Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.

©©chargements - Outils de Xplode - AdwCleaner


Lance le, clique sur [suppression]puis patiente le temps du scan.

Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.


Note : Le rapport est également sauvegardé sous C:\AdwCleaner[s1].txt



Installe Malewarebytes' Antimalware,


Malwarebytes : Malwarebytes Anti-Malware PRO removes malware including viruses, spyware, worms and trojans, plus it protects your computer


Prends bien la version FREE

*** Met-le à jour puis choisi, Exécuter un examen complet


*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection


Poste le rapport final.


Puis pour contrôle:

* Télécharge >> OTL <<sur ton bureau.


* Fait un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"


* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.


* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal " soit cochée.


* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL " Personnalisation"

HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl|FEATURE_BROWSER_EMULATION /rs

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl|feature_enable_ie_compression /rs

HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\FeatureControl|feature_enable_ie_compression /rs

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers /s

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 /s

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc /s

%temp%\smtmp\1\*.* /s

%temp%\smtmp\2\*.* /s

%temp%\smtmp\4\*.* /s

nslookup Google /c



%systemroot%\system32\drivers\*.sys /lockedfiles






%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "Analyse" (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.


# AdwCleaner v1.801 - Rapport créé le 18/08/2012 à 09:39:21

# Mis à jour le 14/08/2012 par Xplode

# Système d'exploitation : Windows 7 Starter Service Pack 1 (32 bits)

# Nom d'utilisateur : philippe leclercq - INVISIBLE

# Mode de démarrage : Normal

# Exécuté depuis : C:\Users\philippe leclercq\Downloads\adwcleaner.exe

# Option [suppression]



***** [services] *****



***** [Fichiers / Dossiers] *****



***** [Registre] *****



***** [Registre - GUID] *****



***** [Navigateurs] *****


-\\ Internet Explorer v8.0.7601.17514


[OK] Le registre ne contient aucune entrée illégitime.


-\\ Google Chrome v21.0.1180.79


Fichier : C:\Users\philippe leclercq\AppData\Local\Google\Chrome\User Data\Default\Preferences


[OK] Le fichier ne contient aucune entrée illégitime.




AdwCleaner[s1].txt - [7105 octets] - [15/08/2012 18:40:28]

AdwCleaner[s2].txt - [891 octets] - [18/08/2012 09:39:21]


########## EOF - C:\AdwCleaner[s2].txt - [1018 octets] ##########




Malwarebytes Anti-Malware (Essai)


Version de la base de données: v2012.08.17.06


Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

philippe leclercq :: INVISIBLE [administrateur]


Protection: Activé


18/08/2012 10:25:49

mbam-log-2012-08-18 (10-25-49).txt


Type d'examen: Examen complet (C:\|D:\|)

Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM

Options d'examen désactivées: P2P

Elément(s) analysé(s): 319064

Temps écoulé: 1 heure(s), 56 minute(s), 15 seconde(s)


Processus mémoire détecté(s): 0

(Aucun élément nuisible détecté)


Module(s) mémoire détecté(s): 0

(Aucun élément nuisible détecté)


Clé(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)


Valeur(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)


Elément(s) de données du Registre détecté(s): 0

(Aucun élément nuisible détecté)


Dossier(s) détecté(s): 0

(Aucun élément nuisible détecté)


Fichier(s) détecté(s): 0

(Aucun élément nuisible détecté)






OTL logfile created on: 8/18/2012 1:57:26 PM - Run 1

OTL by OldTimer - Version Folder = C:\Users\philippe leclercq\Downloads

Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: France | Language: FRA | Date Format: dd/MM/yyyy


1014.18 Mb Total Physical Memory | 100.38 Mb Available Physical Memory | 9.90% Memory free

1.55 Gb Paging File | 0.15 Gb Available in Paging File | 10.01% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 80.00 Gb Total Space | 0.70 Gb Free Space | 0.87% Space Free | Partition Type: NTFS

Drive D: | 54.03 Gb Total Space | 0.01 Gb Free Space | 0.01% Space Free | Partition Type: NTFS


Computer Name: INVISIBLE | User Name: philippe leclercq | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


========== Processes (SafeList) ==========


PRC - C:\Users\philippe leclercq\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe ()

PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

PRC - C:\Windows\System32\AsusService.exe ()

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)



========== Modules (No Company Name) ==========


MOD - C:\Users\philippe leclercq\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll ()

MOD - C:\Users\philippe leclercq\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll ()

MOD - C:\Users\philippe leclercq\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll ()

MOD - C:\Users\philippe leclercq\AppData\Local\Google\Chrome\Application\21.0.1180.79\libglesv2.dll ()

MOD - C:\Users\philippe leclercq\AppData\Local\Google\Chrome\Application\21.0.1180.79\libegl.dll ()

MOD - C:\Users\philippe leclercq\AppData\Local\Google\Chrome\Application\21.0.1180.79\avutil-51.dll ()

MOD - C:\Users\philippe leclercq\AppData\Local\Google\Chrome\Application\21.0.1180.79\avformat-54.dll ()

MOD - C:\Users\philippe leclercq\AppData\Local\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\ ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\ ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\ ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\ ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\ ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\ ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\ ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\ ()

MOD - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe ()

MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\\mscorlib.resources.dll ()

MOD - C:\PROGRA~1\ASUS\ASUSWE~1\3084~1.161\ASUSWS~1.DLL ()



========== Win32 Services (SafeList) ==========


SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MotoHelper) -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()

SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)

SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)



========== Driver Services (SafeList) ==========


DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found

DRV - (motusbdevice) -- system32\DRIVERS\motusbdevice.sys File not found

DRV - (Motousbnet) -- system32\DRIVERS\Motousbnet.sys File not found

DRV - (MotoSwitchService) -- system32\DRIVERS\motswch.sys File not found

DRV - (motmodem) -- system32\DRIVERS\motmodem.sys File not found

DRV - (motccgpfl) -- system32\DRIVERS\motccgpfl.sys File not found

DRV - (motccgp) -- system32\DRIVERS\motccgp.sys File not found

DRV - (motandroidusb) -- System32\Drivers\motoandroid.sys File not found

DRV - (btwrchid) -- C:\windows\system32\DRIVERS\btwrchid.sys File not found

DRV - (btwl2cap) -- system32\DRIVERS\btwl2cap.sys File not found

DRV - (btwavdt) -- C:\windows\system32\DRIVERS\btwavdt.sys File not found

DRV - (btwaudio) -- system32\drivers\btwaudio.sys File not found

DRV - (BTCFilterService) -- system32\DRIVERS\motfilt.sys File not found

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()

DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)

DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)

DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)

DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)



========== Standard Registry (SafeList) ==========



========== Internet Explorer ==========


IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = ASUS Eee Family | Easy to Learn, Work and Play [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\..\URLSearchHook: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - No CLSID value found

IE - HKCU\..\URLSearchHook: {ef79f67a-6ad7-4715-a0f8-932fca442023} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing

IE - HKCU\..\SearchScopes\{704F44C6-BB9D-4C0F-BB50-CD99876C35EC}: "URL" = {searchTerms} - Yahoo! France Résultats de recherche

IE - HKCU\..\SearchScopes\{DBE038AB-ABB8-4DD2-88CC-1271944A1BB9}: "URL" ={searchTerms}&locale=fr_FR&apn_ptnrs=7R&apn_dtid=YYYYYYYYFR&apn_uid=3f59661f-8d64-4990-a477-ee220244000c&apn_sauid=B9D17693-229C-49E0-9EE7-BC0392703FBC&

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========


FF - prefs.js..extensions.enabledItems: {e2fda1a4-762b-4020-b5ad-a41df1933103}:1.0b2

FF - prefs.js..extensions.enabledItems:

FF - user.js - File not found


FF - HKLM\Software\MozillaPlugins\ C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found

FF - HKLM\Software\MozillaPlugins\ C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\,version=10.5.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\ Update;version=3: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\ Update;version=9: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\ Update;version=3: C:\Users\philippe leclercq\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\ Update;version=9: C:\Users\philippe leclercq\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\,version=1.0: C:\Users\philippe leclercq\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



[2010/12/06 13:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe leclercq\AppData\Roaming\mozilla\Extensions

[2010/12/06 13:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe leclercq\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012/01/01 21:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe leclercq\AppData\Roaming\mozilla\Firefox\extensions

[2011/12/06 20:58:32 | 000,000,000 | ---D | M] (uTorrentBar_FR Community Toolbar) -- C:\Users\philippe leclercq\AppData\Roaming\mozilla\Firefox\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}

[2012/01/01 21:59:20 | 000,000,000 | ---D | M] (BittorrentBar_FR Community Toolbar) -- C:\Users\philippe leclercq\AppData\Roaming\mozilla\Firefox\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}

[2010/12/07 22:44:09 | 000,000,000 | ---D | M] (Lightning) -- C:\USERS\PHILIPPE LECLERCQ\APPDATA\ROAMING\THUNDERBIRD\PROFILES\N1R7AGUE.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}



========== Chrome ==========


CHR - homepage: Google

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: Google

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\philippe leclercq\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\philippe leclercq\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\philippe leclercq\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\philippe leclercq\AppData\Local\Google\Chrome\User Data\PepperFlash\\pepflashplayer.dll

CHR - plugin: Java Platform SE 7 U2 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: plugin (Enabled) = C:\Program Files\\nphardwaredetection.dll

CHR - Extension: YouTube = C:\Users\philippe leclercq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Recherche Google = C:\Users\philippe leclercq\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\

CHR - Extension: FD Plugin = C:\Users\philippe leclercq\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaankaoacjlcnkdfagcnnncmeojkoeai\1.0.2_1\

CHR - Extension: Gmail = C:\Users\philippe leclercq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\


O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI)

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CBBC60F-00AF-41ED-9CA1-46055DD437ED}: DhcpNameServer =

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F537F381-17A3-443A-A90E-23BC2441989D}: NameServer =,

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{65e1d9b1-9c22-11e0-baf0-20cf30426731}\Shell - "" = AutoRun

O33 - MountPoints2\{65e1d9b1-9c22-11e0-baf0-20cf30426731}\Shell\AutoRun\command - "" = E:\setup.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\ [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - C:\windows\System32\i420vfw.dll (

Drivers32: vidc.yv12 - C:\windows\System32\yv12vfw.dll (

PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin


NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found



SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices


SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: vsmon - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices


ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {69E9D29D-482A-4DDA-D1CB-7E1A9A07A627} - Offline Browsing Pack

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {9A9B7981-608F-76B3-2831-FCB18EEF7CA5} - Themes Setup

ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CACB6E31-8047-3D19-C342-5C33695EE5AA} - Browser Customizations

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP


Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - C:\windows\System32\i420vfw.dll (

Drivers32: vidc.yv12 - C:\windows\System32\yv12vfw.dll (


========== Files/Folders - Created Within 30 Days ==========


[2012/08/18 09:37:46 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys

[2012/08/15 19:22:49 | 000,000,000 | ---D | C] -- C:\Users\philippe leclercq\AppData\Roaming\Malwarebytes

[2012/08/15 19:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/08/15 19:22:20 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2012/08/15 19:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/08/15 18:40:36 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll

[2012/08/15 18:40:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll

[2012/08/15 18:40:32 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll

[2012/08/15 18:40:31 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb

[2012/08/15 18:40:31 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll

[2012/08/15 18:40:23 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll

[2012/08/15 18:40:17 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys

[2012/08/15 18:40:04 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll

[2012/08/01 09:15:48 | 000,000,000 | ---D | C] -- C:\Users\philippe leclercq\Desktop\contenu motorola defy

[2012/07/31 19:42:20 | 000,000,000 | ---D | C] -- C:\Users\philippe leclercq\Desktop\Nouveau dossier

[2012/07/25 10:38:25 | 000,000,000 | ---D | C] -- C:\Users\philippe leclercq\Desktop\Camera

[2011/07/02 14:16:07 | 000,092,064 | ---- | C] (MCCI) -- C:\Users\philippe leclercq\mqdmmdm.sys

[2011/07/02 14:16:07 | 000,079,328 | ---- | C] (MCCI) -- C:\Users\philippe leclercq\mqdmserd.sys

[2011/07/02 14:16:07 | 000,066,656 | ---- | C] (MCCI) -- C:\Users\philippe leclercq\mqdmbus.sys

[2011/07/02 14:16:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\philippe leclercq\usbsermptxp.sys

[2011/07/02 14:16:07 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\philippe leclercq\usbsermpt.sys

[2011/07/02 14:16:07 | 000,009,232 | ---- | C] (MCCI) -- C:\Users\philippe leclercq\mqdmmdfl.sys

[2011/07/02 14:16:07 | 000,006,208 | ---- | C] (MCCI) -- C:\Users\philippe leclercq\mqdmcmnt.sys

[2011/07/02 14:16:07 | 000,005,936 | ---- | C] (MCCI) -- C:\Users\philippe leclercq\mqdmwhnt.sys

[2011/07/02 14:16:07 | 000,004,048 | ---- | C] (MCCI) -- C:\Users\philippe leclercq\mqdmcr.sys

[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]


========== Files - Modified Within 30 Days ==========


[2012/08/18 14:02:13 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2012/08/18 13:53:00 | 000,001,078 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/18 13:48:00 | 000,001,002 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/08/18 13:39:01 | 000,001,126 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2091292328-1087205343-3181550619-1000UA.job

[2012/08/18 11:39:11 | 000,001,074 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2091292328-1087205343-3181550619-1000Core.job

[2012/08/18 10:25:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys

[2012/08/18 10:25:34 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/18 10:25:34 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/18 10:17:36 | 000,001,074 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/18 10:17:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/08/18 10:16:57 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/17 09:22:56 | 000,522,016 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2012/08/15 18:48:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe

[2012/08/15 18:48:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl

[2012/08/14 14:24:07 | 000,704,508 | ---- | M] () -- C:\windows\System32\perfh00C.dat

[2012/08/14 14:24:07 | 000,616,036 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2012/08/14 14:24:07 | 000,130,782 | ---- | M] () -- C:\windows\System32\perfc00C.dat

[2012/08/14 14:24:07 | 000,106,416 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2012/08/12 12:32:06 | 000,405,828 | ---- | M] () -- C:\Users\philippe leclercq\Desktop\100_6421.JPG

[2012/08/09 08:44:02 | 000,401,274 | ---- | M] () -- C:\Users\philippe leclercq\Desktop\100_6420.JPG

[2012/07/29 20:41:00 | 004,334,592 | ---- | M] () -- C:\Users\philippe leclercq\Desktop\contacts outlook.pst

[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]


========== Files Created - No Company Name ==========


[2012/08/18 14:02:13 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2012/08/12 17:05:30 | 000,401,274 | ---- | C] () -- C:\Users\philippe leclercq\Desktop\100_6420.JPG

[2012/08/12 16:56:58 | 000,405,828 | ---- | C] () -- C:\Users\philippe leclercq\Desktop\100_6421.JPG

[2012/07/29 20:39:51 | 004,334,592 | ---- | C] () -- C:\Users\philippe leclercq\Desktop\contacts outlook.pst

[2012/04/20 18:56:05 | 000,027,648 | ---- | C] () -- C:\windows\System32\AVSredirect.dll

[2012/01/13 19:48:45 | 000,200,468 | ---- | C] () -- C:\windows\System32\drivers\RTAIODAT.DAT

[2011/12/30 20:53:19 | 000,000,019 | ---- | C] () -- C:\windows\info9.ini

[2011/12/30 20:53:19 | 000,000,019 | ---- | C] () -- C:\windows\info7.ini

[2011/12/30 20:53:19 | 000,000,019 | ---- | C] () -- C:\windows\info4.ini

[2011/12/30 20:53:19 | 000,000,019 | ---- | C] () -- C:\windows\info10.ini

[2011/07/02 16:31:00 | 000,038,458 | ---- | C] () -- C:\Users\philippe leclercq\AppData\Roaming\Valeurs séparées par une virgule (Windows).ADR

[2011/07/02 16:22:12 | 000,038,443 | ---- | C] () -- C:\Users\philippe leclercq\AppData\Roaming\Microsoft Excel 97-2003.ADR

[2011/07/02 14:16:07 | 000,009,913 | ---- | C] () -- C:\Users\philippe leclercq\MCCI_MDM.INF

[2011/07/02 14:16:07 | 000,009,232 | ---- | C] () -- C:\Users\philippe leclercq\USB_MOT_BRIT.INF

[2011/07/02 14:16:07 | 000,007,201 | ---- | C] () -- C:\Users\philippe leclercq\USBMOT2000.INF

[2011/07/02 14:16:07 | 000,006,989 | ---- | C] () -- C:\Users\philippe leclercq\MCCI_BUS.INF

[2011/07/02 14:16:07 | 000,006,141 | ---- | C] () -- C:\Users\philippe leclercq\USBMOT2000XP.INF

[2011/07/02 14:16:07 | 000,005,960 | ---- | C] () -- C:\Users\philippe leclercq\USB_MOT_A1000.INF

[2011/07/02 14:16:07 | 000,005,880 | ---- | C] () -- C:\Users\philippe leclercq\USB_CMCS_2000.INF

[2011/07/02 14:16:07 | 000,004,477 | ---- | C] () -- C:\Users\philippe leclercq\MCCI_SDM.INF

[2011/07/02 14:15:51 | 000,114,656 | ---- | C] () -- C:\Users\philippe leclercq\1309608951-(null) - Copie

[2011/07/02 14:15:51 | 000,067,229 | ---- | C] () -- C:\Users\philippe leclercq\1309608951-(null)

[2011/06/28 22:36:23 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini

[2011/01/29 18:00:22 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll

[2011/01/29 18:00:22 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll

[2011/01/29 18:00:22 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll

[2011/01/29 18:00:22 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll

[2010/12/09 22:59:29 | 000,000,000 | ---- | C] () -- C:\windows\mtstack.INI

[2010/12/08 00:01:30 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI

[2010/12/07 23:34:10 | 000,033,134 | ---- | C] () -- C:\Users\philippe leclercq\AppData\Roaming\UserTile.png

[2010/12/07 23:25:38 | 000,015,872 | ---- | C] () -- C:\Users\philippe leclercq\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/12/07 22:26:48 | 000,045,056 | ---- | C] () -- C:\windows\System32\mtstack.exe

[2010/12/04 23:11:02 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll

[2010/12/04 20:42:50 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS

[2010/12/04 19:29:57 | 000,000,117 | ---- | C] () -- C:\windows\TmPfw.ini

[2010/12/04 19:12:53 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat

[2010/12/04 19:12:53 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat

[2010/06/24 18:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe


========== Custom Scans ==========


< HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl|FEATURE_BROWSER_EMULATION /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\\prevhost.exe: 8000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\\sllauncher.exe: 8000


< HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl|feature_enable_ie_compression /rs >


< HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\FeatureControl|feature_enable_ie_compression /rs >


< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\philippe leclercq\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/14 06:31:01 | 001,229,848 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\philippe leclercq\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/14 06:31:01 | 001,229,848 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\philippe leclercq\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/14 06:31:01 | 001,229,848 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\philippe leclercq\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/14 06:31:01 | 001,229,848 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 14:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 14:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 14:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 14:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/11/20 14:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)


< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\philippe leclercq\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/14 06:31:01 | 001,229,848 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\philippe leclercq\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/14 06:31:01 | 001,229,848 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\philippe leclercq\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/14 06:31:01 | 001,229,848 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\philippe leclercq\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/14 06:31:01 | 001,229,848 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 14:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 14:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 14:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 14:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/11/20 14:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)


< HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers /s >

"timer" = timer.drv -- [2009/07/13 23:41:39 | 000,004,048 | ---- | M] (Microsoft Corporation)


< HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc /s >

"C:\Windows\System32\l3codeca.acm" = Fraunhofer IIS MPEG Layer-3 Codec

"wdmaud.drv" = Realtek High Definition Audio

"vfwwdm32.dll" = WDM Video For Windows Capture Driver (Win32)

"sirenacm.dll" = Messenger Audio Codec


< %temp%\smtmp\1\*.* /s >


< %temp%\smtmp\2\*.* /s >


< %temp%\smtmp\4\*.* /s >


< nslookup Google /c >

DNS request timed out.

timeout was 2 seconds.

Serveur : UnKnown



< %systemroot%\system32\drivers\*.sys /lockedfiles >

[2010/05/15 17:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) Unable to obtain MD5 -- C:\windows\system32\drivers\vsdatant.sys


< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >

[2009/07/14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\LocationApi.dll

[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]


< %systemroot%\Tasks\*.job /lockedfiles >


< End of report >


ok fait ceci s.t.p


* Fait un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"


* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.


* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case " Rapport minimal" soit cochée.


* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"


IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = ASUS Eee Family | Easy to Learn, Work and Play [binary data]

IE - HKCU\..\URLSearchHook: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - No CLSID value found

IE - HKCU\..\URLSearchHook: {ef79f67a-6ad7-4715-a0f8-932fca442023} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes\{704F44C6-BB9D-4C0F-BB50-CD99876C35EC}: "URL" = {searchTerms} - Yahoo! France Résultats de recherche

IE - HKCU\..\SearchScopes\{DBE038AB-ABB8-4DD2-88CC-1271944A1BB9}: "URL" = http://websearch.ask...7-BC0392703FBC

[2011/12/06 20:58:32 | 000,000,000 | ---D | M] (uTorrentBar_FR Community Toolbar) -- C:\Users\philippe leclercq\AppData\Roaming\mozilla\Firefox\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}

[2012/01/01 21:59:20 | 000,000,000 | ---D | M] (BittorrentBar_FR Community Toolbar) -- C:\Users\philippe leclercq\AppData\Roaming\mozilla\Firefox\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.



* Cliques sur l'icône Correction (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport s'ouvrir "OTL.log"

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ef79f67a-6ad7-4715-a0f8-932fca442023} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{704F44C6-BB9D-4C0F-BB50-CD99876C35EC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{704F44C6-BB9D-4C0F-BB50-CD99876C35EC}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DBE038AB-ABB8-4DD2-88CC-1271944A1BB9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBE038AB-ABB8-4DD2-88CC-1271944A1BB9}\ not found.

C:\Users\philippe leclercq\AppData\Roaming\mozilla\Firefox\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\searchplugin folder moved successfully.

C:\Users\philippe leclercq\AppData\Roaming\mozilla\Firefox\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\modules folder moved successfully.

C:\Users\philippe leclercq\AppData\Roaming\mozilla\Firefox\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\META-INF folder moved successfully.

C:\Users\philippe leclercq\AppData\Roaming\mozilla\Firefox\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\defaults folder moved successfully.

C:\Users\philippe leclercq\AppData\Roaming\mozilla\Firefox\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\components folder moved successfully.

C:\Users\philippe leclercq\AppData\Roaming\mozilla\Firefox\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\chrome folder moved successfully.

C:\Users\philippe leclercq\AppData\Roaming\mozilla\Firefox\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} folder moved successfully.

C:\Users\philippe leclercq\AppData\Roaming\mozilla\Firefox\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\searchplugin folder moved successfully.

C:\Users\philippe leclercq\AppData\Roaming\mozilla\Firefox\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\modules folder moved successfully.

C:\Users\philippe leclercq\AppData\Roaming\mozilla\Firefox\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\META-INF folder moved successfully.

C:\Users\philippe leclercq\AppData\Roaming\mozilla\Firefox\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\defaults folder moved successfully.

C:\Users\philippe leclercq\AppData\Roaming\mozilla\Firefox\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\components folder moved successfully.

C:\Users\philippe leclercq\AppData\Roaming\mozilla\Firefox\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\chrome folder moved successfully.

C:\Users\philippe leclercq\AppData\Roaming\mozilla\Firefox\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023} folder moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.

========== COMMANDS ==========




User: All Users


User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 321 bytes


User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes


User: philippe leclercq

->Temp folder emptied: 1514806 bytes

->Temporary Internet Files folder emptied: 3541725 bytes

->Java cache emptied: 517339 bytes

->Google Chrome cache emptied: 115480278 bytes

->Flash cache emptied: 42152 bytes


User: Public


%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 5 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 121699787 bytes

RecycleBin emptied: 40960 bytes


Total Files Cleaned = 232.00 mb



OTL by OldTimer - Version log created on 08202012_121858


Files\Folders moved on Reboot...

C:\windows\temp\TMP0000000824DC9173D9B75C4B moved successfully.

C:\windows\temp\ZLT07b5b.TMP moved successfully.


PendingFileRenameOperations files...

File C:\windows\temp\TMP0000000824DC9173D9B75C4B not found!

File C:\windows\temp\ZLT07b5b.TMP not found!


Registry entries deleted on Reboot...


ok juste ceci et après dis moi comment va ton pc s.t.p


Pour Internet Explorer:

Démarrer IE-->>Outils-->>Options Internet-->>Onglet avancé-->>REINITIALISER

Pour FireFox :

Démarre FireFox --> Outil Options --> Onglet général --> Restaurer la configuration par défaut

Bonjour kingleroideskong,


Si tu considères que la question est réglée, et sous couvert de Bernard, n'oublie pas de le signaler en taguant du mot [Résolu] le titre de ton sujet…



[1] En bas du premier message de ton sujet, clique sur [Modifier]

[2] En bas de l'éditeur qui s'ouvre, clique sur [Utiliser l'éditeur complet]

[3] En haut de l'éditeur complet, ajoute [Résolu] au titre de ton sujet.

Ça a l air d aller. Je n'ai plus de fenêtre qui s'affiche toute seule

Très bien ;)


Fais ceci pour supprimer les logiciels qui ont servi à cette désinfection.


Télécharge << DELFIX >> de Xplode pour supprimer les logiciels qui ont servi à cette désinfection.


* À l'invite, [suppression] ()

* Un rapport va s'ouvrir à la fin, colle-le dans la réponse.

Ensuite pour le désinstaller, tu relances et tu passes à l'option [Désinstallation]


Puis valide ton post en résolu comme signalé par Dylav :jap:

