Se connecter / S'enregistrer
Votre question

Ecran noir au demarrage de windows vista

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
20 Mai 2010 23:18:36

mon ordinateur s'allume , j'entre mon mot de passe et ensuite ecran noir mais je vois la souris!!!
j'essaye en mode sans echec il fonctionne normalement.
G téléchargé un rapport Hijackthis,mais je ne sais pas quoi en faire.
pouver vous m'aider?



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:59:14, on 20/05/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Windows\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.6.79\ShoppingReport.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.6.79\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.6.79\ShoppingReport.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: BarDiscover Service - Unknown owner - C:\ProgramData\BarDiscover\bardiscover121.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 6533 bytes

Autres pages sur : ecran noir demarrage windows vista

21 Mai 2010 11:30:27

Salut! Tu dois avoir une infection qui bloque ton démarrage en mode normal, on va regarder ça!

/!\ Pour le bon déroulement de la désinfection:
  • N'ouvre pas le même sujet sur des forums différents, c'est une perte de temps pour tout le monde!
  • Évites les manipulations hasardeuses avec ton PC, mieux vaut demander!
  • Prends le temps de lire corectement et de comprendre l'ensemble des procédures qui te seront demandées.
  • Suis à la lettre chaque procédure qui te sera fournie.
  • Si tu as une quelconque question ou un quelconque problème, n'hésite pas à me demander.
  • Dans un souci de lisibilité du sujet, merci de bien vouloir héberger tous les rapports ici, et de poster les liens dans la discussion. :clin: 

    =====

  • Désactive l'antivirus.

    Télécharger et enregistrer sur le bureau « Combofix »

  • Double-clic sur Combofix.
  • Si invitation à télécharger et installer la console de récupération, l'accepter.
  • La recherche va ensuite se lancer,
  • Attendre la fermeture de l’outil ( 5 à 10 mn),
  • Un rapport dans C:\Combofix.txt: héberge le et donne le lien.

    =====

    Dire si le mode normal re-fonctionne.
    21 Mai 2010 13:33:39

    ComboFix 10-05-20.A1 - Windows 21/05/2010 12:18:49.1.1 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.953.345 [GMT 2:00]
    Running from: c:\users\Windows\Downloads\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\ShoppingReport
    c:\program files\ShoppingReport\Bin\2.6.79\ShoppingReport.dll
    c:\program files\ShoppingReport\Uninst.exe
    c:\users\Windows\secupdat.dat
    c:\windows\system32\AbaleZip.dll
    c:\windows\system32\AutoRun.inf

    Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
    Restored copy from - Kitty had a snack :p 
    .
    ((((((((((((((((((((((((( Files Created from 2010-04-21 to 2010-05-21 )))))))))))))))))))))))))))))))
    .

    2010-05-21 10:26 . 2010-05-21 10:26 -------- d-----w- c:\users\Windows\AppData\Local\temp
    2010-05-21 10:26 . 2010-05-21 10:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-05-20 22:40 . 2010-05-19 02:53 61712 ----a-w- c:\programdata\BarDiscover\bardiscover123.exe
    2010-05-15 13:02 . 2010-05-16 22:52 -------- d-----w- c:\users\Windows\AppData\Roaming\uTorrent
    2010-05-14 17:12 . 2010-05-14 17:12 -------- d-----w- c:\windows\system32\ca-ES
    2010-05-14 17:12 . 2010-05-14 17:12 -------- d-----w- c:\windows\system32\eu-ES
    2010-05-14 17:12 . 2010-05-14 17:12 -------- d-----w- c:\windows\system32\vi-VN
    2010-05-14 16:55 . 2010-05-14 16:56 -------- d-----w- c:\windows\system32\EventProviders
    2010-05-14 11:53 . 2010-05-14 11:54 -------- d-----w- c:\users\Windows\BlackBerry
    2010-05-12 11:24 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
    2010-05-08 20:38 . 2010-05-08 20:38 -------- d-----w- c:\programdata\WEBREG
    2010-05-08 20:23 . 2010-05-08 20:23 -------- d-----w- c:\users\Windows\AppData\Local\HP
    2010-05-08 20:19 . 2010-05-08 20:23 -------- d-----w- c:\users\Windows\AppData\Roaming\HP
    2010-05-08 20:04 . 2010-05-08 20:04 -------- d-----w- c:\programdata\HPSSUPPLY
    2010-05-08 20:01 . 2010-05-19 22:53 -------- d-----w- c:\programdata\HP Product Assistant
    2010-05-08 20:00 . 2010-05-08 20:00 -------- d-----w- c:\program files\Common Files\HP
    2010-05-08 19:58 . 2010-05-08 19:58 -------- d-----w- c:\program files\Hewlett-Packard
    2010-05-08 19:57 . 2010-05-08 19:57 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
    2010-05-08 19:55 . 2007-03-28 12:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
    2010-05-08 19:53 . 2007-03-28 13:01 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
    2010-05-08 19:52 . 2010-05-08 20:04 -------- d-----w- c:\program files\HP
    2010-05-08 19:51 . 2010-05-08 20:39 158796 ----a-w- c:\windows\hpoins15.dat
    2010-05-08 19:51 . 2007-09-21 13:00 1039 ------w- c:\windows\hpomdl15.dat
    2010-05-08 19:51 . 2010-05-08 20:20 -------- d-----w- c:\programdata\HP
    2010-05-08 19:51 . 2007-03-31 05:29 267864 ----a-w- c:\windows\system32\hpzids01.dll
    2010-05-08 19:51 . 2007-03-17 20:39 675840 ----a-w- c:\windows\system32\hpowiax4.dll
    2010-05-08 19:51 . 2007-03-17 20:39 303104 ----a-w- c:\windows\system32\hpovst11.dll
    2010-05-08 19:51 . 2007-03-17 20:39 958464 ----a-w- c:\windows\system32\hpotiop4.dll
    2010-05-08 19:37 . 2010-05-08 19:37 -------- d-----w- c:\programdata\Hewlett-Packard
    2010-05-08 19:36 . 2007-02-02 10:26 273920 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp4v2.dll
    2010-05-08 19:34 . 2007-03-30 10:39 372736 ----a-w- c:\windows\system32\hppldcoi.dll
    2010-05-08 19:34 . 2007-02-02 10:27 117760 ----a-w- c:\windows\system32\hpz3l4v2.dll
    2010-05-08 19:05 . 2010-05-08 19:05 -------- d-----w- c:\programdata\Xerox
    2010-05-08 18:40 . 2008-01-21 02:32 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
    2010-04-28 02:11 . 2010-04-28 02:11 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2010-04-27 13:11 . 2010-04-27 13:11 -------- d-----w- c:\programdata\Azureus
    2010-04-27 13:10 . 2010-04-27 13:19 -------- d-----w- c:\users\Windows\AppData\Roaming\Azureus
    2010-04-27 13:08 . 2010-04-27 13:08 -------- d-----w- c:\program files\Common Files\i4j_jres
    2010-04-27 13:05 . 2010-05-21 09:21 -------- d-----w- c:\program files\BarDiscover
    2010-04-27 13:05 . 2010-05-20 22:49 -------- d-----w- c:\programdata\BarDiscover
    2010-04-26 23:49 . 2010-04-28 02:08 -------- d-----w- c:\program files\Microsoft Works
    2010-04-26 23:47 . 2010-04-26 23:47 -------- d-----w- c:\program files\Microsoft.NET
    2010-04-26 23:43 . 2010-04-26 23:48 -------- d-----w- c:\windows\SHELLNEW
    2010-04-26 23:42 . 2010-05-02 14:06 -------- d-----w- c:\users\Windows\AppData\Local\Microsoft Help
    2010-04-26 23:41 . 2010-05-13 02:02 -------- d-----w- c:\programdata\Microsoft Help
    2010-04-26 23:38 . 2010-04-26 23:38 -------- d-----r- C:\MSOCache
    2010-04-26 23:21 . 2010-04-27 02:16 -------- d-----w- c:\users\Windows\AppData\Roaming\GetRightToGo
    2010-04-21 23:42 . 2010-04-21 23:42 -------- d-----w- c:\users\Windows\AppData\Local\Apple Computer
    2010-04-21 23:42 . 2010-04-21 23:42 -------- d-----w- c:\users\Windows\AppData\Roaming\Apple Computer
    2010-04-21 22:40 . 2010-04-21 22:40 -------- d-----w- c:\users\Windows\AppData\Roaming\Roxio

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-21 10:14 . 2010-04-06 23:59 -------- d-----w- c:\users\Windows\AppData\Roaming\Skype
    2010-05-21 09:23 . 2010-04-07 00:14 -------- d-----w- c:\users\Windows\AppData\Roaming\skypePM
    2010-05-19 22:53 . 2010-04-15 23:05 -------- d-----w- c:\users\Windows\AppData\Roaming\vlc
    2010-05-19 22:53 . 2010-04-09 00:34 -------- d-----w- c:\programdata\McAfee Security Scan
    2010-05-19 22:53 . 2010-04-07 23:05 -------- d-----w- c:\program files\Apple Software Update
    2010-05-19 22:41 . 2010-03-31 12:52 1356 ----a-w- c:\users\Windows\AppData\Local\d3d9caps.dat
    2010-05-14 17:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
    2010-05-14 17:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-05-14 17:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
    2010-05-14 17:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
    2010-05-14 17:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
    2010-05-14 17:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
    2010-05-14 17:11 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2010-05-14 12:19 . 2010-04-20 22:13 -------- d-----w- c:\program files\Graboid
    2010-05-14 12:14 . 2010-04-11 21:18 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-05-14 12:13 . 2010-04-11 21:15 -------- d-----w- c:\programdata\DivX
    2010-05-14 12:13 . 2010-04-11 21:16 -------- d-----w- c:\program files\DivX
    2010-05-14 12:10 . 2010-04-01 10:57 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-05-13 15:27 . 2010-04-17 15:31 -------- d-----w- c:\users\Windows\AppData\Roaming\dvdcss
    2010-05-06 09:36 . 2010-03-31 16:41 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-04-28 22:20 . 2010-03-31 12:53 115880 ----a-w- c:\users\Windows\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-04-25 22:40 . 2010-04-06 19:09 -------- d-----w- c:\program files\VDownloader
    2010-04-20 22:16 . 2010-04-20 22:16 -------- d-----w- c:\users\Windows\AppData\Roaming\MozillaControl
    2010-04-20 22:13 . 2010-04-20 22:13 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
    2010-04-18 16:39 . 2010-04-17 15:51 -------- d-----w- c:\program files\Common Files\Roxio Shared
    2010-04-18 16:37 . 2010-04-18 16:37 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2010-04-18 16:37 . 2010-04-18 16:36 -------- d-----w- c:\program files\Roxio
    2010-04-18 16:36 . 2010-04-17 15:51 -------- d-----w- c:\programdata\Roxio
    2010-04-18 16:36 . 2010-04-18 16:36 -------- d-----w- c:\program files\Common Files\Sonic Shared
    2010-04-18 16:03 . 2010-04-18 16:03 -------- d-----w- c:\programdata\Research In Motion
    2010-04-18 02:00 . 2010-04-18 02:00 -------- d-----w- c:\program files\MSXML 4.0
    2010-04-17 15:59 . 2010-04-17 15:55 256 ----a-w- c:\windows\system32\pool.bin
    2010-04-17 15:55 . 2010-04-17 15:55 -------- d-----w- c:\users\Windows\AppData\Roaming\Research In Motion
    2010-04-17 15:55 . 2010-04-01 10:56 -------- d-----w- c:\users\Windows\AppData\Roaming\InstallShield
    2010-04-17 15:55 . 2010-04-17 15:55 -------- d-----w- c:\programdata\InstallShield
    2010-04-17 15:54 . 2010-04-17 15:54 -------- d-----w- c:\programdata\Sonic
    2010-04-17 15:51 . 2010-04-17 15:45 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-04-17 15:43 . 2010-04-17 15:42 -------- d-----w- c:\program files\Common Files\Research In Motion
    2010-04-17 15:42 . 2010-04-17 15:42 -------- d-----w- c:\program files\Research In Motion
    2010-04-16 22:56 . 2010-04-11 00:28 -------- d-----w- c:\program files\MSECache
    2010-04-11 10:27 . 2010-04-09 00:34 -------- d-----w- c:\program files\McAfee Security Scan
    2010-04-10 11:39 . 2010-04-10 11:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2010-04-09 00:45 . 2010-04-09 00:45 -------- d-----w- c:\program files\Common Files\Adobe
    2010-04-09 00:34 . 2010-04-09 00:34 -------- d-----w- c:\programdata\McAfee
    2010-04-08 00:12 . 2010-04-08 00:12 -------- d-----w- c:\program files\VideoLAN
    2010-04-07 23:10 . 2010-04-07 23:09 -------- d-----w- c:\program files\QuickTime
    2010-04-07 23:09 . 2010-04-07 23:09 -------- d-----w- c:\programdata\Apple Computer
    2010-04-07 23:05 . 2010-04-07 23:05 -------- d-----w- c:\program files\Common Files\Apple
    2010-04-07 23:05 . 2010-04-07 23:05 -------- d-----w- c:\programdata\Apple
    2010-04-07 21:55 . 2010-04-06 18:56 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-04-07 00:14 . 2010-04-07 00:14 56 ---ha-w- c:\programdata\ezsidmv.dat
    2010-04-06 23:59 . 2010-04-06 23:59 -------- d-----r- c:\program files\Skype
    2010-04-06 23:59 . 2010-04-06 23:59 -------- d-----w- c:\program files\Common Files\Skype
    2010-04-06 23:59 . 2010-04-06 23:58 -------- d-----w- c:\programdata\Skype
    2010-04-06 18:56 . 2010-04-06 18:50 -------- d-----w- c:\program files\Windows Live
    2010-04-06 18:55 . 2010-04-06 18:55 -------- d-----w- c:\program files\Microsoft Sync Framework
    2010-04-06 18:53 . 2010-04-06 18:53 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-04-06 18:51 . 2010-04-06 18:51 -------- d-----w- c:\program files\Microsoft
    2010-04-06 18:50 . 2010-04-06 18:50 -------- d-----w- c:\program files\Windows Live SkyDrive
    2010-04-06 18:45 . 2010-04-06 18:45 -------- d-----w- c:\program files\Common Files\Windows Live
    2010-04-06 11:04 . 2010-04-11 21:17 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
    2010-04-01 10:57 . 2010-04-01 10:57 -------- d-----w- c:\program files\Atheros
    2010-04-01 10:56 . 2010-04-01 10:56 -------- d-----w- c:\programdata\Atheros
    2010-04-01 10:49 . 2010-04-01 10:49 -------- d-----w- c:\program files\Intel
    2010-04-01 10:48 . 2010-04-01 10:49 53248 ----a-w- c:\windows\system32\CSVer.dll
    2010-03-31 15:03 . 2010-03-31 15:03 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
    2010-03-31 15:03 . 2010-03-31 15:03 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
    2010-03-31 15:03 . 2010-03-31 15:03 261152 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
    2010-03-31 15:03 . 2010-03-31 15:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2010-03-05 14:01 . 2010-04-14 17:59 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-23 11:10 . 2010-04-14 17:59 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-02-23 11:10 . 2010-04-14 17:59 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2010-02-23 11:10 . 2010-04-14 17:59 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-23 06:39 . 2010-03-31 16:16 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-23 06:33 . 2010-03-31 16:16 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-02-23 06:33 . 2010-03-31 16:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-02-23 04:55 . 2010-03-31 16:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-01 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-01 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-01 145944]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2010-3-10 1819992]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):09,16,62,e0,89,f3,ca,01

    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    S2 BarDiscover Service;BarDiscover Service;c:\programdata\BarDiscover\bardiscover123.exe [2010-05-19 61712]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\92q8ff9m.default\
    FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-Deluxe Pacman_is1 - c:\users\Windows\Deluxe Pacman\unins000.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-21 12:26
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-05-21 12:30:15
    ComboFix-quarantined-files.txt 2010-05-21 10:30

    Pre-Run: 206,357,196,800 bytes free
    Post-Run: 206,540,537,856 bytes free

    - - End Of File - - 52B3DC37CD88538324F1E2DB48893165





    oui le mode normal refonctionne,merci beaucoup
    Contenus similaires
    21 Mai 2010 13:42:54

    Fais un scan MBAM en mode normal maintenant:

    Télécharger sur le bureau Malwarebyte's Anti-Malware

  • Double-clic sur « mbam-setup » pour lancer l'installation.
  • Installer simplement sans rien modifier.
  • Quand le programme lancé ==> onglet « Mise à jour » cliquer sur ==> « Recherche de mise à jour. »
  • Onglet « Recherche » ==> cocher « Exécuter un examen complet ».
  • Clic « Rechercher »,
  • Cocher tous les disque dur,
  • Clic « Lancer l'examen ».
  • En fin de scan , si infection trouvée,
  • ==> Clic « Afficher résultat ».
  • Fermer vos applications en cours,
  • Vérifier si tout est coché et clic « Supprimer la sélection ».

  • Un rapport s'ouvre l'héberger et donner son lien.
    21 Mai 2010 17:15:42

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Version de la base de données: 4123

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18904

    21/05/2010 16:14:38
    mbam-log-2010-05-21 (16-14-38).txt

    Type d'examen: Examen complet (C:\|D:\|)
    Elément(s) analysé(s): 212237
    Temps écoulé: 1 heure(s), 30 minute(s), 10 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Qoobox\Quarantine\C\Program Files\ShoppingReport\Bin\2.6.79\ShoppingReport.dll.vir (Adware.SmartShopper) -> Quarantined and deleted successfully.
    C:\Users\Windows\Downloads\VuzeSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Users\Windows\Downloads\WebfettiSetup2.3.67.1.ZKfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.



    et maintenant?
    21 Mai 2010 17:36:07

    Fais un scan OTL afin de voir ce qu'il reste! ;) 

    Télécharge OTL(de OldTimer) sur ton Bureau.
  • Double-clique sur OTL pour le lancer.
  • (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
  • Coche également les cases à côté de Recherche Lop et Recherche Purity.
  • Enfin, clique sur le bouton Analyse. Le scan ne prendra pas beaucoup de temps.
  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).
  • Héberge les rapports, puis donne leurs liens.
    21 Mai 2010 21:31:53

    OTL Extras logfile created on: 21/05/2010 20:25:05 - Run 1
    OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Windows\Downloads
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18904)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    953.00 Mb Total Physical Memory | 395.00 Mb Available Physical Memory | 41.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 190.46 Gb Free Space | 81.78% Space Free | Partition Type: NTFS
    Drive D: | 5.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: SISTA
    Current User Name: Windows
    Logged in as Administrator.

    Current Boot Mode: SafeMode with Networking
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{025FC962-0D37-429E-BCFE-ED5B7ED50938}" = rport=139 | protocol=6 | dir=out | app=system |
    "{2206C827-25F3-4244-997B-1067E2311ABC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{3F3677AB-25C5-46A9-AF31-EA19E6324C5B}" = rport=137 | protocol=17 | dir=out | app=system |
    "{5CB98417-D18B-4558-9359-9A49E1A86268}" = rport=445 | protocol=6 | dir=out | app=system |
    "{618F7613-6CDF-475A-830B-F53BAFF887FE}" = lport=445 | protocol=6 | dir=in | app=system |
    "{6C022486-41DF-4906-878E-98B2A8AE8D6D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{7FD6D173-484E-4FB3-8272-201E8AAAE465}" = lport=139 | protocol=6 | dir=in | app=system |
    "{ABC5BBBF-6F30-4224-AA2C-7E3813EDBBD1}" = lport=137 | protocol=17 | dir=in | app=system |
    "{B07AD022-DFA5-489D-BF9D-EBBF72F3CEDC}" = rport=138 | protocol=17 | dir=out | app=system |
    "{B890BD0D-D4E7-4CB2-96F7-FE97DDB68869}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{F1E1FC01-B002-4BA8-8A91-25D4E99606DF}" = lport=138 | protocol=17 | dir=in | app=system |
    "{F780F2A9-47E3-480F-A641-73B04931C3D2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{FEAD59FE-6ADA-4784-B616-B7F156806CD4}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0A4F975A-3C5D-447B-AD99-353D4D802CC3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{3EC4E4EA-0B28-4A22-865B-B865C392D0E6}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{8678B96F-8A11-4FDF-96EB-DFB2017028FD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{97435B17-F57C-458B-ABC7-7A0848BCA9F3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{A8CE55DE-CF11-453C-9F42-87735DD83486}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{B09B4BF5-A3AB-48FC-A1AF-1B555DF66DF7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{E249B838-F37D-4180-ABA9-9A95170539D2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{FA66B41E-41EC-457E-A860-098AB8EFFE0A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "TCP Query User{B8392A7E-B889-480E-A2B5-C23068B75CAD}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "UDP Query User{DADB8B52-0F5E-498F-B1A2-877F6E77E664}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
    "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
    "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
    "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
    "{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
    "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.0.126_Foxconn Installation Program
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
    "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
    "{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
    "{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
    "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{53B20C18-D8D4-4588-8737-9BBFE303C354}" = Windows Live Movie Maker
    "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
    "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
    "{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
    "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
    "{90120000-0015-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
    "{90120000-0016-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
    "{90120000-0018-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
    "{90120000-0019-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
    "{90120000-001A-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
    "{90120000-001B-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
    "{90120000-001F-0401-0000-0000000FF1CE}_PROR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
    "{90120000-001F-0413-0000-0000000FF1CE}_PROR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
    "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}_PROR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.7.322
    "{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.2 - Français
    "{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
    "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
    "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
    "{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
    "{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
    "{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
    "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
    "{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
    "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental
    "{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
    "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
    "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
    "{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
    "{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
    "{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
    "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "BarDiscover" = BarDiscover 1.0 build 123
    "BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Imaging Device Functions" = HP Imaging Device Functions 9.0
    "HP Photosmart Essential" = HP Photosmart Essential 2.01
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
    "HPExtendedCapabilities" = HP Customer Participation Program 9.0
    "HPOCR" = HP OCR Software 9.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "PROR" = Version d'évaluation de Microsoft Office Professional 2007
    "VLC media player" = VLC media player 1.0.5
    "WinLiveSuite_Wave3" = Installation Windows Live

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 21/05/2010 06:29:25 | Computer Name = sista | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 21/05/2010 06:31:11 | Computer Name = sista | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 21/05/2010 06:39:21 | Computer Name = sista | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 21/05/2010 06:51:25 | Computer Name = sista | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 21/05/2010 06:51:33 | Computer Name = sista | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 21/05/2010 06:55:42 | Computer Name = sista | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 21/05/2010 08:51:36 | Computer Name = sista | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 21/05/2010 14:06:51 | Computer Name = sista | Source = EventSystem | ID = 4609
    Description =

    Error - 21/05/2010 14:07:51 | Computer Name = sista | Source = WinMgmt | ID = 10
    Description =

    Error - 21/05/2010 14:07:56 | Computer Name = sista | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =


    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >













    OTL logfile created on: 21/05/2010 20:25:05 - Run 1
    OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Windows\Downloads
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18904)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    953.00 Mb Total Physical Memory | 395.00 Mb Available Physical Memory | 41.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 190.46 Gb Free Space | 81.78% Space Free | Partition Type: NTFS
    Drive D: | 5.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: SISTA
    Current User Name: Windows
    Logged in as Administrator.

    Current Boot Mode: SafeMode with Networking
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Windows\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Windows\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (BarDiscover Service) -- C:\ProgramData\BarDiscover\bardiscover123.exe ()
    SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
    SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
    SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
    DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
    DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
    DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
    DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
    DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
    DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
    DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
    DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
    DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
    DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
    DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
    DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
    DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
    DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
    DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
    DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
    DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
    DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
    DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
    DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
    DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
    DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
    DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
    DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
    DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
    DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
    DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
    DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
    DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
    DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
    DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
    DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
    DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
    DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
    DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
    DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
    DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
    DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
    DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
    DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
    DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
    DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 4F 83 BC D0 F8 CA 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
    FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
    FF - prefs.js..extensions.enabledItems: {AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}:1.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/08 01:10:19 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/14 14:27:01 | 000,000,000 | ---D | M]

    [2010/04/06 20:36:51 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Mozilla\Extensions
    [2010/05/21 00:21:11 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\92q8ff9m.default\extensions
    [2010/04/08 14:53:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\92q8ff9m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/04/07 03:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\92q8ff9m.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
    [2010/04/09 02:43:03 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\92q8ff9m.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    [2010/05/21 00:21:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/07 01:59:23 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/04/27 15:05:23 | 000,000,000 | ---D | M] (BarDiscover) -- C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}
    [2010/04/01 19:07:29 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2010/04/01 19:07:29 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/04/01 19:07:29 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2010/04/01 19:07:29 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2010/04/01 19:07:29 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/05/21 12:56:57 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\Malwarebytes
    [2010/05/21 12:56:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/05/21 12:56:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/05/21 12:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/05/21 12:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/05/21 12:30:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/05/21 12:30:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/05/21 12:30:17 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\temp
    [2010/05/21 12:08:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/05/21 12:08:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/05/21 12:08:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/05/21 12:08:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/05/21 12:07:43 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/05/21 12:07:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/05/15 15:02:17 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\uTorrent
    [2010/05/14 19:12:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
    [2010/05/14 19:12:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
    [2010/05/14 19:12:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
    [2010/05/14 18:55:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
    [2010/05/14 16:00:58 | 000,000,000 | ---D | C] -- C:\Users\Windows\Documents\Mes numérisations
    [2010/05/14 13:53:42 | 000,000,000 | ---D | C] -- C:\Users\Windows\BlackBerry
    [2010/05/08 22:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
    [2010/05/08 22:23:52 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\HP
    [2010/05/08 22:19:54 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\HP
    [2010/05/08 22:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
    [2010/05/08 22:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
    [2010/05/08 22:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
    [2010/05/08 21:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
    [2010/05/08 21:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
    [2010/05/08 21:53:08 | 000,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpz3l5ha.dll
    [2010/05/08 21:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2010/05/08 21:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
    [2010/05/08 21:51:22 | 000,675,840 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpowiax4.dll
    [2010/05/08 21:51:22 | 000,303,104 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst11.dll
    [2010/05/08 21:51:22 | 000,267,864 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
    [2010/05/08 21:51:21 | 000,958,464 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpotiop4.dll
    [2010/05/08 21:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
    [2010/05/08 21:34:45 | 000,372,736 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll
    [2010/05/08 21:34:45 | 000,117,760 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpz3l4v2.dll
    [2010/05/08 21:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox
    [2010/04/27 15:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Azureus
    [2010/04/27 15:10:28 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\Azureus
    [2010/04/27 15:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\i4j_jres
    [2010/04/27 15:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\BarDiscover
    [2010/04/27 15:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\BarDiscover
    [2010/04/27 01:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
    [2010/04/27 01:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
    [2010/04/27 01:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2010/04/27 01:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2010/04/27 01:43:56 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
    [2010/04/27 01:42:27 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\Microsoft Help
    [2010/04/27 01:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2010/04/27 01:38:26 | 000,000,000 | R--D | C] -- C:\MSOCache
    [2010/04/27 01:21:02 | 000,000,000 | ---D | C] -- C:\Users\Windows\Desktop\Downloads
    [2010/04/27 01:21:00 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\GetRightToGo
    [2010/04/22 01:42:51 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\Apple Computer
    [2010/04/22 01:42:16 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\Apple Computer
    [2010/04/22 00:40:17 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\Roxio

    ========== Files - Modified Within 30 Days ==========

    [2010/05/21 20:24:05 | 002,621,440 | -HS- | M] () -- C:\Users\Windows\ntuser.dat
    [2010/05/21 20:10:45 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/05/21 20:10:45 | 000,598,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/05/21 20:10:45 | 000,104,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/05/21 20:06:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/05/21 20:03:34 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/05/21 20:03:34 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/05/21 20:03:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/05/21 16:25:55 | 000,524,288 | -HS- | M] () -- C:\Users\Windows\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
    [2010/05/21 16:25:55 | 000,065,536 | -HS- | M] () -- C:\Users\Windows\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
    [2010/05/21 16:25:49 | 001,089,422 | -H-- | M] () -- C:\Users\Windows\AppData\Local\IconCache.db
    [2010/05/21 12:56:51 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/05/21 12:31:10 | 000,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin
    [2010/05/21 12:27:24 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
    [2010/05/20 00:41:55 | 000,001,356 | ---- | M] () -- C:\Users\Windows\AppData\Local\d3d9caps.dat
    [2010/05/18 04:16:28 | 000,480,932 | ---- | M] () -- C:\Users\Windows\Documents\bleeding reference letter.pdf
    [2010/05/15 00:19:32 | 000,000,737 | ---- | M] () -- C:\Users\Windows\Desktop\Deluxe Pacman.lnk
    [2010/05/14 19:16:53 | 000,414,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/05/14 14:33:12 | 007,704,141 | ---- | M] () -- C:\Users\Windows\Desktop\The_Mirror_Lied.exe
    [2010/05/14 14:30:40 | 000,061,440 | ---- | M] () -- C:\Users\Windows\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/14 14:27:02 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/05/14 13:38:44 | 000,000,162 | -H-- | M] () -- C:\Users\Windows\Documents\~$ntract.docx
    [2010/05/08 23:06:17 | 009,997,659 | ---- | M] () -- C:\Users\Windows\Documents\contract.docx
    [2010/05/08 22:39:45 | 000,158,796 | ---- | M] () -- C:\Windows\hpoins15.dat
    [2010/05/08 22:19:13 | 000,000,254 | ---- | M] () -- C:\Windows\win.ini
    [2010/05/08 22:02:59 | 000,001,972 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2010/05/06 11:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
    [2010/05/04 01:02:19 | 000,345,600 | ---- | M] () -- C:\Users\Windows\Documents\12MCandidateAgreement.doc
    [2010/05/02 16:40:51 | 000,059,190 | ---- | M] () -- C:\Users\Windows\Documents\american cv karima.docx
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/04/29 00:20:54 | 000,115,880 | ---- | M] () -- C:\Users\Windows\AppData\Local\GDIPFONTCACHEV1.DAT
    [2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
    [2010/04/25 21:48:25 | 762,695,296 | ---- | M] () -- C:\Users\Windows\Desktop\Boy.A.DVDRIP.VOSTFR.avi
    [2010/04/25 21:48:22 | 945,065,984 | ---- | M] () -- C:\Users\Windows\Desktop\babel.avi
    [2010/04/25 21:48:12 | 732,837,888 | ---- | M] () -- C:\Users\Windows\Desktop\Detention secrete.avi
    [2010/04/25 20:16:48 | 000,027,831 | ---- | M] () -- C:\Users\Windows\Documents\GeneratePDFTicket2.pdf
    [2010/04/25 20:16:18 | 000,026,032 | ---- | M] () -- C:\Users\Windows\Documents\GeneratePDFTicket.pdf
    [2010/04/25 20:14:00 | 000,129,732 | ---- | M] () -- C:\Users\Windows\Documents\RyanairBoardingPass.pdf

    ========== Files Created - No Company Name ==========

    [2010/05/21 12:56:51 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/05/21 12:08:51 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/05/21 12:08:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/05/21 12:08:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/05/21 12:08:51 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/05/21 12:08:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/05/18 04:16:06 | 000,480,932 | ---- | C] () -- C:\Users\Windows\Documents\bleeding reference letter.pdf
    [2010/05/14 14:32:46 | 007,704,141 | ---- | C] () -- C:\Users\Windows\Desktop\The_Mirror_Lied.exe
    [2010/05/14 14:00:51 | 000,000,737 | ---- | C] () -- C:\Users\Windows\Desktop\Deluxe Pacman.lnk
    [2010/05/14 13:38:44 | 000,000,162 | -H-- | C] () -- C:\Users\Windows\Documents\~$ntract.docx
    [2010/05/09 00:17:58 | 730,853,592 | ---- | C] () -- C:\Users\Windows\Desktop\détour mortel 2 [dvd fr 2007 horreur thriller].avi
    [2010/05/09 00:17:18 | 733,970,432 | ---- | C] () -- C:\Users\Windows\Desktop\Hooligans.avi
    [2010/05/09 00:16:41 | 688,418,816 | ---- | C] () -- C:\Users\Windows\Desktop\détour mortel 1.avi
    [2010/05/08 23:05:35 | 009,997,659 | ---- | C] () -- C:\Users\Windows\Documents\contract.docx
    [2010/05/08 22:02:59 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2010/05/08 21:51:45 | 000,000,832 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2010/05/08 21:51:43 | 000,158,796 | ---- | C] () -- C:\Windows\hpoins15.dat
    [2010/05/08 21:51:43 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat
    [2010/05/02 16:40:28 | 000,059,190 | ---- | C] () -- C:\Users\Windows\Documents\american cv karima.docx
    [2010/04/27 12:52:12 | 000,345,600 | ---- | C] () -- C:\Users\Windows\Documents\12MCandidateAgreement.doc
    [2010/04/25 20:16:48 | 000,027,831 | ---- | C] () -- C:\Users\Windows\Documents\GeneratePDFTicket2.pdf
    [2010/04/25 20:16:18 | 000,026,032 | ---- | C] () -- C:\Users\Windows\Documents\GeneratePDFTicket.pdf
    [2010/04/25 20:13:57 | 000,129,732 | ---- | C] () -- C:\Users\Windows\Documents\RyanairBoardingPass.pdf
    [2010/04/24 03:12:53 | 762,695,296 | ---- | C] () -- C:\Users\Windows\Desktop\Boy.A.DVDRIP.VOSTFR.avi
    [2010/04/24 03:09:48 | 732,837,888 | ---- | C] () -- C:\Users\Windows\Desktop\Detention secrete.avi
    [2010/04/09 02:24:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2010/03/31 17:03:49 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2008/06/12 19:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
    [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

    ========== LOP Check ==========

    [2010/04/27 15:19:44 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Azureus
    [2010/04/27 04:16:57 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\GetRightToGo
    [2010/04/17 17:55:45 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Research In Motion
    [2010/05/17 00:52:18 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\uTorrent
    [2010/05/21 16:27:50 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 64 bytes -> C:\Users\Windows\Desktop\Detention secrete.avi:TOC.WMV
    @Alternate Data Stream - 64 bytes -> C:\Users\Windows\Desktop\Boy.A.DVDRIP.VOSTFR.avi:TOC.WMV
    @Alternate Data Stream - 64 bytes -> C:\Users\Windows\Desktop\babel.avi:TOC.WMV
    < End of report >
    21 Mai 2010 23:06:34

    Ok,

  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
  • Copies et colles le contenu ci dessous dans la partie inférieur d'OTL: Personnalisation

    :Files
    C:\ProgramData\BarDiscover

    :Services
    BarDiscover Service

    :Commands
    [emptytemp]
    [Reboot]


  • Enfin, clique sur le bouton Correction. Le scan ne prendra pas beaucoup de temps.
  • Une fois l'analyse terminée, un rapport va s'ouvrir.
  • Copie/colle ensuite les rapports.
  • Note: Le rapport se trouve dans C:\OTL\

    =====

    Redémarre et dis si toujours soucis. ;) 
    22 Mai 2010 01:57:21

    j'arrive pas a trouver la rapport et je suis obligé de redemarre en mode safe! :fou: 
    22 Mai 2010 12:35:00

    Huh? Pourquoi obligé de redémarrer en mode safe?
    22 Mai 2010 13:19:35

    ben le mode normal ne marchait plus hier soir mais maintenant c bon!merci
    22 Mai 2010 13:25:55

    Donc tu n'as plus de soucis?
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS