23:53:24 | 000,000,040 | ---- | C] () -- C:\Windows\NAVIGMA.INI [2009/03/09 01:19:25 | 000,000,000 | ---- | C] () -- C:\Windows\COMPANIONAPP.INI [2009/03/09 00:47:13 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2009/03/07 23:32:10 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI [2009/03/07 16:41:25 | 000,000,040 | ---- | C] () -- C:\Windows\System32\profile.dat [2009/03/07 16:22:46 | 000,002,304 | ---- | C] () -- C:\Windows\System32\Machnm32.sys [2009/02/18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009/02/03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2008/12/23 13:33:11 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008/12/23 13:33:11 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008/10/31 06:45:08 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008/10/31 06:45:08 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008/10/31 06:35:00 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008/10/31 06:26:43 | 000,004,984 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys < End of report >

Et ben rebelotte pour combofix, écran bleu à la fin du chargement de la barre bleue Signature du problème : Nom d’événement de problème: BlueScreen Version du système: 6.1.7600.2.0.0.768.3 Identificateur de paramètres régionaux: 1036 Informations supplémentaires sur le problème : BCCode: 100000d1 BCP1: 4EA58B80 BCP2: 00000002 BCP3: 00000008 BCP4: 4EA58B80 OS Version: 6_1_7600 Service Pack: 0_0 Product: 768_1 Fichiers aidant à décrire le problème : C:\Windows\Minidump\042811-22042-01.dmp C:\Users\Philippe\AppData\Local\Temp\WER-46862-0.sysdata.xml Lire notre déclaration de confidentialité en ligne : http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x040c Si la déclaration de confidentialité en ligne n’est pas disponible, lisez la version hors connexion : C:\Windows\system32\fr-FR\erofflps.txt J'ai aussi essayé en redémarrant en mode sans échec et en lançant Dr web juste pour éradiqué le processus svchost avant de lancer combofix et même résultat... Ah oui j'allais oublié. J'ai aussi des redirections vers des sites divers et variés après une recherche google qui semble ok en cliquant sur le lien, je suis redirigé vers d'autres sites. C'est le premier coup que ça me le fait...