Gros virus clusters endommagés
Résolu
needhelp
-
needhelp -
needhelp -
Bonjour,
J'ai un gros virus qui est entrain de bousiller l'ordi de ma soeur qui va me tuer!
J'ai téléchargé hijackthis, dont voici le rapport. Evidemment j'y comprends rien, merci pour vos lumières!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:01, on 21/05/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\fOEqVGtijLGLKa.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\attrib.exe
C:\ProgramData\34397968.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\system32\attrib.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\attrib.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Dounia\Downloads\HiJackThis.exe
C:\Windows\system32\attrib.exe
C:\Windows\system32\attrib.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {D6A884BF-AD48-0C06-27E2-7A8BB640CF7E} - c:\windows\system32\tafwyfiw.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [fOEqVGtijLGLKa] C:\ProgramData\fOEqVGtijLGLKa.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/...
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20080925104645
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1c9b315a73508a3) (gupdate1c9b315a73508a3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
J'ai un gros virus qui est entrain de bousiller l'ordi de ma soeur qui va me tuer!
J'ai téléchargé hijackthis, dont voici le rapport. Evidemment j'y comprends rien, merci pour vos lumières!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:01, on 21/05/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\fOEqVGtijLGLKa.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\attrib.exe
C:\ProgramData\34397968.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\system32\attrib.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\attrib.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Dounia\Downloads\HiJackThis.exe
C:\Windows\system32\attrib.exe
C:\Windows\system32\attrib.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {D6A884BF-AD48-0C06-27E2-7A8BB640CF7E} - c:\windows\system32\tafwyfiw.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [fOEqVGtijLGLKa] C:\ProgramData\fOEqVGtijLGLKa.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/...
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20080925104645
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1c9b315a73508a3) (gupdate1c9b315a73508a3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:
- Gros virus clusters endommagés
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Undisclosed-recipients virus - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Virus informatique - Guide
40 réponses
tu sais pas ce qui s'est passé?
L'ordi a été éteint par mégarde et au moment de le rallumer : écran noir!!! Après des recherches sur l'iPhone (merci), enfin sur internet, mais via le téléphone car plus d'ordi, j'ai effectué une restauration, voilà pourquoi je ne réponds que maintenant. Tout fonctionne désormais, mais les logiciels ont disparus et donc je ne sais pas quelle est la situation de l'ordi. J'aimerais évidemment tout désinfecter si possible. Pour Vista, je ne sais pas, dès que j'ai la réponse je te tiens au courant.
L'ordi a été éteint par mégarde et au moment de le rallumer : écran noir!!! Après des recherches sur l'iPhone (merci), enfin sur internet, mais via le téléphone car plus d'ordi, j'ai effectué une restauration, voilà pourquoi je ne réponds que maintenant. Tout fonctionne désormais, mais les logiciels ont disparus et donc je ne sais pas quelle est la situation de l'ordi. J'aimerais évidemment tout désinfecter si possible. Pour Vista, je ne sais pas, dès que j'ai la réponse je te tiens au courant.
Pas cool ça...
Vois si Malwarebytes' Anti-Malware trouve encore des infections.
Vois si Malwarebytes' Anti-Malware trouve encore des infections.
moi je ne peut pas mettre aucun anti- virus j'ai un probleme depuis hier et la je suit sur internet des antivirus anti=virus] , je télécharge mais quand je veut ouvrir un page ouvre et me demande avec quelle fichier je veut ouvrir , la je ne peut pas car il le fichien n'es pas dézipper
alors comment faire S.V.P.
merci
alors comment faire S.V.P.
merci
Voici le rapport :
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Version de la base de données: 6636
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
21/05/2011 23:09:31
mbam-log-2011-05-21 (23-09-16).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 160914
Temps écoulé: 9 minute(s), 29 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\Users\Dounia\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken.
c:\Users\Dounia\local settings\application data\ave.exe (Rogue.MultipleAV) -> No action taken.
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Version de la base de données: 6636
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
21/05/2011 23:09:31
mbam-log-2011-05-21 (23-09-16).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 160914
Temps écoulé: 9 minute(s), 29 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\Users\Dounia\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken.
c:\Users\Dounia\local settings\application data\ave.exe (Rogue.MultipleAV) -> No action taken.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Trêve de plaisanteries! Voici le rapport :
http://www.cijoint.fr/cjlink.php?file=cj201105/cijApcHwCF.txt
Alors?
http://www.cijoint.fr/cjlink.php?file=cj201105/cijApcHwCF.txt
Alors?
Le PC fonctionne bien sinon ?
Je ne vois pas l'antivirus.
--> Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
--> Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :
:OTL
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O33 - MountPoints2\{51cb77cb-e216-11dd-a9cc-001b3894cfd2}\Shell\Auto\command - "" = F:\auto.exe
O33 - MountPoints2\{51cb77cb-e216-11dd-a9cc-001b3894cfd2}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\auto.exe
O33 - MountPoints2\{55a18c3e-0d75-11dd-b200-001b38fb9530}\Shell\AutoRun\command - "" = G:\RECYCLER\lasass.exe
O33 - MountPoints2\{55a18c3e-0d75-11dd-b200-001b38fb9530}\Shell\open\command - "" = G:\RECYCLER\lasass.exe
O33 - MountPoints2\{835f44ca-e2e5-11dd-a80c-001b3894cfd2}\Shell\Auto\command - "" = auto.exe
O33 - MountPoints2\{835f44ca-e2e5-11dd-a80c-001b3894cfd2}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
O33 - MountPoints2\{835f44ec-e2e5-11dd-a80c-001b3894cfd2}\Shell\AutoRun\command - "" = ve.exe
O33 - MountPoints2\{835f44ec-e2e5-11dd-a80c-001b3894cfd2}\Shell\open\Command - "" = ve.exe
[2011/05/21 11:21:40 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~34397968
[2011/05/21 11:21:36 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~34397968r
[2011/05/21 11:18:17 | 000,000,392 | ---- | M] () -- C:\ProgramData\34397968
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wsbl.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_unmip.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_histprot.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_white.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_summ.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_black.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2010/03/20 09:04:11 | 000,205,312 | -HS- | C] () -- C:\Users\Dounia\AppData\Local\1040314544.dll
[2010/03/20 09:03:48 | 000,009,382 | R--- | C] () -- C:\Users\Dounia\AppData\Local\7OWr8MdX62
[2010/03/20 09:03:48 | 000,009,382 | R--- | C] () -- C:\ProgramData\7OWr8MdX62
[2009/11/08 20:05:45 | 000,000,048 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
:commands
[emptytemp]
--> Puis clique sur le bouton Correction en haut de la fenêtre.
--> Laisse le programme travailler, redémarre une fois le fix terminé.
--> Poste le rapport qui s'affichera après redémarrage.
Je ne vois pas l'antivirus.
--> Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
--> Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :
:OTL
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O33 - MountPoints2\{51cb77cb-e216-11dd-a9cc-001b3894cfd2}\Shell\Auto\command - "" = F:\auto.exe
O33 - MountPoints2\{51cb77cb-e216-11dd-a9cc-001b3894cfd2}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\auto.exe
O33 - MountPoints2\{55a18c3e-0d75-11dd-b200-001b38fb9530}\Shell\AutoRun\command - "" = G:\RECYCLER\lasass.exe
O33 - MountPoints2\{55a18c3e-0d75-11dd-b200-001b38fb9530}\Shell\open\command - "" = G:\RECYCLER\lasass.exe
O33 - MountPoints2\{835f44ca-e2e5-11dd-a80c-001b3894cfd2}\Shell\Auto\command - "" = auto.exe
O33 - MountPoints2\{835f44ca-e2e5-11dd-a80c-001b3894cfd2}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
O33 - MountPoints2\{835f44ec-e2e5-11dd-a80c-001b3894cfd2}\Shell\AutoRun\command - "" = ve.exe
O33 - MountPoints2\{835f44ec-e2e5-11dd-a80c-001b3894cfd2}\Shell\open\Command - "" = ve.exe
[2011/05/21 11:21:40 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~34397968
[2011/05/21 11:21:36 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~34397968r
[2011/05/21 11:18:17 | 000,000,392 | ---- | M] () -- C:\ProgramData\34397968
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wsbl.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_unmip.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_histprot.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_white.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_summ.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_black.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2010/03/20 09:04:11 | 000,205,312 | -HS- | C] () -- C:\Users\Dounia\AppData\Local\1040314544.dll
[2010/03/20 09:03:48 | 000,009,382 | R--- | C] () -- C:\Users\Dounia\AppData\Local\7OWr8MdX62
[2010/03/20 09:03:48 | 000,009,382 | R--- | C] () -- C:\ProgramData\7OWr8MdX62
[2009/11/08 20:05:45 | 000,000,048 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
:commands
[emptytemp]
--> Puis clique sur le bouton Correction en haut de la fenêtre.
--> Laisse le programme travailler, redémarre une fois le fix terminé.
--> Poste le rapport qui s'affichera après redémarrage.
Pas besoin.
Le script, c'est :
:OTL
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O33 - MountPoints2\{51cb77cb-e216-11dd-a9cc-001b3894cfd2}\Shell\Auto\command - "" = F:\auto.exe
O33 - MountPoints2\{51cb77cb-e216-11dd-a9cc-001b3894cfd2}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\auto.exe
O33 - MountPoints2\{55a18c3e-0d75-11dd-b200-001b38fb9530}\Shell\AutoRun\command - "" = G:\RECYCLER\lasass.exe
O33 - MountPoints2\{55a18c3e-0d75-11dd-b200-001b38fb9530}\Shell\open\command - "" = G:\RECYCLER\lasass.exe
O33 - MountPoints2\{835f44ca-e2e5-11dd-a80c-001b3894cfd2}\Shell\Auto\command - "" = auto.exe
O33 - MountPoints2\{835f44ca-e2e5-11dd-a80c-001b3894cfd2}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
O33 - MountPoints2\{835f44ec-e2e5-11dd-a80c-001b3894cfd2}\Shell\AutoRun\command - "" = ve.exe
O33 - MountPoints2\{835f44ec-e2e5-11dd-a80c-001b3894cfd2}\Shell\open\Command - "" = ve.exe
[2011/05/21 11:21:40 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~34397968
[2011/05/21 11:21:36 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~34397968r
[2011/05/21 11:18:17 | 000,000,392 | ---- | M] () -- C:\ProgramData\34397968
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wsbl.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_unmip.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_histprot.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_white.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_summ.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_black.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2010/03/20 09:04:11 | 000,205,312 | -HS- | C] () -- C:\Users\Dounia\AppData\Local\1040314544.dll
[2010/03/20 09:03:48 | 000,009,382 | R--- | C] () -- C:\Users\Dounia\AppData\Local\7OWr8MdX62
[2010/03/20 09:03:48 | 000,009,382 | R--- | C] () -- C:\ProgramData\7OWr8MdX62
[2009/11/08 20:05:45 | 000,000,048 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
:commands
[emptytemp]
Le script, c'est :
:OTL
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O33 - MountPoints2\{51cb77cb-e216-11dd-a9cc-001b3894cfd2}\Shell\Auto\command - "" = F:\auto.exe
O33 - MountPoints2\{51cb77cb-e216-11dd-a9cc-001b3894cfd2}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\auto.exe
O33 - MountPoints2\{55a18c3e-0d75-11dd-b200-001b38fb9530}\Shell\AutoRun\command - "" = G:\RECYCLER\lasass.exe
O33 - MountPoints2\{55a18c3e-0d75-11dd-b200-001b38fb9530}\Shell\open\command - "" = G:\RECYCLER\lasass.exe
O33 - MountPoints2\{835f44ca-e2e5-11dd-a80c-001b3894cfd2}\Shell\Auto\command - "" = auto.exe
O33 - MountPoints2\{835f44ca-e2e5-11dd-a80c-001b3894cfd2}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
O33 - MountPoints2\{835f44ec-e2e5-11dd-a80c-001b3894cfd2}\Shell\AutoRun\command - "" = ve.exe
O33 - MountPoints2\{835f44ec-e2e5-11dd-a80c-001b3894cfd2}\Shell\open\Command - "" = ve.exe
[2011/05/21 11:21:40 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~34397968
[2011/05/21 11:21:36 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~34397968r
[2011/05/21 11:18:17 | 000,000,392 | ---- | M] () -- C:\ProgramData\34397968
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wsbl.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_unmip.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_histprot.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_white.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_summ.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_black.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010/03/20 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2010/03/20 09:04:11 | 000,205,312 | -HS- | C] () -- C:\Users\Dounia\AppData\Local\1040314544.dll
[2010/03/20 09:03:48 | 000,009,382 | R--- | C] () -- C:\Users\Dounia\AppData\Local\7OWr8MdX62
[2010/03/20 09:03:48 | 000,009,382 | R--- | C] () -- C:\ProgramData\7OWr8MdX62
[2009/11/08 20:05:45 | 000,000,048 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
:commands
[emptytemp]
Ok, c'est en cours. La premiere fois, Otl a planté. Sinon l'ordi fonctionne correctement, mais un écran noir apparaît au demarrage, juste avant l'apparition des icônes du bureau, et je n'arrive pas à mettre à jour bitdedender. Lorsque l'analyse a débuté, toutes les fenêtres et les icônes du bureau ont disparu, c'est normal?
All processes killed
========== OTL ==========
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51cb77cb-e216-11dd-a9cc-001b3894cfd2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51cb77cb-e216-11dd-a9cc-001b3894cfd2}\ not found.
File F:\auto.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51cb77cb-e216-11dd-a9cc-001b3894cfd2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51cb77cb-e216-11dd-a9cc-001b3894cfd2}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\auto.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55a18c3e-0d75-11dd-b200-001b38fb9530}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55a18c3e-0d75-11dd-b200-001b38fb9530}\ not found.
File G:\RECYCLER\lasass.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55a18c3e-0d75-11dd-b200-001b38fb9530}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55a18c3e-0d75-11dd-b200-001b38fb9530}\ not found.
File G:\RECYCLER\lasass.exe not found.
Voici le rapport :
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{835f44ca-e2e5-11dd-a80c-001b3894cfd2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{835f44ca-e2e5-11dd-a80c-001b3894cfd2}\ not found.
File auto.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{835f44ca-e2e5-11dd-a80c-001b3894cfd2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{835f44ca-e2e5-11dd-a80c-001b3894cfd2}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{835f44ec-e2e5-11dd-a80c-001b3894cfd2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{835f44ec-e2e5-11dd-a80c-001b3894cfd2}\ not found.
File ve.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{835f44ec-e2e5-11dd-a80c-001b3894cfd2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{835f44ec-e2e5-11dd-a80c-001b3894cfd2}\ not found.
File ve.exe not found.
File C:\ProgramData\~34397968 not found.
File C:\ProgramData\~34397968r not found.
File C:\ProgramData\34397968 not found.
File C:\Windows\System32\wsbl.dat not found.
File C:\Windows\System32\phar_unmip.dat not found.
File C:\Windows\System32\phar_histprot.dat not found.
File C:\Windows\System32\ph_white.dat not found.
File C:\Windows\System32\ph_summ.dat not found.
File C:\Windows\System32\ph_black.dat not found.
File C:\Windows\System32\pcwords2.dat not found.
File C:\Windows\System32\pcwords.dat not found.
File C:\Windows\System32\pc_webproxy.dat not found.
File C:\Windows\System32\pc_video.dat not found.
File C:\Windows\System32\pc_tabloids.dat not found.
File C:\Windows\System32\pc_socialnetworks.dat not found.
File C:\Windows\System32\pc_searchengines.dat not found.
File C:\Windows\System32\pc_regionaltlds.dat not found.
File C:\Windows\System32\pc_pornography.dat not found.
File C:\Windows\System32\pc_onlineshop.dat not found.
File C:\Windows\System32\pc_onlinepay.dat not found.
File C:\Windows\System32\pc_onlinedating.dat not found.
File C:\Windows\System32\pc_news.dat not found.
File C:\Windows\System32\pc_im.dat not found.
File C:\Windows\System32\pc_illegal.dat not found.
File C:\Windows\System32\pc_hate.dat not found.
File C:\Windows\System32\pc_games.dat not found.
File C:\Windows\System32\pc_gambling.dat not found.
File C:\Windows\System32\pc_drugs.dat not found.
File C:\Users\Dounia\AppData\Local\1040314544.dll not found.
File C:\Users\Dounia\AppData\Local\7OWr8MdX62 not found.
File C:\ProgramData\7OWr8MdX62 not found.
File C:\ProgramData\ezsidmv.dat not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Dounia
->Temp folder emptied: 791032658 bytes
->Temporary Internet Files folder emptied: 518368024 bytes
->Java cache emptied: 10166 bytes
->FireFox cache emptied: 29699653 bytes
->Google Chrome cache emptied: 355344778 bytes
->Apple Safari cache emptied: 20165632 bytes
->Flash cache emptied: 1758224 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 299697877 bytes
RecycleBin emptied: 6201047483 bytes
Total Files Cleaned = 7 836,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 05222011_001742
Files\Folders moved on Reboot...
C:\Users\Dounia\AppData\Local\Temp\ehmsas.txt moved successfully.
Registry entries deleted on Reboot...
========== OTL ==========
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51cb77cb-e216-11dd-a9cc-001b3894cfd2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51cb77cb-e216-11dd-a9cc-001b3894cfd2}\ not found.
File F:\auto.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51cb77cb-e216-11dd-a9cc-001b3894cfd2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51cb77cb-e216-11dd-a9cc-001b3894cfd2}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\auto.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55a18c3e-0d75-11dd-b200-001b38fb9530}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55a18c3e-0d75-11dd-b200-001b38fb9530}\ not found.
File G:\RECYCLER\lasass.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55a18c3e-0d75-11dd-b200-001b38fb9530}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55a18c3e-0d75-11dd-b200-001b38fb9530}\ not found.
File G:\RECYCLER\lasass.exe not found.
Voici le rapport :
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{835f44ca-e2e5-11dd-a80c-001b3894cfd2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{835f44ca-e2e5-11dd-a80c-001b3894cfd2}\ not found.
File auto.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{835f44ca-e2e5-11dd-a80c-001b3894cfd2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{835f44ca-e2e5-11dd-a80c-001b3894cfd2}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{835f44ec-e2e5-11dd-a80c-001b3894cfd2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{835f44ec-e2e5-11dd-a80c-001b3894cfd2}\ not found.
File ve.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{835f44ec-e2e5-11dd-a80c-001b3894cfd2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{835f44ec-e2e5-11dd-a80c-001b3894cfd2}\ not found.
File ve.exe not found.
File C:\ProgramData\~34397968 not found.
File C:\ProgramData\~34397968r not found.
File C:\ProgramData\34397968 not found.
File C:\Windows\System32\wsbl.dat not found.
File C:\Windows\System32\phar_unmip.dat not found.
File C:\Windows\System32\phar_histprot.dat not found.
File C:\Windows\System32\ph_white.dat not found.
File C:\Windows\System32\ph_summ.dat not found.
File C:\Windows\System32\ph_black.dat not found.
File C:\Windows\System32\pcwords2.dat not found.
File C:\Windows\System32\pcwords.dat not found.
File C:\Windows\System32\pc_webproxy.dat not found.
File C:\Windows\System32\pc_video.dat not found.
File C:\Windows\System32\pc_tabloids.dat not found.
File C:\Windows\System32\pc_socialnetworks.dat not found.
File C:\Windows\System32\pc_searchengines.dat not found.
File C:\Windows\System32\pc_regionaltlds.dat not found.
File C:\Windows\System32\pc_pornography.dat not found.
File C:\Windows\System32\pc_onlineshop.dat not found.
File C:\Windows\System32\pc_onlinepay.dat not found.
File C:\Windows\System32\pc_onlinedating.dat not found.
File C:\Windows\System32\pc_news.dat not found.
File C:\Windows\System32\pc_im.dat not found.
File C:\Windows\System32\pc_illegal.dat not found.
File C:\Windows\System32\pc_hate.dat not found.
File C:\Windows\System32\pc_games.dat not found.
File C:\Windows\System32\pc_gambling.dat not found.
File C:\Windows\System32\pc_drugs.dat not found.
File C:\Users\Dounia\AppData\Local\1040314544.dll not found.
File C:\Users\Dounia\AppData\Local\7OWr8MdX62 not found.
File C:\ProgramData\7OWr8MdX62 not found.
File C:\ProgramData\ezsidmv.dat not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Dounia
->Temp folder emptied: 791032658 bytes
->Temporary Internet Files folder emptied: 518368024 bytes
->Java cache emptied: 10166 bytes
->FireFox cache emptied: 29699653 bytes
->Google Chrome cache emptied: 355344778 bytes
->Apple Safari cache emptied: 20165632 bytes
->Flash cache emptied: 1758224 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 299697877 bytes
RecycleBin emptied: 6201047483 bytes
Total Files Cleaned = 7 836,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 05222011_001742
Files\Folders moved on Reboot...
C:\Users\Dounia\AppData\Local\Temp\ehmsas.txt moved successfully.
Registry entries deleted on Reboot...
J'ai aussi une fenêtre qui s'ouvre régulièrement pour m'informer que "Alps-Pointng device Driver a cessé de fonctionner"
Il faut le mettre à jour avec Windows Update.
Tu as réinstallé BitDefender pour voir si ça réglait le problème ?
Tu as réinstallé BitDefender pour voir si ça réglait le problème ?
Salut,
je me suis endormie hier :)
Sinon, Bit defender fonctionne de nouveau. Voici le dernier rapport :
QuickScan Beta 32-bit v0.9.9.21
-------------------------------
Scan date: Sun May 22 13:21:02 2011
Machine ID: CA169CF
No infection found.
-------------------
Processes
---------
<verified> hpwuSchd Application 516 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
<verified> Alps Pointing-device Driver 1988 C:\Program Files\Apoint2K\Apoint.exe
<verified> Alps Pointing-device Driver for Windows 3940 C:\Program Files\Apoint2K\Apntex.exe
<verified> Firefox 4812 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> HP Quick Launch Buttons 2044 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
<verified> HP QuickPlay 2004 C:\Program Files\Hp\QuickPlay\QPService.exe
<verified> HP Wireless Assistant 588 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
<verified> HP Wireless Assistant 2144 C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
<verified> HpqToaster Module 1360 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
<verified> Intel(R) Common User Interface 1968 C:\Windows\System32\hkcmd.exe
<verified> Intel(R) Common User Interface 1976 C:\Windows\System32\igfxpers.exe
<verified> Intel(R) Common User Interface 1192 C:\Windows\system32\igfxsrvc.exe
<verified> iTunes 1832 C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java(TM) Platform SE 6 U2 924 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
<verified> Microsoft Office OneNote 1428 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
<verified> Microsoft® Windows® Operating System 2272 C:\Windows\ehome\ehmsas.exe
<verified> Microsoft® Windows® Operating System 1624 C:\Windows\ehome\ehtray.exe
<verified> Microsoft® Windows® Operating System 3832 C:\Windows\system32\wbem\unsecapp.exe
<verified> Microsoft® Windows® Operating System 3860 C:\Windows\system32\wuauclt.exe
<verified> OpenOffice.org 3.0 2204 C:\Program Files\OpenOffice.org 3\program\soffice.bin
<verified> OpenOffice.org 3.0 2104 C:\Program Files\OpenOffice.org 3\program\soffice.exe
<verified> RAID Event Monitor 1996 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
<verified> Système d'exploitation Microsoft® Windo 612 C:\Program Files\Windows Sidebar\sidebar.exe
<verified> Système d'exploitation Microsoft® Windo 1728 C:\Windows\Explorer.EXE
<verified> Système d'exploitation Microsoft® Windo 1692 C:\Windows\system32\Dwm.exe
<verified> Système d'exploitation Microsoft® Windo 268 C:\Windows\system32\taskeng.exe
<verified> Windows Defender 12 C:\Program Files\Windows Defender\MSASCui.exe
<verified> Windows Live Messenger 1592 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Network activity
----------------
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.229.104
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.229.99
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.146.106
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.146.106
Process firefox.exe (4812) connected on port 80 (HTTP) --> 194.112.114.159
Process firefox.exe (4812) connected on port 80 (HTTP) --> 79.140.93.170
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.146.165
Process firefox.exe (4812) connected on port 80 (HTTP) --> 81.52.160.138
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.227.148
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.147.156
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.227.149
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.146.165
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.146.102
Process firefox.exe (4812) connected on port 80 (HTTP) --> 74.125.79.100
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.147.156
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.147.138
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.147.139
Autoruns and critical files
---------------------------
<unsigned> Mozilla Firefox C:\Program Files\Mozilla Firefox
<unsigned> QuickTime C:\Program Files\QuickTime\QTTask.exe
<verified> hpwuSchd Application C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
<verified> Adobe Acrobat C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
<verified> Alps Pointing-device Driver C:\Program Files\Apoint2K\Apoint.exe
<verified> HP Quick Launch Buttons C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
<verified> HP QuickPlay C:\Program Files\Hp\QuickPlay\QPService.exe
<verified> HP Total Care Advisor C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
<verified> HP Wireless Assistant C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
<verified> Intel(R) Common User Interface C:\Windows\System32\hkcmd.exe
<verified> Intel(R) Common User Interface C:\Windows\System32\igfxdev.dll
<verified> Intel(R) Common User Interface C:\Windows\System32\igfxpers.exe
<verified> Intel(R) Common User Interface C:\Windows\system32\igfxtray.exe
<verified> iTunes C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java(TM) Platform SE 6 U2 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
<verified> Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
<verified> Microsoft Office OneNote C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
<verified> Microsoft® Windows® Operating System C:\Windows\ehome\ehtray.exe
<verified> MobileMe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
<verified> quickstart.exe C:\Program Files\OpenOffice.org 3\program\quickstart.exe
<verified> RAID Event Monitor C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
<verified> StartMen Application C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
<verified> Système d'exploitation Microsoft® Windo C:\Program Files\Windows Sidebar\sidebar.exe
<verified> Système d'exploitation Microsoft® Windo C:\Windows\System32\browseui.dll
<verified> Système d'exploitation Microsoft® Windo c:\windows\system32\userinit.exe
<verified> Windows Defender C:\Program Files\Windows Defender\MSASCui.exe
<verified> Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
<verified> Windows® Internet Explorer C:\Windows\system32\msfeedssync.exe
<verified> Windows® Internet Explorer C:\Windows\System32\webcheck.dll
Browser plugins
---------------
<unsigned> Epson Easy Photo Print (TBL) C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
<unsigned> PDFCreator Toolbar c:\program files\pdfcreator toolbar\v3.3.0.1\pdfcreator_toolbar.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<verified> 2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
<verified> AcroIEHelper Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
<verified> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> Adobe® Flash® Player ActiveX C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> AOL Media Playback Control C:\Windows\Downloaded Program Files\ampAx3.0.84.2.dll
<verified> BitDefender QuickScan C:\Users\Dounia\AppData\Roaming\Mozilla\Firefox\Profiles\n19q4lq8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Users\Dounia\AppData\Roaming\Mozilla\Firefox\Profiles\n19q4lq8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<verified> DivX Player Netscape Plugin C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
<verified> DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
<verified> DivX Web Player C:\Program Files\DivX\DivX Web Player\npdivx32.dll
<verified> DivX Web Player C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
<verified> Google Update C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
<verified> Java(TM) Platform SE 6 U2 c:\program files\java\jre1.6.0_02\bin\ssv.dll
<verified> Kodak Photo CD Access Developer Toolkit C:\Windows\Downloaded Program Files\pcdlib32.dll
<verified> LEADTOOLS(r) DLL for Win32 C:\Windows\Downloaded Program Files\lfeps13n.dll
<verified> LEADTOOLS(r) DLL for Win32 C:\Windows\Downloaded Program Files\lfpcd13n.dll
<verified> LEADTOOLS(r) DLL for Win32 C:\Windows\Downloaded Program Files\lfpcx13n.dll
<verified> MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
<verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> MSN Photo Upload Control C:\Windows\Downloaded Program Files\MsnPUpld.dll
<verified> MSN® Games by Zone.com C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll
<verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified> nppdf32.FRA C:\Program Files\Internet Explorer\plugins\nppdf32.FRA
<verified> nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
<verified> NPSWF32.dll C:\Windows\System32\Macromed\Flash\NPSWF32.dll
<verified> Outil MSN Téléchargement de photos C:\Windows\Downloaded Program Files\PURfr-fr.dll
<verified> PhotoBox uploader C:\Windows\Downloaded Program Files\ImageUploader4.ocx
<verified> Picasa C:\Program Files\Google\Picasa3\npPicasa3.dll
<verified> Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
<verified> Système d'exploitation Microsoft® Windo C:\Windows\System32\mswsock.dll
<verified> Système d'exploitation Microsoft® Windo C:\Windows\System32\NapiNSP.dll
<verified> Système d'exploitation Microsoft® Windo C:\Windows\System32\pnrpnsp.dll
<verified> The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
<verified> The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
<verified> unagiuninst.exe C:\Windows\Downloaded Program Files\unagiuninst.exe
<verified> UNO Messenger C:\Windows\Downloaded Program Files\GAME_UNO1.dll
<verified> Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\Windows\System32\ieframe.dll
Missing files
-------------
File not found: C:\Windows\system32\drivers\blbdrive.sys
referenced in: HKLM\System\ControlSet001\services\blbdrive\"ImagePath"
File not found: [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"HP Health Check Scheduler"
File not found: system32\DRIVERS\SymIM.sys
referenced in: HKLM\System\ControlSet001\services\SymIMMP\"ImagePath"
File not found: system32\DRIVERS\ipinip.sys
referenced in: HKLM\System\ControlSet001\services\IpInIp\"ImagePath"
File not found: system32\DRIVERS\nwlnkflt.sys
referenced in: HKLM\System\ControlSet001\services\NwlnkFlt\"ImagePath"
File not found: system32\DRIVERS\nwlnkfwd.sys
referenced in: HKLM\System\ControlSet001\services\NwlnkFwd\"ImagePath"
Scan
----
<unsigned> MD5: ea3329e06d7c794b788ceada90ab7000 C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
<unsigned> MD5: 0d26c438e2938a3e6bdd91173bc96ff0 c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: 62ef850f1df945769b59fef763240457 c:\program files\pdfcreator toolbar\v3.3.0.1\pdfcreator_toolbar.dll
<unsigned> MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll
<unsigned> MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
<unsigned> MD5: 103976a97e25724e0a3ed50e48921cd2 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
<unsigned> MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\QTTask.exe
No file uploaded.
Scan finished - communication took 0 sec
Total traffic - 0.00 MB sent, 0.11 KB recvd
Scanned 805 files and modules - 14 seconds
==============================================================================
En revanche, j'ai tenté deux fois de faire la mise à jour windows update, mais échec. Je pense que mon problème est résolu, qu'en penses-tu?
je me suis endormie hier :)
Sinon, Bit defender fonctionne de nouveau. Voici le dernier rapport :
QuickScan Beta 32-bit v0.9.9.21
-------------------------------
Scan date: Sun May 22 13:21:02 2011
Machine ID: CA169CF
No infection found.
-------------------
Processes
---------
<verified> hpwuSchd Application 516 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
<verified> Alps Pointing-device Driver 1988 C:\Program Files\Apoint2K\Apoint.exe
<verified> Alps Pointing-device Driver for Windows 3940 C:\Program Files\Apoint2K\Apntex.exe
<verified> Firefox 4812 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> HP Quick Launch Buttons 2044 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
<verified> HP QuickPlay 2004 C:\Program Files\Hp\QuickPlay\QPService.exe
<verified> HP Wireless Assistant 588 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
<verified> HP Wireless Assistant 2144 C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
<verified> HpqToaster Module 1360 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
<verified> Intel(R) Common User Interface 1968 C:\Windows\System32\hkcmd.exe
<verified> Intel(R) Common User Interface 1976 C:\Windows\System32\igfxpers.exe
<verified> Intel(R) Common User Interface 1192 C:\Windows\system32\igfxsrvc.exe
<verified> iTunes 1832 C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java(TM) Platform SE 6 U2 924 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
<verified> Microsoft Office OneNote 1428 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
<verified> Microsoft® Windows® Operating System 2272 C:\Windows\ehome\ehmsas.exe
<verified> Microsoft® Windows® Operating System 1624 C:\Windows\ehome\ehtray.exe
<verified> Microsoft® Windows® Operating System 3832 C:\Windows\system32\wbem\unsecapp.exe
<verified> Microsoft® Windows® Operating System 3860 C:\Windows\system32\wuauclt.exe
<verified> OpenOffice.org 3.0 2204 C:\Program Files\OpenOffice.org 3\program\soffice.bin
<verified> OpenOffice.org 3.0 2104 C:\Program Files\OpenOffice.org 3\program\soffice.exe
<verified> RAID Event Monitor 1996 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
<verified> Système d'exploitation Microsoft® Windo 612 C:\Program Files\Windows Sidebar\sidebar.exe
<verified> Système d'exploitation Microsoft® Windo 1728 C:\Windows\Explorer.EXE
<verified> Système d'exploitation Microsoft® Windo 1692 C:\Windows\system32\Dwm.exe
<verified> Système d'exploitation Microsoft® Windo 268 C:\Windows\system32\taskeng.exe
<verified> Windows Defender 12 C:\Program Files\Windows Defender\MSASCui.exe
<verified> Windows Live Messenger 1592 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Network activity
----------------
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.229.104
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.229.99
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.146.106
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.146.106
Process firefox.exe (4812) connected on port 80 (HTTP) --> 194.112.114.159
Process firefox.exe (4812) connected on port 80 (HTTP) --> 79.140.93.170
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.146.165
Process firefox.exe (4812) connected on port 80 (HTTP) --> 81.52.160.138
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.227.148
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.147.156
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.227.149
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.146.165
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.146.102
Process firefox.exe (4812) connected on port 80 (HTTP) --> 74.125.79.100
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.147.156
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.147.138
Process firefox.exe (4812) connected on port 80 (HTTP) --> 209.85.147.139
Autoruns and critical files
---------------------------
<unsigned> Mozilla Firefox C:\Program Files\Mozilla Firefox
<unsigned> QuickTime C:\Program Files\QuickTime\QTTask.exe
<verified> hpwuSchd Application C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
<verified> Adobe Acrobat C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
<verified> Alps Pointing-device Driver C:\Program Files\Apoint2K\Apoint.exe
<verified> HP Quick Launch Buttons C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
<verified> HP QuickPlay C:\Program Files\Hp\QuickPlay\QPService.exe
<verified> HP Total Care Advisor C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
<verified> HP Wireless Assistant C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
<verified> Intel(R) Common User Interface C:\Windows\System32\hkcmd.exe
<verified> Intel(R) Common User Interface C:\Windows\System32\igfxdev.dll
<verified> Intel(R) Common User Interface C:\Windows\System32\igfxpers.exe
<verified> Intel(R) Common User Interface C:\Windows\system32\igfxtray.exe
<verified> iTunes C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java(TM) Platform SE 6 U2 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
<verified> Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
<verified> Microsoft Office OneNote C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
<verified> Microsoft® Windows® Operating System C:\Windows\ehome\ehtray.exe
<verified> MobileMe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
<verified> quickstart.exe C:\Program Files\OpenOffice.org 3\program\quickstart.exe
<verified> RAID Event Monitor C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
<verified> StartMen Application C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
<verified> Système d'exploitation Microsoft® Windo C:\Program Files\Windows Sidebar\sidebar.exe
<verified> Système d'exploitation Microsoft® Windo C:\Windows\System32\browseui.dll
<verified> Système d'exploitation Microsoft® Windo c:\windows\system32\userinit.exe
<verified> Windows Defender C:\Program Files\Windows Defender\MSASCui.exe
<verified> Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
<verified> Windows® Internet Explorer C:\Windows\system32\msfeedssync.exe
<verified> Windows® Internet Explorer C:\Windows\System32\webcheck.dll
Browser plugins
---------------
<unsigned> Epson Easy Photo Print (TBL) C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
<unsigned> PDFCreator Toolbar c:\program files\pdfcreator toolbar\v3.3.0.1\pdfcreator_toolbar.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<verified> 2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
<verified> AcroIEHelper Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
<verified> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> Adobe® Flash® Player ActiveX C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> AOL Media Playback Control C:\Windows\Downloaded Program Files\ampAx3.0.84.2.dll
<verified> BitDefender QuickScan C:\Users\Dounia\AppData\Roaming\Mozilla\Firefox\Profiles\n19q4lq8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Users\Dounia\AppData\Roaming\Mozilla\Firefox\Profiles\n19q4lq8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<verified> DivX Player Netscape Plugin C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
<verified> DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
<verified> DivX Web Player C:\Program Files\DivX\DivX Web Player\npdivx32.dll
<verified> DivX Web Player C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
<verified> Google Update C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
<verified> Java(TM) Platform SE 6 U2 c:\program files\java\jre1.6.0_02\bin\ssv.dll
<verified> Kodak Photo CD Access Developer Toolkit C:\Windows\Downloaded Program Files\pcdlib32.dll
<verified> LEADTOOLS(r) DLL for Win32 C:\Windows\Downloaded Program Files\lfeps13n.dll
<verified> LEADTOOLS(r) DLL for Win32 C:\Windows\Downloaded Program Files\lfpcd13n.dll
<verified> LEADTOOLS(r) DLL for Win32 C:\Windows\Downloaded Program Files\lfpcx13n.dll
<verified> MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
<verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> MSN Photo Upload Control C:\Windows\Downloaded Program Files\MsnPUpld.dll
<verified> MSN® Games by Zone.com C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll
<verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified> nppdf32.FRA C:\Program Files\Internet Explorer\plugins\nppdf32.FRA
<verified> nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
<verified> NPSWF32.dll C:\Windows\System32\Macromed\Flash\NPSWF32.dll
<verified> Outil MSN Téléchargement de photos C:\Windows\Downloaded Program Files\PURfr-fr.dll
<verified> PhotoBox uploader C:\Windows\Downloaded Program Files\ImageUploader4.ocx
<verified> Picasa C:\Program Files\Google\Picasa3\npPicasa3.dll
<verified> Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
<verified> Système d'exploitation Microsoft® Windo C:\Windows\System32\mswsock.dll
<verified> Système d'exploitation Microsoft® Windo C:\Windows\System32\NapiNSP.dll
<verified> Système d'exploitation Microsoft® Windo C:\Windows\System32\pnrpnsp.dll
<verified> The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
<verified> The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
<verified> unagiuninst.exe C:\Windows\Downloaded Program Files\unagiuninst.exe
<verified> UNO Messenger C:\Windows\Downloaded Program Files\GAME_UNO1.dll
<verified> Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\Windows\System32\ieframe.dll
Missing files
-------------
File not found: C:\Windows\system32\drivers\blbdrive.sys
referenced in: HKLM\System\ControlSet001\services\blbdrive\"ImagePath"
File not found: [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"HP Health Check Scheduler"
File not found: system32\DRIVERS\SymIM.sys
referenced in: HKLM\System\ControlSet001\services\SymIMMP\"ImagePath"
File not found: system32\DRIVERS\ipinip.sys
referenced in: HKLM\System\ControlSet001\services\IpInIp\"ImagePath"
File not found: system32\DRIVERS\nwlnkflt.sys
referenced in: HKLM\System\ControlSet001\services\NwlnkFlt\"ImagePath"
File not found: system32\DRIVERS\nwlnkfwd.sys
referenced in: HKLM\System\ControlSet001\services\NwlnkFwd\"ImagePath"
Scan
----
<unsigned> MD5: ea3329e06d7c794b788ceada90ab7000 C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
<unsigned> MD5: 0d26c438e2938a3e6bdd91173bc96ff0 c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: 62ef850f1df945769b59fef763240457 c:\program files\pdfcreator toolbar\v3.3.0.1\pdfcreator_toolbar.dll
<unsigned> MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll
<unsigned> MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
<unsigned> MD5: 103976a97e25724e0a3ed50e48921cd2 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
<unsigned> MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\QTTask.exe
No file uploaded.
Scan finished - communication took 0 sec
Total traffic - 0.00 MB sent, 0.11 KB recvd
Scanned 805 files and modules - 14 seconds
==============================================================================
En revanche, j'ai tenté deux fois de faire la mise à jour windows update, mais échec. Je pense que mon problème est résolu, qu'en penses-tu?
Donc le PC fonctionne bien ?
Pour la mise à jour de Vista, tu peux commencer par le SP1 :
http://www.microsoft.com/downloads/fr-fr/details.aspx?FamilyID=b0c7136d-5ebb-413b-89c9-cb3d06d12674
Pour la mise à jour de Vista, tu peux commencer par le SP1 :
http://www.microsoft.com/downloads/fr-fr/details.aspx?FamilyID=b0c7136d-5ebb-413b-89c9-cb3d06d12674
A part l'écran qui reste noir quelques secondes avant l'affichage du fond d'écran, tout m'a l'air ok. Il y a déjà SP1 sur l'ordi, c'est ça que j'essaie d'updater. Je viens de le relancer, mais ça prend du temps! Merci encore pour tous tes conseils et ta patience! Je coche résolu ou j'attends l'histoire de la mise à jour windows?
