Your computer is infected+malwarebytes bloqué

Sebb -  
 Sebb -
Bonjour,

Je suis bloqué par un virus qui m'affiche un fond d'ecran noir me disant "your computer is infected" en rouge et je ne peux pas lancer malwarebytes. Maintenant mon ecran est devenu tout noir et je n'ai plus d'icones. Dc jai redémarré et maintenant jai recupéré mon fond d'ecran original mais tjs pas d'icones... Je ne peux donc rien faire .....

S'il vous plait aidez moi.

Merci d'avance

Ps : a la base j'avais un virus nommée Security Tool et un site disait de prendre Spyhunter mais apparement c'est un virus aussi ....

16 réponses

  1. Xplode Messages postés 9212 Statut Contributeur sécurité 726
     
    Bonsoir,

    Redémarre ton PC en mode sans échec avec prise en charge réseau puis fais ceci :

    -+-+-+-+-> ZHPDiag <-+-+-+-+-

    [x] Nous allons effectuer un diagnostic de ton ordinateur, pour ce faire, télécharge ZHPDiag ( de Nicolas Coolman ).

    [x] Exécute l'installateur -> /!\ Coche la case " créer une icône sur le bureau " /!\

    [x] Lance le en double cliquant sur l'icône ZHPDiag qui se trouve sur ton bureau ( Sous Vista/Seven : Clic droit sur l'icône -> " Exécuter en tant qu'administrateur " )

    [x] Clique sur l'icône en forme de loupe en haut à gauche ( Lancer le diagnostic ).

    [x] Une fois l'analyse terminée, clique sur l'icône en forme de disquette bleue puis sauvegarde le fichier sur ton bureau.

    [x] Rend toi sur cjoint puis clique sur " Parcourir ".

    [x] Sélectionne le fichier ZHPDiag.txt présent sur ton bureau, puis clique sur " Ouvrir ".

    [x] Clique ensuite sur " Créer le lien cjoint " puis copie/colle dans ta prochaine réponse le lien créé.
    0
    1. Sebb
       
      Bonsoir Xplode et merci pour ton aide!

      Mm en mode sans echec avec prise en charge du reseau je n'ai pas dicones ni de barre de lancement...
      Jai deja tenté la manip 2 fois
      0
    2. Xplode Messages postés 9212 Statut Contributeur sécurité 726
       
      Si tu fais CTRL + ALT + SUPPR -> Onglet [Applications] -> Nouvelle tâche puis tape " explorer.exe " ( sans les guillemets ) et valide par [Ok].

      Tu as accès à ton bureau de cette façon?
      0
    3. Sebb
       
      non pas d'acces cela affiche un message d'erreur : " windows ne parvient pas a acceder au peripherique, au chemin dacces ou au fichier spécifié, vous ne disposez peut etre pas des autorisations appropriées pour avoir acces a lelement"
      0
  2. Xplode Messages postés 9212 Statut Contributeur sécurité 726
     
    Ok, fais ceci alors :

    -+-+-+-+-> OTLPENet <-+-+-+-+-

    Note : Ce fichier est assez volumineux, on utilisera donc ton lecteur CD/DVD et un CD vierge sur ta machine.
    Un Périphérique USB serait pratique également.

    [x] Télécharge OTLPENet sur ton bureau.

    [x] Insère dans ton lecteur/graveur CD/DVD , un CD vierge puis lance OTLPENet.

    [x] Une fenêtre s'ouvrira pour te demander si tu souhaites graver le CD, clique sur [Oui].

    [x] Patiente pendant la gravure. Une fois le CD gravé, insère le dans le lecteur CD/DVD du PC infecté.

    Note : Maintenant que le CD est gravé, il faut faire redémarrer le PC sur le lecteur CDROM.
    Un tutoriel est disponible ici.

    [x] Une fois le CD lancé, Windows se charge et tu arrives sur le bureau REATOGO-X-PE

    [x] Double clique sur OTLPE

    [x] Une fenêtre s'ouvre : Do you wish to load the remote registry , Clique sur [YES].
    [x] Une seconde : Do you wish to load remote user profile(s) for scanning , Clique sur [YES].
    [x] Veille à ce que la case Automatically Load All Remaining Users soit cochée et appuye sur [OK].

    [x] OTL va se lancer. Dans la partie " Custom Scan " , copie/colle le texte en gras ci dessous :


    netsvcs
    drivers32
    msconfig
    safebootminimal
    safebootnetwork
    activex
    c:\windows\*.* /U
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /s
    reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
    reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
    HKLM\SOFTWARE\Microsoft\Internet Explorer|FEATURE_BROWSER_EMULATION /RS
    HKCU\SOFTWARE\Microsoft\Internet Explorer|FEATURE_BROWSER_EMULATION /RS


    [x] Clique sur [Run Scan] pour démarrer l'analyse.

    [x] Une fois l'analyse terminée, le fichier est sauvegardé sur ton disque dur C:\OTL.txt.

    [x] Copies le fichier sur une clé usb si tu n'as pas accès à Internet.

    [x] Poste le contenu du rapport OTL.txt dans ta prochaine réponse.
    0
    1. Sebb
       
      merci bcp voici le contenu

      OTL logfile created on: 9/25/2010 8:20:08 PM - Run
      OTLPE by OldTimer - Version 3.1.42.0 Folder = X:\Programs\OTLPE
      Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
      Internet Explorer (Version = 6.0.2900.2180)
      Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

      2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
      2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
      Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
      Drive C: | 34.46 Gb Total Space | 24.21 Gb Free Space | 70.26% Space Free | Partition Type: NTFS
      Drive D: | 465.75 Gb Total Space | 157.20 Gb Free Space | 33.75% Space Free | Partition Type: NTFS
      E: Drive not present or media not loaded
      F: Drive not present or media not loaded
      G: Drive not present or media not loaded
      H: Drive not present or media not loaded
      I: Drive not present or media not loaded
      Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

      Computer Name: REATOGO
      Current User Name: SYSTEM
      Logged in as Administrator.

      Current Boot Mode: Normal
      Scan Mode: All users
      Company Name Whitelist: Off
      Skip Microsoft Files: Off
      File Age = 30 Days
      Output = Standard
      Using ControlSet: ControlSet001

      [color=#E56717]========== Win32 Services (SafeList) ==========/color

      SRV - File not found [Auto] -- -- (userinit)
      SRV - [2010/09/25 10:21:22 | 000,729,600 | ---- | M] (pdvabgmsvt Corporation) [Auto] -- C:\WINDOWS\system32\dlo508.dll -- (xkgvuusd)
      SRV - [2010/06/10 15:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
      SRV - [2009/08/24 06:22:34 | 000,069,632 | ---- | M] (France Telecom SA) [Auto] -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
      SRV - [2009/07/21 08:33:58 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
      SRV - [2009/07/20 06:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
      SRV - [2009/06/02 14:56:10 | 002,862,428 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
      SRV - [2009/05/13 10:47:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
      SRV - [2006/10/26 13:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
      SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
      SRV - [2006/09/08 07:12:50 | 000,172,032 | ---- | M] () [Auto] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
      SRV - [2006/09/08 07:10:42 | 000,172,090 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
      SRV - [2005/04/03 19:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
      SRV - [2004/09/29 07:14:36 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


      [color=#E56717]========== Driver Services (SafeList) ==========/color

      DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
      DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
      DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
      DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
      DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
      DRV - File not found [Kernel | System] -- -- (PCIDump)
      DRV - File not found [Kernel | System] -- -- (lbrtfdc)
      DRV - File not found [Kernel | System] -- -- (i2omgmt)
      DRV - File not found [Kernel | System] -- -- (Changer)
      DRV - [2009/11/25 06:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
      DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
      DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
      DRV - [2009/06/17 12:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
      DRV - [2009/05/11 04:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
      DRV - [2009/03/30 04:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
      DRV - [2009/03/27 18:03:00 | 006,280,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
      DRV - [2009/02/13 06:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
      DRV - [2009/02/09 06:20:30 | 000,012,800 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\mvb35316.sys -- (mvb35316)
      DRV - [2008/10/03 07:49:19 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
      DRV - [2007/01/15 21:09:06 | 000,293,888 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
      DRV - [2006/12/08 05:06:00 | 000,139,776 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\adidts.sys -- (ADIDTSFiltService)
      DRV - [2006/09/21 03:39:16 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
      DRV - [2006/08/07 04:39:24 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
      DRV - [2006/08/07 04:39:22 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
      DRV - [2006/08/07 04:39:14 | 000,110,080 | R--- | M] (NVIDIA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)
      DRV - [2006/03/01 13:53:54 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
      DRV - [2004/10/27 09:21:36 | 000,138,240 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
      DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
      DRV - [2004/08/05 08:00:00 | 000,036,352 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
      DRV - [2003/09/23 05:38:34 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)
      DRV - [2003/05/07 21:00:00 | 000,090,357 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\P1130Vid.sys -- (P1130VID)


      [color=#E56717]========== Standard Registry (SafeList) ==========/color


      [color=#E56717]========== Internet Explorer ==========/color

      IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\Administrateur_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      IE - HKU\Administrateur_ON_C\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll ()
      IE - HKU\Administrateur_ON_C\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
      IE - HKU\Administrateur_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



      IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      [color=#E56717]========== FireFox ==========/color

      FF - prefs.js..browser.startup.homepage: "https://www.orange.fr/portail"
      FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
      FF - prefs.js..network.proxy.type: 0

      FF - user.js..network.proxy.type: 0

      FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/09/16 17:57:11 | 000,000,000 | ---D | M]
      FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/09/16 17:57:11 | 000,000,000 | ---D | M]

      [2008/10/01 14:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
      [2010/07/26 08:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\4h4ajqg5.default\extensions
      [2009/09/16 12:22:58 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\4h4ajqg5.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}(2)

      O1 HOSTS File: ([2004/08/05 08:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O2 - BHO: () - {0812B01A-403F-4FED-B419-E22B97A8407A} - C:\WINDOWS\system32\dlo508.dll (pdvabgmsvt Corporation)
      O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
      O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
      O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
      O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
      O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
      O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
      O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
      O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
      O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
      O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
      O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
      O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe (France Telecom SA)
      O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.)
      O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
      O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
      O4 - HKU\Administrateur_ON_C..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
      O4 - HKU\Administrateur_ON_C..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe File not found
      O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
      O4 - HKU\Administrateur_ON_C..\RunOnce: [098352] C:\Documents and Settings\Administrateur\Local Settings\Application Data\098352.exe ()
      O4 - HKU\Administrateur_ON_C..\RunOnce: [91316066] C:\Documents and Settings\Administrateur\Local Settings\Application Data\91316066.exe ()
      O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Enregistrement de produit Logitech.lnk = C:\Program Files\Fichiers communs\LogiShared\eReg\SetPoint\eReg.exe File not found
      O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
      O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
      O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
      O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
      O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
      O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
      O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
      O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe ()
      O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
      O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
      O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
      O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
      O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2008/10/01 11:54:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
      O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
      O33 - MountPoints2\{76de6642-8fde-11dd-8fd4-806d6172696f}\Shell - "" = AutoRun
      O33 - MountPoints2\{76de6642-8fde-11dd-8fd4-806d6172696f}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
      O34 - HKLM BootExecute: (autocheck autochk *) - File not found
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*

      NetSvcs: 6to4 - File not found
      NetSvcs: Ias - File not found
      NetSvcs: Iprip - File not found
      NetSvcs: Irmon - File not found
      NetSvcs: xkgvuusd - C:\WINDOWS\system32\dlo508.dll (pdvabgmsvt Corporation)
      NetSvcs: NWCWorkstation - File not found
      NetSvcs: Nwsapagent - File not found
      NetSvcs: WmdmPmSp - File not found

      Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
      Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
      Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
      Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/
      Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
      Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
      Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
      Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
      Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
      Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
      Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
      Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
      Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
      Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
      Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
      Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
      Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

      MsConfig - State: "system.ini" - 0
      MsConfig - State: "win.ini" - 0
      MsConfig - State: "bootini" - 2
      MsConfig - State: "services" - 0
      MsConfig - State: "startup" - 0

      SafeBootMin: Base - Driver Group
      SafeBootMin: Boot Bus Extender - Driver Group
      SafeBootMin: Boot file system - Driver Group
      SafeBootMin: File system - Driver Group
      SafeBootMin: Filter - Driver Group
      SafeBootMin: PCI Configuration - Driver Group
      SafeBootMin: PNP Filter - Driver Group
      SafeBootMin: Primary disk - Driver Group
      SafeBootMin: SCSI Class - Driver Group
      SafeBootMin: sermouse.sys - Driver
      SafeBootMin: System Bus Extender - Driver Group
      SafeBootMin: vga.sys - Driver
      SafeBootMin: WdfLoadGroup -
      SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
      SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
      SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
      SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
      SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
      SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
      SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
      SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
      SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
      SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
      SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
      SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
      SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

      SafeBootNet: Base - Driver Group
      SafeBootNet: Boot Bus Extender - Driver Group
      SafeBootNet: Boot file system - Driver Group
      SafeBootNet: File system - Driver Group
      SafeBootNet: Filter - Driver Group
      SafeBootNet: NDIS Wrapper - Driver Group
      SafeBootNet: NetBIOSGroup - Driver Group
      SafeBootNet: NetDDEGroup - Driver Group
      SafeBootNet: Network - Driver Group
      SafeBootNet: NetworkProvider - Driver Group
      SafeBootNet: PCI Configuration - Driver Group
      SafeBootNet: PNP Filter - Driver Group
      SafeBootNet: PNP_TDI - Driver Group
      SafeBootNet: Primary disk - Driver Group
      SafeBootNet: SCSI Class - Driver Group
      SafeBootNet: sermouse.sys - Driver
      SafeBootNet: Streams Drivers - Driver Group
      SafeBootNet: System Bus Extender - Driver Group
      SafeBootNet: TDI - Driver Group
      SafeBootNet: vga.sys - Driver
      SafeBootNet: WdfLoadGroup -
      SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
      SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
      SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
      SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
      SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
      SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
      SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
      SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
      SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
      SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
      SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
      SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
      SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
      SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
      SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
      SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
      SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
      SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

      ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
      ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
      ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
      ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
      ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
      ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
      ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
      ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Logiciel de navigation hors connexion
      ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
      ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
      ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
      ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
      ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
      ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
      ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Aide sur Internet Explorer
      ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
      ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
      ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
      ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
      ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Outils d'installation Internet Explorer
      ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Améliorations pour la navigation
      ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
      ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Accès au site MSN
      ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
      ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
      ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
      ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
      ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
      ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
      ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Liaison de données Dynamic HTML
      ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
      ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Polices de base Internet Explorer
      ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
      ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
      ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player 9 ActiveX
      ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - Aide HTML
      ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
      ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
      ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
      ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
      ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

      [color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

      [2010/09/25 12:42:10 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
      [2010/09/25 12:04:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\Recent
      [2010/09/25 11:56:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
      [2010/09/25 11:56:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
      [2010/09/25 11:56:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
      [2010/09/25 11:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
      [2010/09/25 10:21:22 | 000,729,600 | ---- | C] (pdvabgmsvt Corporation) -- C:\WINDOWS\System32\dlo508.dll
      [2010/09/25 10:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
      [2010/09/25 10:01:18 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\UserData
      [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

      [color=#E56717]========== Files - Modified Within 30 Days ==========/color

      [2010/09/25 13:09:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
      [2010/09/25 13:09:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
      [2010/09/25 13:00:39 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
      [2010/09/25 13:00:39 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
      [2010/09/25 13:00:35 | 005,132,288 | ---- | M] () -- C:\Documents and Settings\Administrateur\ntuser.dat
      [2010/09/25 13:00:35 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Administrateur\ntuser.ini
      [2010/09/25 12:30:56 | 000,923,532 | ---- | M] () -- C:\WINDOWS\System32\nvdb02.adghz
      [2010/09/25 12:11:15 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
      [2010/09/25 11:58:30 | 000,196,646 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
      [2010/09/25 10:36:13 | 000,978,944 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\098352.exe
      [2010/09/25 10:36:11 | 000,978,944 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\91316066.exe
      [2010/09/25 10:21:22 | 000,729,600 | ---- | M] (pdvabgmsvt Corporation) -- C:\WINDOWS\System32\dlo508.dll
      [2010/09/25 09:42:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
      [2010/09/19 16:00:03 | 000,147,968 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2010/08/31 15:19:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
      [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

      [color=#E56717]========== Files Created - No Company Name ==========/color

      [2010/09/25 12:05:03 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
      [2010/09/25 10:36:13 | 000,978,944 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\098352.exe
      [2010/09/25 10:36:11 | 000,978,944 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\91316066.exe
      [2009/09/14 16:59:44 | 005,132,288 | ---- | C] () -- C:\Documents and Settings\Administrateur\ntuser.dat
      [2009/08/19 17:35:08 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\setup_ldm.iss
      [2009/03/05 09:04:28 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
      [2008/10/16 17:16:05 | 000,001,332 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\QuickZip45.ini
      [2008/10/01 17:10:41 | 000,147,968 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2008/10/01 15:03:59 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
      [2008/10/01 15:03:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
      [2008/10/01 15:03:58 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
      [2008/10/01 15:03:58 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
      [2008/10/01 15:03:58 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
      [2008/10/01 15:03:58 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
      [2008/10/01 15:03:58 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
      [2008/10/01 14:28:42 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
      [2008/10/01 14:28:42 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
      [2008/10/01 14:28:41 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
      [2008/10/01 14:28:41 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
      [2008/10/01 14:28:39 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
      [2008/10/01 14:09:16 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
      [2008/10/01 14:09:16 | 000,000,400 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
      [2008/10/01 14:08:56 | 000,026,448 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
      [2008/10/01 14:08:17 | 000,026,269 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
      [2008/10/01 14:08:17 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
      [2008/10/01 14:08:03 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
      [2008/10/01 11:56:48 | 000,565,248 | -H-- | C] () -- C:\Documents and Settings\Administrateur\ntuser.dat.LOG
      [2008/10/01 11:56:48 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\Administrateur\ntuser.ini
      [2008/10/01 11:56:42 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
      [2008/10/01 11:56:42 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
      [2008/10/01 11:56:42 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
      [2008/10/01 11:56:24 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
      [2008/10/01 11:56:24 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
      [2008/10/01 11:56:24 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
      [2004/08/05 08:00:00 | 000,273,664 | ---- | C] () -- C:\WINDOWS\System32\msiyqyon.dll
      [2004/08/05 08:00:00 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\disk.sys
      [2004/08/05 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
      [2004/08/05 08:00:00 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\mvb35316.sys
      [2001/07/06 10:30:00 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

      [color=#E56717]========== LOP Check ==========/color

      [2008/10/04 10:20:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrateur\Application Data\.#
      [2010/09/25 10:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\BitTorrent
      [2008/12/10 19:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\BSplayer
      [2008/10/01 15:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\BSplayer Pro
      [2008/10/03 07:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\DAEMON Tools
      [2010/09/25 12:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\DNA
      [2009/07/15 13:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\GetRightToGo
      [2010/08/20 09:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Image Zone Express
      [2009/08/19 17:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Leadertech
      [2009/11/24 17:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\MSNInstaller
      [2009/09/29 09:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org
      [2009/03/05 10:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\pdfforge
      [2009/03/05 10:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Search Settings

      [color=#E56717]========== Purity Check ==========/color



      [color=#E56717]========== Custom Scans ==========/color


      [color=#A23BEC]< c:\windows\*.* /U >/color
      [5 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

      [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >/color

      Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

      Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

      Invalid Environment Variable: %APPDATA%\*.

      Invalid Environment Variable: %APPDATA%\*.exe

      [color=#A23BEC]< %systemroot%\*. /mp /s >/color

      [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >/color
      [2008/06/20 13:41:06 | 000,148,992 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\WINDOWS\system32\dnsapi.dll
      [2004/08/05 08:00:00 | 000,281,600 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\WINDOWS\system32\mstask.dll
      [2004/08/05 08:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\WINDOWS\system32\ntdsapi.dll
      [2009/03/02 19:50:51 | 001,496,064 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\WINDOWS\system32\shdocvw.dll
      [2008/07/03 09:15:39 | 008,510,976 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\WINDOWS\system32\shell32.dll
      [6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

      [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >/color

      [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >/color

      [color=#A23BEC]< %systemroot%\System32\config\*.sav >/color
      [2008/10/01 13:43:29 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
      [2008/10/01 13:43:29 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
      [2008/10/01 13:43:29 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

      [color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >/color
      "CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004/08/05 08:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
      "BitTorrent DNA" = "C:\Program Files\DNA\btdna.exe" -- [2009/11/13 03:00:30 | 000,323,392 | ---- | M] (BitTorrent, Inc.)
      "MsnMsgr" = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background -- File not found

      [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /s >/color
      "SoundMAXPnP" = C:\Program Files\Analog Devices\Core\smax4pnp.exe -- [2006/12/18 09:34:36 | 000,868,352 | R--- | M] (Analog Devices, Inc.)
      "SoundMAX" = "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray -- [2006/07/13 01:12:26 | 000,729,088 | ---- | M] (Analog Devices, Inc.)
      "NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup -- [2009/03/27 18:03:00 | 013,684,736 | ---- | M] (NVIDIA Corporation)
      "nwiz" = nwiz.exe /install -- [2009/03/27 18:03:00 | 001,657,376 | ---- | M] ()
      "GrooveMonitor" = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" -- [2006/10/26 18:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation)
      "HP Software Update" = D:\Program Files\HP\HP Software Update\HPWuSchd2.exe -- [2005/05/11 18:12:54 | 000,049,152 | ---- | M] (Hewlett-Packard Co.)
      "SearchSettings" = C:\Program Files\pdfforge Toolbar\SearchSettings.exe -- [2009/01/30 11:22:40 | 000,992,256 | ---- | M] (GreenTree Applications, Inc.)
      "Adobe Reader Speed Launcher" = "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" -- [2009/02/27 11:10:28 | 000,035,696 | ---- | M] (Adobe Systems Incorporated)
      "SunJavaUpdateSched" = "C:\Program Files\Java\jre6\bin\jusched.exe" -- [2009/05/12 05:58:52 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.)
      "NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit -- [2009/03/27 18:03:00 | 000,086,016 | ---- | M] (NVIDIA Corporation)
      "AppleSyncNotifier" = C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe -- [2010/07/13 09:10:30 | 000,047,904 | ---- | M] (Apple Inc.)
      "avgnt" = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min -- [2009/03/02 07:08:11 | 000,209,153 | ---- | M] (Avira GmbH)
      "ORAHSSSessionManager" = "C:\Program Files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe" -- [2009/08/24 06:22:58 | 000,135,920 | ---- | M] (France Telecom SA)
      "Kernel and Hardware Abstraction Layer" = KHALMNPR.EXE -- [2009/06/17 12:55:10 | 000,055,824 | ---- | M] (Logitech, Inc.)
      "QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime -- [2010/03/18 16:16:10 | 000,421,888 | ---- | M] (Apple Inc.)
      "iTunesHelper" = "D:\Program Files\iTunes\iTunesHelper.exe" -- [2010/07/21 09:53:04 | 000,141,608 | ---- | M] (Apple Inc.)
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
      "" =
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
      "Installed" = 1
      "" =
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
      "NoChange" = 1
      "Installed" = 1
      "" =
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
      "Installed" = 1
      "" =

      [color=#A23BEC]< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >/color
      ! REG.EXE VERSION 3.0
      HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
      IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

      [color=#A23BEC]< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >/color
      ! REG.EXE VERSION 3.0
      HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
      IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

      [color=#A23BEC]< HKLM\SOFTWARE\Microsoft\Internet Explorer|FEATURE_BROWSER_EMULATION /RS >/color

      [color=#A23BEC]< HKCU\SOFTWARE\Microsoft\Internet Explorer|FEATURE_BROWSER_EMULATION /RS >/color

      [color=#E56717]========== Files - Unicode (All) ==========/color
      [2004/08/05 08:00:00 | 000,131,072 | ---- | M] ()(C:\WINDOWS\System32\us?rinit.exe) -- C:\WINDOWS\System32\us?rinit.exe
      [2004/08/05 08:00:00 | 000,131,072 | ---- | C] ()(C:\WINDOWS\System32\us?rinit.exe) -- C:\WINDOWS\System32\us?rinit.exe
      < End of report >
      0
  3. Xplode Messages postés 9212 Statut Contributeur sécurité 726
     
    Ok.

    Relance OTLPENet et copie/colle le texte ci-dessous sous l'encadré [Custom Fix] :

    :OTL
    IE - HKU\Administrateur_ON_C\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
    O2 - BHO: () - {0812B01A-403F-4FED-B419-E22B97A8407A} - C:\WINDOWS\system32\dlo508.dll (pdvabgmsvt Corporation)
    O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
    O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
    O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.)
    O4 - HKU\Administrateur_ON_C..\RunOnce: [098352] C:\Documents and Settings\Administrateur\Local Settings\Application Data\098352.exe ()
    O4 - HKU\Administrateur_ON_C..\RunOnce: [91316066] C:\Documents and Settings\Administrateur\Local Settings\Application Data\91316066.exe ()

    :files
    C:\WINDOWS\system32\dlo508.dll
    C:\WINDOWS\System32\nvdb02.adghz
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\098352.exe
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\91316066.exe
    C:\WINDOWS\System32\drivers\mvb35316.sys
    C:\WINDOWS\System32\msiyqyon.dll
    C:\Documents and Settings\Administrateur\Application Data\.#
    C:\Documents and Settings\Administrateur\Application Data\pdfforge
    C:\Documents and Settings\Administrateur\Application Data\Search Settings

    :commands
    [emptytemp]
    [emptyflash]


    -> Clique ensuite sur [Run Fix] puis poste le rapport qui s'ouvrira.
    0
    1. Sebb
       
      Voici le rapport :

      ========== OTL ==========
      Registry value HKEY_USERS\Administrateur_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
      C:\Program Files\pdfforge Toolbar\SearchSettings.dll moved successfully.
      Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0812B01A-403F-4FED-B419-E22B97A8407A}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0812B01A-403F-4FED-B419-E22B97A8407A}\ deleted successfully.
      C:\WINDOWS\system32\dlo508.dll moved successfully.
      Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
      C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll moved successfully.
      Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
      File C:\Program Files\pdfforge Toolbar\SearchSettings.dll not found.
      Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
      File C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll not found.
      Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
      C:\Program Files\pdfforge Toolbar\SearchSettings.exe moved successfully.
      Registry value HKEY_USERS\Administrateur_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce\\098352 deleted successfully.
      C:\Documents and Settings\Administrateur\Local Settings\Application Data\098352.exe moved successfully.
      Registry value HKEY_USERS\Administrateur_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce\\91316066 deleted successfully.
      C:\Documents and Settings\Administrateur\Local Settings\Application Data\91316066.exe moved successfully.
      ========== FILES ==========
      File\Folder C:\WINDOWS\system32\dlo508.dll not found.
      C:\WINDOWS\System32\nvdb02.adghz moved successfully.
      File\Folder C:\Documents and Settings\Administrateur\Local Settings\Application Data\098352.exe not found.
      File\Folder C:\Documents and Settings\Administrateur\Local Settings\Application Data\91316066.exe not found.
      C:\WINDOWS\System32\drivers\mvb35316.sys moved successfully.
      C:\WINDOWS\System32\msiyqyon.dll moved successfully.
      C:\Documents and Settings\Administrateur\Application Data\.# folder moved successfully.
      C:\Documents and Settings\Administrateur\Application Data\pdfforge\temp folder moved successfully.
      C:\Documents and Settings\Administrateur\Application Data\pdfforge\res folder moved successfully.
      C:\Documents and Settings\Administrateur\Application Data\pdfforge folder moved successfully.
      C:\Documents and Settings\Administrateur\Application Data\Search Settings\kb128\temp folder moved successfully.
      C:\Documents and Settings\Administrateur\Application Data\Search Settings\kb128 folder moved successfully.
      C:\Documents and Settings\Administrateur\Application Data\Search Settings folder moved successfully.
      ========== COMMANDS ==========

      [EMPTYTEMP]

      User: Administrateur
      ->Temp folder emptied: 679654455 bytes
      ->Temporary Internet Files folder emptied: 33170 bytes
      ->Java cache emptied: 0 bytes
      ->FireFox cache emptied: 109886182 bytes
      ->Flash cache emptied: 6442 bytes

      User: All Users

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 33170 bytes

      User: LocalService
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 343323 bytes

      User: NetworkService
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 2624151 bytes
      ->Flash cache emptied: 507 bytes

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 2335097 bytes
      %systemroot%\System32 .tmp files removed: 3590656 bytes
      %systemroot%\System32\dllcache .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 96485 bytes
      %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
      %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

      Total Files Cleaned = 762.00 mb


      [EMPTYFLASH]

      User: Administrateur
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes
      ->Java cache emptied: 0 bytes
      ->FireFox cache emptied: 0 bytes
      ->Flash cache emptied: 0 bytes

      User: All Users

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: LocalService
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: NetworkService
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes
      ->Flash cache emptied: 0 bytes

      Total Flash Files Cleaned = 0.00 mb


      OTLPE by OldTimer - Version 3.1.42.0 log created on 09262010_032747
      0
  4. Xplode Messages postés 9212 Statut Contributeur sécurité 726
     
    Ok.

    Arrives-tu à démarrer l'ordinateur normalement maintenant ?

    Si oui -> Fais moi signe qu'on passe à la suite
    Si non -> Fais moi en signe également et poste un nouveau rapport OTL
    0
    1. Sebb
       
      je narrive pas a recuperer mes icones. qd je redemarre, tjs rien.
      Je te reposte un rapport en faisant un run scan sans custom scans/fixes :

      un OTL logfile created on: 9/26/2010 3:33:08 PM - Run
      OTLPE by OldTimer - Version 3.1.42.0 Folder = X:\Programs\OTLPE
      Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
      Internet Explorer (Version = 6.0.2900.2180)
      Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

      2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
      2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
      Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
      Drive C: | 34.46 Gb Total Space | 24.94 Gb Free Space | 72.36% Space Free | Partition Type: NTFS
      Drive D: | 465.75 Gb Total Space | 157.20 Gb Free Space | 33.75% Space Free | Partition Type: NTFS
      E: Drive not present or media not loaded
      F: Drive not present or media not loaded
      G: Drive not present or media not loaded
      H: Drive not present or media not loaded
      I: Drive not present or media not loaded
      Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

      Computer Name: REATOGO
      Current User Name: SYSTEM
      Logged in as Administrator.

      Current Boot Mode: Normal
      Scan Mode: All users
      Company Name Whitelist: Off
      Skip Microsoft Files: Off
      File Age = 30 Days
      Output = Standard
      Using ControlSet: ControlSet001

      [color=#E56717]========== Win32 Services (SafeList) ==========[/color]

      SRV - File not found [Auto] -- C:\WINDOWS\System32\dlo508.dll -- (xkgvuusd)
      SRV - File not found [Auto] -- -- (userinit)
      SRV - [2010/06/10 15:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
      SRV - [2009/08/24 06:22:34 | 000,069,632 | ---- | M] (France Telecom SA) [Auto] -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
      SRV - [2009/07/21 08:33:58 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
      SRV - [2009/07/20 06:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
      SRV - [2009/06/02 14:56:10 | 002,862,428 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
      SRV - [2009/05/13 10:47:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
      SRV - [2006/10/26 13:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
      SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
      SRV - [2006/09/08 07:12:50 | 000,172,032 | ---- | M] () [Auto] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
      SRV - [2006/09/08 07:10:42 | 000,172,090 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
      SRV - [2005/04/03 19:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
      SRV - [2004/09/29 07:14:36 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


      [color=#E56717]========== Driver Services (SafeList) ==========[/color]

      DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
      DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
      DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
      DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
      DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
      DRV - File not found [Kernel | System] -- -- (PCIDump)
      DRV - File not found [Kernel | On_Demand] -- -- (mvb35316)
      DRV - File not found [Kernel | System] -- -- (lbrtfdc)
      DRV - File not found [Kernel | System] -- -- (i2omgmt)
      DRV - File not found [Kernel | System] -- -- (Changer)
      DRV - [2009/11/25 06:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
      DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
      DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
      DRV - [2009/06/17 12:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
      DRV - [2009/05/11 04:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
      DRV - [2009/03/30 04:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
      DRV - [2009/03/27 18:03:00 | 006,280,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
      DRV - [2009/02/13 06:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
      DRV - [2008/10/03 07:49:19 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
      DRV - [2007/01/15 21:09:06 | 000,293,888 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
      DRV - [2006/12/08 05:06:00 | 000,139,776 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\adidts.sys -- (ADIDTSFiltService)
      DRV - [2006/09/21 03:39:16 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
      DRV - [2006/08/07 04:39:24 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
      DRV - [2006/08/07 04:39:22 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
      DRV - [2006/08/07 04:39:14 | 000,110,080 | R--- | M] (NVIDIA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)
      DRV - [2006/03/01 13:53:54 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
      DRV - [2004/10/27 09:21:36 | 000,138,240 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
      DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
      DRV - [2004/08/05 08:00:00 | 000,036,352 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
      DRV - [2003/09/23 05:38:34 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)
      DRV - [2003/05/07 21:00:00 | 000,090,357 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\P1130Vid.sys -- (P1130VID)


      [color=#E56717]========== Standard Registry (SafeList) ==========[/color]


      [color=#E56717]========== Internet Explorer ==========[/color]

      IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\Administrateur_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      IE - HKU\Administrateur_ON_C\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll ()
      IE - HKU\Administrateur_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



      IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      [color=#E56717]========== FireFox ==========[/color]

      FF - prefs.js..browser.startup.homepage: "https://www.orange.fr/portail"
      FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
      FF - prefs.js..network.proxy.type: 0

      FF - user.js..network.proxy.type: 0

      FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/09/16 17:57:11 | 000,000,000 | ---D | M]
      FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/09/16 17:57:11 | 000,000,000 | ---D | M]

      [2008/10/01 14:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
      [2010/07/26 08:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\4h4ajqg5.default\extensions
      [2009/09/16 12:22:58 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\4h4ajqg5.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}(2)

      O1 HOSTS File: ([2004/08/05 08:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
      O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
      O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
      O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
      O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
      O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
      O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
      O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
      O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe (France Telecom SA)
      O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
      O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
      O4 - HKU\Administrateur_ON_C..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
      O4 - HKU\Administrateur_ON_C..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe File not found
      O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
      O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Enregistrement de produit Logitech.lnk = C:\Program Files\Fichiers communs\LogiShared\eReg\SetPoint\eReg.exe File not found
      O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
      O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
      O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
      O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
      O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
      O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
      O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
      O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe ()
      O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
      O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
      O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
      O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
      O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2008/10/01 11:54:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
      O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
      O33 - MountPoints2\{76de6642-8fde-11dd-8fd4-806d6172696f}\Shell - "" = AutoRun
      O33 - MountPoints2\{76de6642-8fde-11dd-8fd4-806d6172696f}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
      O34 - HKLM BootExecute: (autocheck autochk *) - File not found
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*

      [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

      [2010/09/26 03:27:47 | 000,000,000 | ---D | C] -- C:\_OTL
      [2010/09/25 12:42:10 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
      [2010/09/25 12:04:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\Recent
      [2010/09/25 11:56:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
      [2010/09/25 11:56:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
      [2010/09/25 11:56:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
      [2010/09/25 11:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
      [2010/09/25 10:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
      [2010/09/25 10:01:18 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\UserData

      [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

      [2010/09/26 08:24:59 | 000,000,752 | ---- | M] () -- C:\WINDOWS\System32\nvdb02.adghz
      [2010/09/26 08:24:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
      [2010/09/26 08:24:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
      [2010/09/26 03:34:14 | 005,132,288 | ---- | M] () -- C:\Documents and Settings\Administrateur\ntuser.dat
      [2010/09/25 13:00:39 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
      [2010/09/25 13:00:39 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
      [2010/09/25 13:00:35 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Administrateur\ntuser.ini
      [2010/09/25 12:11:15 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
      [2010/09/25 11:58:30 | 000,196,646 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
      [2010/09/25 09:42:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
      [2010/09/19 16:00:03 | 000,147,968 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2010/08/31 15:19:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

      [color=#E56717]========== Files Created - No Company Name ==========[/color]

      [2010/09/26 08:24:59 | 000,000,752 | ---- | C] () -- C:\WINDOWS\System32\nvdb02.adghz
      [2010/09/25 12:05:03 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
      [2009/09/14 16:59:44 | 005,132,288 | ---- | C] () -- C:\Documents and Settings\Administrateur\ntuser.dat
      [2009/08/19 17:35:08 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\setup_ldm.iss
      [2009/03/05 09:04:28 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
      [2008/10/16 17:16:05 | 000,001,332 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\QuickZip45.ini
      [2008/10/01 17:10:41 | 000,147,968 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2008/10/01 15:03:59 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
      [2008/10/01 15:03:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
      [2008/10/01 15:03:58 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
      [2008/10/01 15:03:58 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
      [2008/10/01 15:03:58 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
      [2008/10/01 15:03:58 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
      [2008/10/01 15:03:58 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
      [2008/10/01 14:28:42 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
      [2008/10/01 14:28:42 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
      [2008/10/01 14:28:41 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
      [2008/10/01 14:28:41 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
      [2008/10/01 14:28:39 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
      [2008/10/01 14:09:16 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
      [2008/10/01 14:09:16 | 000,000,400 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
      [2008/10/01 14:08:56 | 000,026,448 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
      [2008/10/01 14:08:17 | 000,026,269 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
      [2008/10/01 14:08:17 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
      [2008/10/01 14:08:03 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
      [2008/10/01 11:56:48 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Administrateur\ntuser.dat.LOG
      [2008/10/01 11:56:48 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\Administrateur\ntuser.ini
      [2008/10/01 11:56:42 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
      [2008/10/01 11:56:42 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
      [2008/10/01 11:56:42 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
      [2008/10/01 11:56:24 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
      [2008/10/01 11:56:24 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
      [2008/10/01 11:56:24 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
      [2004/08/05 08:00:00 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\disk.sys
      [2004/08/05 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
      [2001/07/06 10:30:00 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

      [color=#E56717]========== LOP Check ==========[/color]

      [2010/09/25 10:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\BitTorrent
      [2008/12/10 19:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\BSplayer
      [2008/10/01 15:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\BSplayer Pro
      [2008/10/03 07:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\DAEMON Tools
      [2010/09/25 12:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\DNA
      [2009/07/15 13:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\GetRightToGo
      [2010/08/20 09:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Image Zone Express
      [2009/08/19 17:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Leadertech
      [2009/11/24 17:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\MSNInstaller
      [2009/09/29 09:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org

      [color=#E56717]========== Purity Check ==========[/color]



      [color=#E56717]========== Files - Unicode (All) ==========[/color]
      [2004/08/05 08:00:00 | 000,131,072 | ---- | M] ()(C:\WINDOWS\System32\us?rinit.exe) -- C:\WINDOWS\System32\us?rinit.exe
      [2004/08/05 08:00:00 | 000,131,072 | ---- | C] ()(C:\WINDOWS\System32\us?rinit.exe) -- C:\WINDOWS\System32\us?rinit.exe
      < End of report >
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Xplode Messages postés 9212 Statut Contributeur sécurité 726
     
    Ok, fais ceci maintenant :

    -+-+-+-+-> DrWed Live CD <-+-+-+-+-

    -> Ce live CD contient DrWeb CureIt, un antivirus. Le principe du live CD est qu'il permet d'être chargé avant le démarrage de windows.
    -> Il peut donc être utilisé même si l'ordinateur ne démarre plus.

    /!\ Le temps d'analyse peut être très long si l'ordinateur possède beaucoup de données /!\

    -> La partie n°1 s'effectue sur un PC fonctionnel disposant d'un graveur, la partie n°2 s'effectue sur le PC infecté ne démarrant plus.

    |-----| Partie n°1 : Téléchargement/Gravure du Live CD |-----|

    [x] Télécharge le live CD de DrWeb à cette adresse ( prendre le .iso )

    [x] Une fois le téléchargement fini, il faut que tu graves l'image ISO sur un CD vierge. Pour ce faire, suis ce tutoriel.

    |-----| Partie n°2 : Utilisation du Live CD |-----|

    [x] Une fois en possession du CD correctement gravé, place le dans le lecteur CD du PC infecté.

    [x] Redémarre celui ci. Au redémarrage, le live CD se chargera de lui même.

    [x] A l'écran principal, sélectionne [Dr.Web LiveCD (Default)] puis appuie sur [Entrée]

    [x] Patiente pendant le chargement du système.

    [x] Une fois arrivé sur le bureau, une fenêtre "Dr.Web Scanner" s'ouvrira.

    [x] Dans la partie supérieure, coche toutes les partitions présentes ( C: , etc.. ) et vérifie que la case "Scan subdirectories" est également cochée.

    [x] Clique maintenant sur le rond vert ( Update Bases ) afin de mettre à jour DrWeb.

    [x] Une fois la mise à jour terminée, clique sur [Start] pour lancer l'analyse.

    [x] Une fois l'analyse terminée, clique sur [Select All] puis sur [Cure]

    [x] Clique sur l'icône " Terminal " ( icône en forme de carré noir tout en bas à gauche du bureau )

    [x] Tape la commande suivante dans le terminal :

    leafpad /root/.drweb/logs/scanner.log

    [x] Valide en appuyant sur [Entrée] pour ouvrir le rapport de DrWeb.

    [x] Poste son contenu dans ton prochain message en accédant à ce sujet directement via le live CD de DrWeb ( Firefox ).

    Note : Si le PC ne démarre pas sur le CD, c'est qu'il faut modifier la séquence de démarrage du BIOS.
    Un tutoriel est disponible ici pour t'aider à modifier ces paramètres.
    0
    1. HELLSING35
       
      Bonjour
      j'ai le meme probleme
      En effet j'ai eu tout d'abord un message en police rouge sur fond noir m'indiquant "YOUR COMPUTER IS INFECTED" avec en prime une logiciel "ANTIVIRUS 2010" qui se mettait en route en réalisant un sacn de mon PC. Puis je me suis retrouvé avec un bureau en fond bleu sans icone et sans barre de tache. j'ai essayé de lancer ,via le gestionnaire des taches, l'executable EXPLORER.EXE mais il me bloque car je ne detiens pas les autorisations ( alors que je suis en Administrateur) idem pour MALEWAREBYTES.



      Pouvez vous m'aider
      0
    2. Xplode Messages postés 9212 Statut Contributeur sécurité 726
       
      Bonsoir,

      Créé ton propre sujet dans la partie virus/sécurité du forum afin que moi ou un autre helper te prenne en charge ;-)

      Cordialement.
      0
  7. Sebb
     
    jai fait tte la manip comme tu m'as dit est jai bien le log, le pb c que je ne peux te lenvoyer car la connexion avec firefox ne marche pas. C'est un message d'erreur qui saffiche sur la page daccueil de firefox qui est le suivant : XLM parsing error:undefined entity. location : jar:file:///usr/lib/xulrunner-1.9.2/chrome/toolkit.jar!/content/global/neterror.xhtml. line numer 60, column 12 :
    <title>&loaderror.label;</title> -----------^
    0
  8. Sebb
     
    Comment puis-je enregistrer le log pour l'envoyer?
    Qq1 peut-il m'aider?

    Merci d'avance
    0
  9. Xplode Messages postés 9212 Statut Contributeur sécurité 726
     
    Bonsoir,

    Tu as pourtant réussi à me poster le log OTL, c'est la même chose pour le log DrWeb ;-)
    0
  10. Sebb
     
    jai enregistré le log mais je ne le retrouve plus.... faut -il que je recommence la manip de A a Z avec le scan + Cure ?
    0
  11. Sebb
     
    UP

    jai besoin daide please et je ne c plus quoi faire.....

    Merci davance
    0
  12. Xplode Messages postés 9212 Statut Contributeur sécurité 726
     
    Bonjour,

    Le PC n'arrive toujours pas à redémarrer ?

    Si oui, refais la manip' avec DrWeb et cette fois-ci poste moi le rapport. Sinon, on avisera
    0
  13. Sebb
     
    bonjour, non tjs pas dicones
    Je relance te la manip et je post tt ca
    merci bcp davoir repondu
    0
  14. Xplode Messages postés 9212 Statut Contributeur sécurité 726
     
    Pas de problèmes. Si ça ne marche toujours pas on va faire autrement.
    0
  15. Sebb
     
    Bonjour,
    jai refait la manip de A a Z et il n'y a rien ds file status, donc rien a "cure" ... jai recuperé le log mais internet ne marche pas sous docteur web et je narrive pas a le transferer sur la clé usb... jenregistre le scanner.log sur la clé mais qd je la lis sur ce pc non infecté, le fichier n'apparait pas....

    Je suis ds une impasse.. qd je lance le pc sans dr web... tjs pas dicones :(
    0