win32rootkit-gen trouvé avec avast

krolo · le 07 Oct 2010 14:07

je ne sais pas si cela a un rapport mais depuis qqes jours mon ordi s'éteint parfois tout seul
j'ai fait analyse avec avast qui m'a trouvé ce que j'ai mis dans sujet j'ai donc mis en quarantaine
j'ai fait analyse avec malwyre qui n'a rien trouvé
pouvez vous me dire si j'ai résolu le problème ?merci d'avance

bernard53 · le 07 Oct 2010 18:59

Bonjour

Est ce que ton pc s'éteins encore ou pas?

.

krolo · le 15 Oct 2010 16:21

oui mon pc s'éteint toujours
aprés analyse avec malwyre j'ai trouvé trojan fake alert et trojan vundu
ainsi que plusieurs adware : zango et shopping
j'ai tout mis en quarantaine pendant 2 jours cela allait mieux puis pc s'éteint à nouveau et ordi redevient lent
merci pour votre aide

bernard53 · le 15 Oct 2010 17:15

ok fait ceci alors .

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal " soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL " Personnalisation"

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
vstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

krolo · le 15 Oct 2010 17:44

voilà j 'ai un gros souci je n'arrive absolument pas à télécharger ce que tu me demandes le téléchargement démarre et à 90% tout s'arrête rien n'apparait sur bureau
j'ai tout fermé et réessayé rien à faire
je ne sais pas pourquoi je suis sous windows xp et navigue avec mozilla firefox

EDIT :

annule mon précédent message j'ai réussi par un autre moyen avec internet explorer a le mettre sur pc donc à tout à l'heure
merci

EDIT Skynet : Messages fusionnés.

krolo · le 15 Oct 2010 18:37

Code: Tout sélectionner: OTL Extras logfile created on: 15/10/2010 18:54:34 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Utilisateur\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 510,00 Mb Total Physical Memory | 164,00 Mb Available Physical Memory | 32,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 38,33 Gb Total Space | 17,04 Gb Free Space | 44,46% Space Free | Partition Type: NTFS Drive E: | 76,32 Gb Total Space | 58,43 Gb Free Space | 76,56% Space Free | Partition Type: NTFS Computer Name: CHABAUD-653B7B9 | User Name: Utilisateur | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" %* txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\PACK SECURITE\backweb\542802\Program\fspex.exe" = C:\Program Files\PACK SECURITE\backweb\542802\Program\fspex.exe:*:Enabled:PACK SECURITE -- File not found "C:\Program Files\Numericable Controle Parental\Numericable Controle Parental.exe" = C:\Program Files\Numericable Controle Parental\Numericable Controle Parental.exe:*:Enabled:Numericable Controle Parental -- File not found "C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" = C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe:*:Enabled:Lecteur CANALPLAY -- File not found "C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe" = C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe:*:Enabled:Lecteur CANALPLAY Helper -- File not found "C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net) "C:\Program Files\eChanblard\emule.exe" = C:\Program Files\eChanblard\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net) "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe" = C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner -- File not found "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe" = C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios) "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe" = C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1C1290DD-EB9D-4F92-A61B-53DDB77AD53B}" = FunAccess "{1DE6C358-65D4-3022-5627-39F87224E9A1}" = NowBoarding "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print "{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime "{51D569E0-8A28-11D2-B962-006097C4DE24}" = Microsoft (R) C Runtime Library "{51D569E2-8A28-11D2-B962-006097C4DE24}" = MFCDLL Shared Library - Retail Version "{51D569E3-8A28-11D2-B962-006097C4DE24}" = Microsoft (R) C++ Runtime Library "{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2 "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}" = Microsoft AutoRoute 2006 "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{930E3A4D-70B7-4D0D-AF8D-0B351A9B55BE}" = MSXML 3.0 "{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0 "{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}" = ArcSoft Camera Suite 1.3 "{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX "{C2EBC2F1-B766-4AE3-A10C-6EBBC1EE3B02}" = Logiciel de Synchronisation Orange "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable "{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{ORAHSS}.UninstallSuite" = Orange - Logiciels Internet "7c4b262c4712fd76fc0f96fd7f36ee40" = Nike + Philips DMM "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold "ArtistScope Plugin FX4.2.0.3" = ArtistScope Plugin FX "avast5" = avast! Free Antivirus "CAL" = Canon Camera Access Library "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "CartoExploreur 3_is1" = CartoExploreur 3 3.17 "CCleaner" = CCleaner (remove only) "CursorFX" = CursorFX "eMule" = eMule "EOS Utility" = Canon Utilities EOS Utility "EPSON Printer and Utilities" = EPSON Logiciel imprimante "EPSON Scanner" = EPSON Scan "EPSON Stylus CX7300_CX8300_DX7400_DX8400 Guide d'utilisation" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manuel "Google Updater" = Outil de mise à jour Google "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "LimeWire" = LimeWire 5.3.6 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "NeroMultiInstaller!UninstallKey" = Nero Suite "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PhotoStitch" = Canon Utilities PhotoStitch "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX "Réseau France Bayo_is1" = Réseau France Bayo 0013-Q0 "Réseau France BdAlti_is1" = Réseau France BdAlti 2005-Q3 "Réseau France BdNyme_is1" = Réseau France BdNyme 2004-Q4 "Réseau Guyane Bayo_is1" = Réseau Guyane Bayo 0005-Q0 "Réseau Guyane BdAlti_is1" = Réseau Guyane BdAlti 2003-Q1 "Réseau Reunion Bayo_is1" = Réseau Reunion Bayo 0005-Q0 "Réseau Reunion BdAlti_is1" = Réseau Reunion BdAlti 2003-Q1 "SLD Codec Pack" = SLD Codec Pack "wilkinson screensaver" = wilkinson screensaver "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "Windows XP Service" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Toolbar" = Yahoo! Toolbar "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Antivirus Events ] Error - 30/06/2009 17:09:14 | Computer Name = CHABAUD-653B7B9 | Source = avast! | ID = 33554522 Description = Error - 30/06/2009 17:09:14 | Computer Name = CHABAUD-653B7B9 | Source = avast! | ID = 33554522 Description = Error - 30/06/2009 17:09:35 | Computer Name = CHABAUD-653B7B9 | Source = avast! | ID = 33554522 Description = Error - 30/06/2009 17:09:35 | Computer Name = CHABAUD-653B7B9 | Source = avast! | ID = 33554522 Description = Error - 30/06/2009 17:10:13 | Computer Name = CHABAUD-653B7B9 | Source = avast! | ID = 33554522 Description = Error - 30/06/2009 17:10:13 | Computer Name = CHABAUD-653B7B9 | Source = avast! | ID = 33554522 Description = Error - 14/07/2009 18:52:19 | Computer Name = CHABAUD-653B7B9 | Source = avast! | ID = 33554522 Description = Error - 05/11/2009 12:23:25 | Computer Name = CHABAUD-653B7B9 | Source = avast! | ID = 33554522 Description = Error - 08/11/2009 16:33:14 | Computer Name = CHABAUD-653B7B9 | Source = avast! | ID = 33554522 Description = Error - 08/11/2009 19:02:11 | Computer Name = CHABAUD-653B7B9 | Source = avast! | ID = 33554522 Description = [ Application Events ] Error - 09/09/2010 12:10:02 | Computer Name = CHABAUD-653B7B9 | Source = Application Hang | ID = 1002 Description = Application bloquée wmplayer.exe, version 11.0.5721.5145, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 09/09/2010 13:55:06 | Computer Name = CHABAUD-653B7B9 | Source = | ID = 0 Description = Error - 14/09/2010 09:39:30 | Computer Name = CHABAUD-653B7B9 | Source = Microsoft Office 11 | ID = 1000 Description = Faulting application powerpnt.exe, version 11.0.5529.0, stamp 3f281ac3, faulting module l3codecp.acm, version 3.4.0.0, stamp 4536f97b, debug? 0, fault address 0x00019878. Error - 16/09/2010 04:26:14 | Computer Name = CHABAUD-653B7B9 | Source = Application Hang | ID = 1002 Description = Application bloquée msimn.exe, version 6.0.2900.5512, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 17/09/2010 05:20:31 | Computer Name = CHABAUD-653B7B9 | Source = Application Hang | ID = 1002 Description = Application bloquée msimn.exe, version 6.0.2900.5512, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 23/09/2010 09:46:48 | Computer Name = CHABAUD-653B7B9 | Source = Application Hang | ID = 1002 Description = Application bloquée firefox.exe, version 1.9.2.3909, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 24/09/2010 17:02:15 | Computer Name = CHABAUD-653B7B9 | Source = Google Update | ID = 20 Description = Error - 24/09/2010 17:02:55 | Computer Name = CHABAUD-653B7B9 | Source = Application Error | ID = 1000 Description = Application défaillante alg.exe, version 5.1.2600.5512, module défaillant ntdll.dll, version 5.1.2600.5755, adresse de défaillance 0x00031302. Error - 07/10/2010 03:02:14 | Computer Name = CHABAUD-653B7B9 | Source = Google Update | ID = 20 Description = Error - 13/10/2010 12:29:34 | Computer Name = CHABAUD-653B7B9 | Source = Application Hang | ID = 1002 Description = Application bloquée SpybotSD.exe, version 1.4.0.3, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. [ System Events ] Error - 13/10/2010 01:12:00 | Computer Name = CHABAUD-653B7B9 | Source = Service Control Manager | ID = 7000 Description = Le service DV AIPTEK CAUET(Video) n'a pas pu démarrer en raison de l'erreur : %%2 Error - 13/10/2010 02:54:49 | Computer Name = CHABAUD-653B7B9 | Source = Service Control Manager | ID = 7000 Description = Le service DV AIPTEK CAUET(Video) n'a pas pu démarrer en raison de l'erreur : %%2 Error - 13/10/2010 10:54:05 | Computer Name = CHABAUD-653B7B9 | Source = Service Control Manager | ID = 7000 Description = Le service DV AIPTEK CAUET(Video) n'a pas pu démarrer en raison de l'erreur : %%2 Error - 13/10/2010 10:56:54 | Computer Name = CHABAUD-653B7B9 | Source = Service Control Manager | ID = 7000 Description = Le service DV AIPTEK CAUET(Video) n'a pas pu démarrer en raison de l'erreur : %%2 Error - 13/10/2010 11:05:29 | Computer Name = CHABAUD-653B7B9 | Source = Service Control Manager | ID = 7000 Description = Le service DV AIPTEK CAUET(Video) n'a pas pu démarrer en raison de l'erreur : %%2 Error - 13/10/2010 13:17:43 | Computer Name = CHABAUD-653B7B9 | Source = Service Control Manager | ID = 7000 Description = Le service DV AIPTEK CAUET(Video) n'a pas pu démarrer en raison de l'erreur : %%2 Error - 14/10/2010 01:11:03 | Computer Name = CHABAUD-653B7B9 | Source = Service Control Manager | ID = 7000 Description = Le service DV AIPTEK CAUET(Video) n'a pas pu démarrer en raison de l'erreur : %%2 Error - 15/10/2010 10:36:57 | Computer Name = CHABAUD-653B7B9 | Source = Service Control Manager | ID = 7000 Description = Le service DV AIPTEK CAUET(Video) n'a pas pu démarrer en raison de l'erreur : %%2 Error - 15/10/2010 10:58:34 | Computer Name = CHABAUD-653B7B9 | Source = Service Control Manager | ID = 7000 Description = Le service DV AIPTEK CAUET(Video) n'a pas pu démarrer en raison de l'erreur : %%2 Error - 15/10/2010 11:32:26 | Computer Name = CHABAUD-653B7B9 | Source = Service Control Manager | ID = 7000 Description = Le service DV AIPTEK CAUET(Video) n'a pas pu démarrer en raison de l'erreur : %%2 < End of report >

voici l'autre rapport

Code: Tout sélectionner: OTL logfile created on: 15/10/2010 18:54:34 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Utilisateur\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 510,00 Mb Total Physical Memory | 164,00 Mb Available Physical Memory | 32,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 38,33 Gb Total Space | 17,04 Gb Free Space | 44,46% Space Free | Partition Type: NTFS Drive E: | 76,32 Gb Total Space | 58,43 Gb Free Space | 76,56% Space Free | Partition Type: NTFS Computer Name: CHABAUD-653B7B9 | User Name: Utilisateur | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\Utilisateur\Bureau\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\WINDOWS\system32\CSHelper.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA) PRC - C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe () PRC - C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe (Voxmobili) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.) PRC - C:\Program Files\Logitech\SetPoint\KHALMNPR.exe (Logitech Inc.) PRC - C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe () PRC - C:\Program Files\Fichiers communs\PhilipsMM\USBConnectivity.exe (Philips) PRC - C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Documents and Settings\Utilisateur\Bureau\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll () [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (CSHelper) -- C:\WINDOWS\system32\CSHelper.exe () SRV - (FTRTSVC) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA) SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (USBCamera) DV AIPTEK CAUET(Still) -- C:\WINDOWS\System32\Drivers\Bulk536.sys File not found DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found DRV - (Ca536av) DV AIPTEK CAUET(Video) -- C:\WINDOWS\System32\Drivers\Ca536av.sys File not found DRV - (bfastfao) -- C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\bfastfao.sys File not found DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (PCANDIS5) -- C:\WINDOWS\system32\pcandis5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (netrcacm) -- C:\WINDOWS\system32\drivers\netrcacm.sys (Thomson Inc.) DRV - (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.) DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.) DRV - (PCAMPR5) -- C:\WINDOWS\system32\pcampr5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (moufiltr) -- C:\WINDOWS\System32\drivers\MOUFILTR.SYS (Windows (R) 2000 DDK provider) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (USBIO) USBIO Driver (usbio.sys) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll () IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.fr/" FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1,localhost" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/21 14:57:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 16:23:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension [2009/07/10 23:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Extensions [2009/07/10 23:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2010/10/15 17:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\mg3w6zte.default\extensions [2010/08/23 17:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\mg3w6zte.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/08 19:21:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\mg3w6zte.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/08/23 17:35:00 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\mg3w6zte.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2) [2010/10/14 14:15:22 | 000,001,238 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\mg3w6zte.default\searchplugins\facebook.xml [2010/10/15 17:17:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2008/04/14 10:31:08 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/02/02 07:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll [2010/09/17 16:23:42 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2010/09/17 16:23:42 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/09/17 16:23:42 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2009/09/14 19:30:37 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml [2010/09/17 16:23:42 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/09/17 16:23:42 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2008/05/27 23:28:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [/AutoLaunch] C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe () O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe (France Telecom SA) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.) O4 - HKCU..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [YVIBBBHA8C] C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Xk1.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel de Synchronisation Orange.lnk = C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe (Voxmobili) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab (HouseCall Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\kbupdate: DllName - kbupdate.dll - File not found O24 - Desktop WallPaper: C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - Reg Error: Key error. File not found O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\iifCUNFy) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/07/27 16:20:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{d227ade2-4418-11db-aa4b-0013d3e6a310}\Shell - "" = AutoRun O33 - MountPoints2\{ee3d9c8e-3345-11de-82b2-0013d3e6a310}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: SSHNAS - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/10/15 18:50:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Utilisateur\Bureau\OTL.exe [2010/10/15 17:33:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Utilisateur\Recent [2010/10/14 07:14:01 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010/10/14 07:14:01 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010/10/14 07:13:51 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010/10/07 14:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Application Data\freeCompressor [2010/10/07 14:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\freecompressor Air [2010/10/07 14:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\FreeCompressor [2010/10/07 14:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Application Data\OfferBox [2010/09/24 09:04:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [11 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/10/15 18:50:02 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Utilisateur\Bureau\OTL.exe [2010/10/15 18:36:25 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/10/15 18:36:23 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/10/15 18:02:03 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/10/15 17:32:33 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/10/15 17:32:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/10/15 16:36:13 | 000,220,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/10/11 20:56:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/10/10 22:20:46 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/10/10 22:20:45 | 000,173,568 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/07 22:16:47 | 000,503,466 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2010/10/07 22:16:47 | 000,435,488 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/10/07 22:16:47 | 000,081,614 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2010/10/07 22:16:47 | 000,068,384 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/10/07 09:34:58 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/10/03 19:46:37 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Mes documents\LE PLUS GRAND DEFILE DU MONDE.doc [2010/10/03 19:27:53 | 000,000,352 | ---- | M] () -- C:\Documents and Settings\Utilisateur\intlname.ols [2010/09/24 11:44:40 | 000,000,228 | RHS- | M] () -- C:\boot.ini [2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll [2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll [2010/09/18 08:53:24 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll [2010/09/18 08:53:24 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010/09/18 08:53:24 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll [2010/09/18 08:53:24 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2010/09/18 08:53:24 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll [2010/09/18 08:53:24 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [11 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/10/02 18:58:04 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Mes documents\LE PLUS GRAND DEFILE DU MONDE.doc [2010/08/30 19:35:22 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010/01/12 22:32:35 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2010/01/03 18:43:48 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Application Data\DofusAppId3_2 [2010/01/02 12:38:50 | 000,000,205 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Application Data\D2Info3 [2010/01/02 12:38:50 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Application Data\DofusAppId3_1 [2009/05/09 22:17:05 | 000,066,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\gxvxcserv.sys [2008/10/28 17:32:59 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini [2008/09/19 17:07:27 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2008/05/26 15:38:41 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI [2008/05/19 20:53:36 | 002,428,880 | -HS- | C] () -- C:\WINDOWS\System32\lqpswero.ini [2008/05/18 20:50:38 | 002,430,809 | -HS- | C] () -- C:\WINDOWS\System32\krqxnkjg.ini [2008/05/17 13:52:26 | 002,316,574 | -HS- | C] () -- C:\WINDOWS\System32\hjgouhys.ini [2008/05/16 18:38:40 | 002,842,095 | -HS- | C] () -- C:\WINDOWS\System32\qiqmglxn.ini [2008/05/16 18:37:54 | 000,667,747 | -HS- | C] () -- C:\WINDOWS\System32\vGNooUtv.ini [2008/05/16 03:03:59 | 001,867,373 | -HS- | C] () -- C:\WINDOWS\System32\lqjfkqjo.ini [2008/05/15 15:01:36 | 001,570,121 | -HS- | C] () -- C:\WINDOWS\System32\rrrhrqew.ini [2008/05/14 14:22:15 | 001,558,435 | -HS- | C] () -- C:\WINDOWS\System32\xvfiaoal.ini [2008/05/14 14:21:16 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\yFNUCfii.ini [2008/02/01 19:13:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2008/02/01 19:10:51 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX8400DEFGIPS.ini [2007/12/07 17:09:09 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\Polyclip.dll [2007/12/07 17:09:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\RCalcul.dll [2007/12/07 16:05:10 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvGarmin.dll [2007/12/07 16:05:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvMagellan.dll [2007/12/07 16:05:10 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvSena.dll [2007/12/07 16:05:10 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvMlr.dll [2007/12/07 16:05:10 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvLowrance.dll [2007/12/07 16:05:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvSilva.dll [2007/12/07 16:05:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvPyx.dll [2007/12/07 16:05:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvAvmap.dll [2007/12/07 16:05:03 | 000,688,128 | ---- | C] () -- C:\WINDOWS\System32\BCGCB474.dll [2007/12/07 16:05:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\CP30FW.DLL [2007/12/07 16:05:03 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ConversApi.dll [2007/12/07 16:05:03 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\BCGCBResFRA.dll [2007/12/07 16:05:03 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\Ogc.dll [2007/12/07 16:05:03 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\Nmea.dll [2007/10/13 00:20:06 | 000,151,417 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2007/08/09 18:17:08 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini [2006/12/31 16:42:00 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/12/16 20:27:57 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll [2006/12/16 20:27:57 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2006/11/08 08:53:43 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll [2006/11/08 08:53:43 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini [2006/11/08 08:50:21 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini [2006/09/28 16:13:49 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll [2006/09/26 10:07:44 | 000,173,568 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/09/25 19:28:38 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/09/05 16:34:12 | 000,001,143 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini [2006/08/27 18:15:59 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI [2006/08/14 20:17:04 | 000,000,151 | ---- | C] () -- C:\WINDOWS\Ulead32.ini [2006/08/14 13:53:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2006/07/27 17:38:26 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006/07/27 17:06:33 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2004/12/20 12:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2003/04/01 10:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/12/14 23:46:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll [2002/12/14 23:46:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2002/12/14 23:46:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2002/12/14 22:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2002/11/15 14:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll [2002/11/01 17:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini [2002/07/04 16:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini [2001/12/14 14:34:46 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll [1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini [1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/08/09 20:43:51 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008/08/09 20:43:51 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/08/09 20:43:51 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/08/09 20:43:51 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004/08/05 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll [2004/08/05 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll [2004/08/05 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7920E530 < End of report >

EDIT Skynet : balises [code] ajoutées, merci de lire les consignes en haut du sujet !

bernard53 · le 15 Oct 2010 19:25

ok fait ceci.* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case " Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:OTL
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
DRV - (USBCamera) DV AIPTEK CAUET(Still) -- C:\WINDOWS\System32\Drivers\Bulk536.sys File not found
DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
DRV - (Ca536av) DV AIPTEK CAUET(Video) -- C:\WINDOWS\System32\Drivers\Ca536av.sys File not found
DRV - (bfastfao) -- C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\bfastfao.sys File not found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
(Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
:Files
C:\WINDOWS\System32\drivers\gxvxcserv.sys
:Commands
[emptytemp]

* Cliques sur l'icône Correction (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Ensuite fait ceci.

Télécharge ComboFix <ICI>>

Pour les Utilisateurs de VISTA: Clic-droit et choisis "Exécuter en tant qu'administrateur".
Pour VISTA : pas d'installation de la console de récupération.

>> Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée.

Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir préinstallée sur votre PC avant toute suppression de nuisibles.
Elle permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.

Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela est demandé, accepte le Contrat de Licence Utilisateur Final pour l'installer.
>> Une fois sur ton bureau double clique dessus pour le lancer.
Note importante : Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

Lorsque le scan sera complet, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt

>>Ne pas cliquer dans la fenêtre de Combofix durant l’analyse, ceci provoquerait le gel du programme

et ceci.

>>Télécharge Winsockxpfix sur ton bureau et passe à la suite.

si a tout hasard ta connexion internet n'est plus active après le redémarrage du pc fait cela pour la réparer...

Fait un double clic sur l'icône de WinsockXPFix.

>>clique sur "Fix" > et si ton pc ne redémarre pas,redémarre le manuellement.

N'oublies pas ceci pour afficher tes rapports s.t.p

Code :

krolo · le 15 Oct 2010 21:06

Code: Tout sélectionner: All processes killed Error: Unable to interpret <PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)> in the current context! Error: Unable to interpret <SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)> in the current context! Error: Unable to interpret <DRV - (USBCamera) DV AIPTEK CAUET(Still) -- C:\WINDOWS\System32\Drivers\Bulk536.sys File not found> in the current context! Error: Unable to interpret <DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found> in the current context! Error: Unable to interpret <DRV - (Ca536av) DV AIPTEK CAUET(Video) -- C:\WINDOWS\System32\Drivers\Ca536av.sys File not found> in the current context! Error: Unable to interpret <DRV - (bfastfao) -- C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\bfastfao.sys File not found> in the current context! Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)> in the current context! Error: Unable to interpret <O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)> in the current context! Error: Unable to interpret <O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll> in the current context! Error: Unable to interpret <(Spigot, Inc.)> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)> in the current context! ========== FILES ========== C:\WINDOWS\System32\drivers\gxvxcserv.sys moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users ->Temp folder emptied: 3186616 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 38784 bytes User: KVIN User: KéVIN ->Temp folder emptied: 50926697 bytes ->Temporary Internet Files folder emptied: 99944164 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 56144188 bytes ->Flash cache emptied: 100585 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 5864511 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49554 bytes User: Utilisateur ->Temp folder emptied: 209244 bytes ->Temporary Internet Files folder emptied: 588830 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 34248818 bytes ->Flash cache emptied: 456 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2134509 bytes %systemroot%\System32 .tmp files removed: 2676224 bytes %systemroot%\System32\dllcache .tmp files removed: 2473760 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 844 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91203636 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 334,00 mb OTL by OldTimer - Version 3.2.15.2 log created on 10152010_215705 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...

EDIT :

Code: Tout sélectionner: ComboFix 10-10-14.04 - Utilisateur 15/10/2010 22:18:12.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.510.151 [GMT 2:00] Lancé depuis: c:\documents and settings\Utilisateur\Bureau\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Software Licensors c:\documents and settings\KéVIN\Application Data\WeatherDPA c:\documents and settings\Utilisateur\Application Data\PCPrivacyCleaner c:\documents and settings\Utilisateur\Application Data\PCPrivacyCleaner\Logs\scns.log c:\program files\BurstWriting c:\program files\BurstWriting\uninstall.dat c:\program files\BurstWriting\Uninstall.exe c:\program files\pdfforge Toolbar\IE\1.1.2\pdFForgetoolbarie.dll c:\program files\pdfforge Toolbar\SearchSettings.dll c:\windows\patch.exe c:\windows\system32\404Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\hjgouhys.ini c:\windows\system32\IEDFix.exe c:\windows\system32\kboem32.dat c:\windows\system32\krqxnkjg.ini c:\windows\system32\lqjfkqjo.ini c:\windows\system32\lqpswero.ini c:\windows\system32\qiqmglxn.ini c:\windows\system32\rrrhrqew.ini c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\vGNooUtv.ini c:\windows\system32\WS2Fix.exe c:\windows\system32\xvfiaoal.ini . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ND -------\Legacy_NDISRD -------\Legacy_SSHNAS -------\Service_ndisrd ((((((((((((((((((((((((((((( Fichiers créés du 2010-09-15 au 2010-10-15 )))))))))))))))))))))))))))))))))))) . 2010-10-15 19:57 . 2010-10-15 19:57 -------- dc----w- C:\_OTL 2010-10-14 05:14 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-10-14 05:14 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-14 05:13 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2010-10-07 12:06 . 2010-10-07 12:06 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\freeCompressor 2010-10-07 12:06 . 2010-10-07 12:10 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\freecompressor Air 2010-10-07 12:05 . 2010-10-07 12:11 -------- d-----w- c:\program files\FreeCompressor 2010-10-07 12:05 . 2010-10-07 12:13 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\OfferBox . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-01 67128] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 68856] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 1957888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-03-24 45056] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624] "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-07 974848] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Logiciel de Synchronisation Orange.lnk - c:\program files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe [2009-5-6 684032] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-1 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-9-4 581632] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\eChanblard\\emule.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [08/04/2008 09:19 165584] R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 00:51 380928] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/04/2008 09:19 17744] R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [24/07/2009 17:29 266240] S1 UsbFltr;WayTechUSBFilterDriver; [x] S2 Ca536av;DV AIPTEK CAUET(Video);c:\windows\system32\Drivers\Ca536av.sys --> c:\windows\system32\Drivers\Ca536av.sys [?] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/02/2010 01:39 135664] S3 bfastfao;bfastfao;\??\c:\docume~1\UTILIS~1\LOCALS~1\Temp\bfastfao.sys --> c:\docume~1\UTILIS~1\LOCALS~1\Temp\bfastfao.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contenu du dossier 'Tâches planifiées' 2010-10-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13] 2010-10-15 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-24 11:24] 2010-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 23:38] 2010-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 23:38] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\mg3w6zte.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - component: c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\mg3w6zte.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHELINS SUPPRIMES - - - - URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file) . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-790525478-1844823847-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:8f,74,2a,69,b9,3f,8b,29,0c,d4,f1,c0,d9,f5,6a,d8,70,a7,bb,09,09,cd,3e, 32,38,67,e8,a0,76,4a,c3,a3,a7,e5,0b,cf,c9,1f,6f,1b,f0,8f,78,9e,71,dd,18,a5,\ "??"=hex:83,01,6a,b0,ca,69,b1,9b,07,f9,73,44,83,5f,f3,ee . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2688) c:\program files\Logitech\SetPoint\lgscroll.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Canon\CAL\CALMAIN.exe c:\progra~1\FICHIE~1\PHILIP~1\USBCON~1.EXE c:\program files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe c:\program files\Logitech\SetPoint\KHALMNPR.EXE c:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE . ************************************************************************** . Heure de fin: 2010-10-15 22:32:24 - La machine a redémarré ComboFix-quarantined-files.txt 2010-10-15 20:32 Avant-CF: 18 534 686 720 octets libres Après-CF: 18 457 038 848 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /usepmtimer - - End Of File - - 148F1DD23F206C9F7B5903E417C8C726

EDIT Bis :

je m'excuse dois etre blonde mais je ne comprends pas ce que cela veut dire bb code ni comment afficher correctement les rapports désolée

EDIT Ter :

je viens de terminer derniere manip ,je n ai pas eu de rapport à poster
bonne nuit à demain dis moi s'il y a qqchose à faire d'autre merci bcp

EDIT Skynet : balises [code] ajoutées et corrigées & messages fusionnés.

Skynet · le 16 Oct 2010 00:01

Bonsoir,

pour le BBCode, il suffit juste d'écrire une fois le mot [code] en début de rapport et par contre [/code] à la fin de ce même rapport.

bernard53 · le 16 Oct 2010 09:18

krolo fait ceci maintenant s.t.p

Ouvre le Menu Démarrer > Exécuter (Touche Windows+ R : en raccourci)

Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :

fsutil file createnew "%userprofile%\bureau\CFScript.txt" 0

Puis valide

2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation :

File::
c:\program files\pdfforge Toolbar
c:\program files\Application Updater
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-

Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture:

Une fenêtre bleue va apparaître et ComboFix vas de nouveau faire une analyse.

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Après dis moi comment va ton pc

PS::
mets ta version de java à jour .

** Télécharge JavaRA

**Aide en images
Pour Vista : Clic-droit sur setup et choisis "Exécuter en tant qu'administrateur".

krolo · le 16 Oct 2010 17:46

Code: Tout sélectionner: ComboFix 10-10-14.04 - Utilisateur 16/10/2010 18:22:58.3.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.510.204 [GMT 2:00] Lancé depuis: c:\documents and settings\Utilisateur\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Utilisateur\Bureau\CFScript.txt AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\program files\Application Updater" "c:\program files\pdfforge Toolbar" . ((((((((((((((((((((((((((((( Fichiers créés du 2010-09-16 au 2010-10-16 )))))))))))))))))))))))))))))))))))) . 2010-10-15 19:57 . 2010-10-15 19:57 -------- dc----w- C:\_OTL 2010-10-14 05:14 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-10-14 05:14 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-14 05:13 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2010-10-07 12:06 . 2010-10-07 12:06 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\freeCompressor 2010-10-07 12:06 . 2010-10-07 12:10 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\freecompressor Air 2010-10-07 12:05 . 2010-10-07 12:11 -------- d-----w- c:\program files\FreeCompressor 2010-10-07 12:05 . 2010-10-07 12:13 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\OfferBox . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-01 67128] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 68856] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 1957888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-03-24 45056] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Logiciel de Synchronisation Orange.lnk - c:\program files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe [2009-5-6 684032] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-1 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-9-4 581632] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\eChanblard\\emule.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [08/04/2008 09:19 165584] R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 00:51 380928] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/04/2008 09:19 17744] S1 UsbFltr;WayTechUSBFilterDriver; [x] S2 Ca536av;DV AIPTEK CAUET(Video);c:\windows\system32\Drivers\Ca536av.sys --> c:\windows\system32\Drivers\Ca536av.sys [?] S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [24/07/2009 17:29 266240] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/02/2010 01:39 135664] S3 bfastfao;bfastfao;\??\c:\docume~1\UTILIS~1\LOCALS~1\Temp\bfastfao.sys --> c:\docume~1\UTILIS~1\LOCALS~1\Temp\bfastfao.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contenu du dossier 'Tâches planifiées' 2010-10-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13] 2010-10-16 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-24 11:24] 2010-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 23:38] 2010-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 23:38] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\mg3w6zte.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - component: c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\mg3w6zte.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-790525478-1844823847-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:8f,74,2a,69,b9,3f,8b,29,0c,d4,f1,c0,d9,f5,6a,d8,70,a7,bb,09,09,cd,3e, 32,38,67,e8,a0,76,4a,c3,a3,a7,e5,0b,cf,c9,1f,6f,1b,f0,8f,78,9e,71,dd,18,a5,\ "??"=hex:83,01,6a,b0,ca,69,b1,9b,07,f9,73,44,83,5f,f3,ee . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(324) c:\program files\Logitech\SetPoint\lgscroll.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Heure de fin: 2010-10-16 18:30:42 ComboFix-quarantined-files.txt 2010-10-16 16:30 ComboFix2.txt 2010-10-15 20:32 Avant-CF: 18 334 638 080 octets libres Après-CF: 18 350 403 584 octets libres - - End Of File - - 5CCB04538DFD74C7089DED7A31B88170

bernard53 · le 16 Oct 2010 17:51

ok comment va ton pc maintenant?

krolo · le 16 Oct 2010 18:22

en faisant combo fix mon ordi s"est éteint tout seul je l'ai donc redémarré et refait la manip
qu'en penses tu??

bernard53 · le 17 Oct 2010 15:57

C'est normal pour le redémarrage :wink:

de ton coté comment cela va?

krolo · le 17 Oct 2010 18:09

tout à l'air ok il a bien tourné aujourd'hui merci

win32rootkit-gen trouvé avec avast

win32rootkit-gen trouvé avec avast

Re: win32rootkit-gen trouvé avec avast

Re: win32rootkit-gen trouvé avec avast

Re: win32rootkit-gen trouvé avec avast

Re: win32rootkit-gen trouvé avec avast

Re: win32rootkit-gen trouvé avec avast

Re: win32rootkit-gen trouvé avec avast

Re: win32rootkit-gen trouvé avec avast

Re: win32rootkit-gen trouvé avec avast

Re: win32rootkit-gen trouvé avec avast

Re: win32rootkit-gen trouvé avec avast

Sujets similaires

Qui est en ligne