Votre question

Pourriez-vous m'aider à reparer mon PC?

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
15 Mai 2010 13:37:16

Bonjour a tous.
J ai installer on logiciel sur un ordinateur, qui s est éteint tout de suite après,
en essayant de le redémarrer il affiche se message puis redémarre.

http://www.casimages.com/img.php?i=100515013136333767.j...

sinon quand je désamarre en mode sans échec, ma session s ouvre une seconde puis se referme, je ne sais pas quoi faire >.<

Bonne journée.

Autres pages sur : pourriez aider reparer

15 Mai 2010 14:00:24

Yop! On va essayé de voir ce qu'on peut faire:

Ce fichier est assez volumineux, on utilisera donc votre lecteur CD/DVD et un CD vierge sur votre machine.
Un Périphérique USB serait pratique également.


Télécharger et installer IsoBurner afin de graver OTLPE sur un CD.

Puis télécharger OTLPE.

  • Installer IsoBurner
  • Cliquer sur la case en haut a doite et suivre le chemin afin de sélectionner OTLPE.iso
  • Clic BURN

    Note : Votre CD gravé, vous devez maintenant redémarrer votre machine sur le lecteur CDROM
    Pour se faire je vous invite sur ce lien : Booter sur un CD.

  • Une fois le CD lancé Windows se charge vous arrivez sur le bureau REATOGO-X-PE.
  • Double cliquer sur OTLPE.
  • Une fenêtre s'ouvre : Do you wish to load the remote registry ; Cliquez sur YES,
  • Une seconde : Do you wish to load remote user profile(s) for scanning ; Cliquez sur YES,
  • Veillez à ce que la case Automatically Load All Remaining Users soit cochée et appuyez sur OK.

    OTL se lance.

  • Cliquez sur Run Scan pour démarrer le scanner, cela peut prendre quelques minutes.
  • Un fois fini le rapport s'ouvre, utilisez l'icone d'internet explorer pour copier coller son contenu dans la réponse.

    Note : si vous n'avez pas de connection Internet, sauvegardez le rapport sur un périphérique USB
    15 Mai 2010 18:41:35

    salut. merci de m aider
    Contenus similaires
    15 Mai 2010 19:02:20

    @lozad, ouvre ton sujet.

    =====

    @rusol: poste les rapports quand tu les auras. ;) 
    15 Mai 2010 19:56:54

    re


    OTL logfile created on: 5/15/2010 9:50:11 PM - Run
    OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1,023.00 Mb Total Physical Memory | 810.00 Mb Available Physical Memory | 79.00% Memory free
    907.00 Mb Paging File | 848.00 Mb Available in Paging File | 93.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.30 Gb Total Space | 1.45 Gb Free Space | 3.88% Space Free | Partition Type: NTFS
    Drive D: | 58.59 Gb Total Space | 8.78 Gb Free Space | 14.99% Space Free | Partition Type: NTFS
    Drive E: | 131.32 Gb Total Space | 19.78 Gb Free Space | 15.06% Space Free | Partition Type: NTFS
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive K: | 1.87 Gb Total Space | 1.54 Gb Free Space | 82.75% Space Free | Partition Type: FAT
    Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO
    Current User Name: SYSTEM
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
    Using ControlSet: ControlSet005

    ========== Win32 Services (SafeList) ==========

    SRV - [2010/03/30 05:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2010/01/07 19:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    SRV - [2009/12/10 06:20:06 | 001,643,872 | ---- | M] (ClanServers Hosting LLC) [Auto] -- C:\Program Files\GameTracker\GSInGameService.exe -- (GS In-Game Service)
    SRV - [2009/08/18 09:56:46 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2009/07/24 12:16:37 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2008/10/01 08:06:14 | 000,116,040 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2008/07/10 20:28:44 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
    SRV - [2008/07/10 20:28:44 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) Agent SQL Server (SQLEXPRESS)
    SRV - [2008/07/10 20:28:40 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled] -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
    SRV - [2008/07/09 21:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
    SRV - [2008/07/09 21:49:34 | 000,258,072 | ---- | M] (Microsoft Corporation) [Disabled] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
    SRV - [2008/05/30 12:21:02 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
    SRV - [2008/03/09 05:20:26 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
    SRV - [2006/10/26 13:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
    SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
    SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - [2010/05/15 02:36:55 | 000,755,200 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec) Suppresseur d'écho acoustique (Noyau Microsoft)
    DRV - [2010/03/29 18:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2009/12/11 06:31:25 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009/09/23 04:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
    DRV - [2009/09/15 16:04:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2009/07/24 12:16:37 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/03/30 04:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2009/02/25 18:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2009/02/13 06:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2008/10/02 04:25:32 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2008/07/28 12:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/07/09 21:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
    DRV - [2006/11/10 09:08:50 | 000,024,064 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
    DRV - [2005/06/23 07:56:26 | 000,048,384 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [2004/11/17 07:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/10/19 16:01:04 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2004/10/19 16:01:02 | 000,033,280 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Administrateur_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
    IE - HKU\Administrateur_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
    IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
    IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\USER_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
    IE - HKU\USER_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\USER_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\USER_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\USER_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\USER_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

    ========== FireFox ==========

    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.2
    FF - prefs.js..extensions.enabledItems: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}:4.0
    FF - prefs.js..keyword.URL: "http://fr.search.yahoo.com/search?fr=greentree_ff1&ei=u..."

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/06 13:18:57 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/06 13:18:57 | 000,000,000 | ---D | M]

    [2009/11/23 14:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
    [2009/11/23 14:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\c90f1wfv.default\extensions
    [2010/01/21 03:05:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/11/11 03:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
    [2007/08/29 17:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    [2009/12/02 04:26:33 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2009/12/02 04:26:33 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2009/12/02 04:26:33 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2009/12/02 04:26:33 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2009/12/02 04:26:33 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2008/05/01 17:20:05 | 000,000,837 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
    O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
    O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
    O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll File not found
    O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
    O3 - HKU\USER_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\USER_ON_C\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKU\USER_ON_C\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\USER_ON_C\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\System32\smss32.exe File not found
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\USER_ON_C..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
    O4 - HKU\USER_ON_C..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O4 - HKU\USER_ON_C..\Run: [cacaoweb] C:\Program Files\cacaoweb\cacaoweb.exe ()
    O4 - HKU\USER_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    O4 - HKU\USER_ON_C..\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe (ClanServers Hosting LLC)
    O4 - HKU\USER_ON_C..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
    O4 - HKU\USER_ON_C..\Run: [smss32.exe] C:\WINDOWS\System32\smss32.exe File not found
    O4 - HKU\USER_ON_C..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
    O4 - HKU\USER_ON_C..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe File not found
    O4 - HKU\USER_ON_C..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe File not found
    O4 - HKU\USER_ON_C..\Run: [VoipDiscount] C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe File not found
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\USER\Menu Démarrer\Programmes\Démarrage\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O4 - Startup: C:\Documents and Settings\USER\Menu Démarrer\Programmes\Démarrage\Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
    O4 - Startup: C:\Documents and Settings\USER\Menu Démarrer\Programmes\Démarrage\wwwzuc32.exe ()
    O4 - Startup: C:\Documents and Settings\USER\Menu Démarrer\Programmes\Démarrage\Xfire.lnk = C:\Program Files\Xfire\xfire.exe (Xfire Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 128
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 128
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 1
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 128
    O7 - HKU\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 128
    O7 - HKU\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
    O7 - HKU\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O7 - HKU\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKU\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 1
    O7 - HKU\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9... (Reg Error: Key error.)
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://www.ma-config.com/plugins/MaConfig_4_0_1_3.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-wind... (Java Plug-in 1.6.0_05)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-wind... (Java Plug-in 1.6.0_05)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/fl... (Shockwave Flash Object)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\System32\winlogon32.exe File not found
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/05/01 04:24:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/05/15 20:23:35 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2006/09/19 18:29:35 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/01/21 03:20:12 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2010/01/21 03:20:12 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 09:06:42 | 000,000,053 | ---- | M] () - K:\AUTORUN.INF -- [ FAT ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/05/15 02:30:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
    [2010/05/13 05:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\Super macro
    [2010/05/06 12:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Mes documents\codzr
    [2010/05/06 12:19:49 | 000,000,000 | ---D | C] -- C:\Nouveau dossier
    [2010/05/02 13:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\cacaoweb
    [2010/05/02 13:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\cacaoweb
    [2010/05/02 13:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Bureau\Telechargement firefox
    [2010/04/22 12:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Bureau\Le travail des enfants l'ampleur du problème_files
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\USER\Mes documents\*.tmp files -> C:\Documents and Settings\USER\Mes documents\*.tmp -> ]
    [1 C:\Documents and Settings\USER\Mes documents\*.tmp files -> C:\Documents and Settings\USER\Mes documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/05/15 20:37:27 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrateur\NTUSER.DAT
    [2010/05/15 09:36:34 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\USER\NTUSER.DAT
    [2010/05/15 09:36:34 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\USER\ntuser.ini
    [2010/05/15 09:36:28 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Administrateur\ntuser.ini
    [2010/05/15 09:36:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/05/15 09:35:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
    [2010/05/15 09:32:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/05/15 03:38:39 | 000,233,472 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2010/05/15 02:36:55 | 000,755,200 | ---- | M] () -- C:\WINDOWS\System32\drivers\aec.sys
    [2010/05/15 02:13:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/05/13 12:31:40 | 000,233,472 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2010/05/13 07:07:29 | 000,755,200 | ---- | M] () -- C:\WINDOWS\System32\drivers\skansogt.sys
    [2010/05/13 07:05:49 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\LocalService\Application Data\qvjsge.dat
    [2010/05/13 07:01:15 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\NetworkService\Application Data\qvjsge.dat
    [2010/05/13 07:01:09 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\avdrn.dat
    [2010/05/13 06:51:03 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-790525478-839522115-1003UA.job
    [2010/05/13 06:08:23 | 000,138,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2010/05/13 06:08:10 | 000,219,128 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
    [2010/05/13 05:32:37 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\USER\Bureau\Super macro.lnk
    [2010/05/12 10:51:15 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-790525478-839522115-1003Core.job
    [2010/05/10 14:43:27 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\USER\Bureau\adsl TV.lnk
    [2010/05/09 13:45:15 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2010/05/09 13:45:15 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
    [2010/05/09 13:45:15 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
    [2010/05/09 13:45:03 | 000,000,218 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
    [2010/05/07 15:52:46 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
    [2010/05/06 12:14:03 | 004,216,225 | ---- | M] () -- C:\Documents and Settings\USER\Mes documents\codzr.rar
    [2010/05/06 01:48:15 | 000,000,118 | -H-- | M] () -- C:\Documents and Settings\USER\Bureau\.~lock.tenfantpowerpaint.odp#
    [2010/05/06 01:31:07 | 000,005,801 | ---- | M] () -- C:\Documents and Settings\USER\Bureau\disney-logo.gif
    [2010/05/06 00:39:02 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\USER\Bureau\Dossier travail enfant réedition2.doc
    [2010/05/06 00:33:09 | 000,002,575 | ---- | M] () -- C:\Documents and Settings\USER\Bureau\Microsoft Office Word 2007.lnk
    [2010/05/05 15:24:59 | 000,032,370 | ---- | M] () -- C:\Documents and Settings\USER\Mes documents\Dossier travail enfant réedition.docx
    [2010/05/05 02:36:21 | 000,002,505 | ---- | M] () -- C:\Documents and Settings\USER\Bureau\Microsoft Office PowerPoint 2007.lnk
    [2010/05/01 12:54:22 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\USER\Bureau\Google Chrome.lnk
    [2010/04/23 17:17:34 | 000,014,116 | ---- | M] () -- C:\Documents and Settings\USER\Mes documents\On ne peut mettre fin au travail des enfants.docx
    [2010/04/22 12:09:33 | 000,028,892 | ---- | M] () -- C:\Documents and Settings\USER\Bureau\Le travail des enfants l'ampleur du problème.htm
    [2010/04/22 11:54:59 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/04/21 06:01:19 | 001,312,708 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/04/21 06:01:19 | 000,578,392 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2010/04/21 06:01:19 | 000,509,340 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/04/21 06:01:19 | 000,109,806 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2010/04/21 06:01:19 | 000,096,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/04/20 09:01:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/04/20 02:53:11 | 000,016,294 | ---- | M] () -- C:\Documents and Settings\USER\Mes documents\Le travail des enfants dans le mond1.docx
    [2010/04/18 17:32:50 | 002,646,324 | -H-- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\IconCache.db
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\USER\Mes documents\*.tmp files -> C:\Documents and Settings\USER\Mes documents\*.tmp -> ]
    [1 C:\Documents and Settings\USER\Mes documents\*.tmp files -> C:\Documents and Settings\USER\Mes documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/05/13 07:07:29 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\skansogt.sys
    [2010/05/13 07:05:46 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\qvjsge.dat
    [2010/05/13 07:01:15 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\qvjsge.dat
    [2010/05/13 07:01:09 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\avdrn.dat
    [2010/05/13 05:32:37 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\USER\Bureau\Super macro.lnk
    [2010/05/10 14:43:27 | 000,000,612 | ---- | C] () -- C:\Documents and Settings\USER\Bureau\adsl TV.lnk
    [2010/05/07 15:52:46 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
    [2010/05/06 12:13:53 | 004,216,225 | ---- | C] () -- C:\Documents and Settings\USER\Mes documents\codzr.rar
    [2010/05/06 01:43:50 | 000,000,118 | -H-- | C] () -- C:\Documents and Settings\USER\Bureau\.~lock.tenfantpowerpaint.odp#
    [2010/05/06 01:31:07 | 000,005,801 | ---- | C] () -- C:\Documents and Settings\USER\Bureau\disney-logo.gif
    [2010/05/06 00:39:02 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\USER\Bureau\Dossier travail enfant réedition2.doc
    [2010/05/02 12:08:26 | 000,032,370 | ---- | C] () -- C:\Documents and Settings\USER\Mes documents\Dossier travail enfant réedition.docx
    [2010/04/22 12:10:41 | 000,014,116 | ---- | C] () -- C:\Documents and Settings\USER\Mes documents\On ne peut mettre fin au travail des enfants.docx
    [2010/04/22 12:09:30 | 000,028,892 | ---- | C] () -- C:\Documents and Settings\USER\Bureau\Le travail des enfants l'ampleur du problème.htm
    [2010/04/20 02:53:11 | 000,016,294 | ---- | C] () -- C:\Documents and Settings\USER\Mes documents\Le travail des enfants dans le mond1.docx
    [2010/04/01 09:39:09 | 000,000,239 | ---- | C] () -- C:\WINDOWS\FXIWIN.INI
    [2010/03/13 09:50:27 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/03/06 16:43:45 | 000,159,896 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2009/12/16 10:54:25 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\DonationCoder_processtamer_InstallInfo.dat
    [2009/12/16 10:17:35 | 000,000,658 | RHS- | C] () -- C:\Documents and Settings\Administrateur\ntuser.pol
    [2009/10/09 16:44:37 | 000,688,128 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
    [2009/10/09 16:44:37 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2009/09/16 13:36:28 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\$_hpcst$.hpc
    [2009/04/11 06:41:27 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
    [2009/03/27 13:19:38 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2009/03/27 13:19:38 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2009/03/27 13:19:38 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
    [2009/03/27 13:11:50 | 000,000,218 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2009/01/03 13:51:58 | 000,000,539 | ---- | C] () -- C:\Program Files\Raccourci vers DAEMON Tools Toolbar.lnk
    [2008/11/21 17:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008/11/21 17:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
    [2008/11/21 17:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
    [2008/11/21 17:44:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2008/08/31 12:16:57 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NtUser.dat
    [2008/08/31 12:16:57 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
    [2008/08/31 12:16:10 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\Administrateur\ntuser.ini
    [2008/08/31 12:16:06 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Administrateur\NtUser.dat.LOG
    [2008/08/31 12:16:05 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Administrateur\NTUSER.DAT
    [2008/08/31 06:14:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
    [2008/06/06 16:23:31 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
    [2008/06/06 16:23:27 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2008/06/06 16:22:58 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll
    [2008/05/30 10:06:58 | 000,000,658 | RHS- | C] () -- C:\Documents and Settings\USER\ntuser.pol
    [2008/05/30 08:06:54 | 000,021,479 | ---- | C] () -- C:\Documents and Settings\USER\CCCInstall_200805301406545781.log
    [2008/05/28 14:49:09 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2008/05/28 08:58:21 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
    [2008/05/14 13:42:30 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\fusioncache.dat
    [2008/05/12 11:04:56 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/05/12 07:36:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/05/04 07:29:30 | 000,138,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2008/05/04 07:29:00 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\PnkBstrK.sys
    [2008/05/01 17:32:44 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2008/05/01 17:32:27 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2008/05/01 17:32:27 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
    [2008/05/01 17:14:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\aec.sys
    [2008/05/01 17:13:30 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2008/05/01 17:13:26 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2008/05/01 04:58:12 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\USER\ntuser.ini
    [2008/05/01 04:58:11 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\USER\ntuser.dat.LOG
    [2008/05/01 04:58:09 | 006,815,744 | -H-- | C] () -- C:\Documents and Settings\USER\NTUSER.DAT
    [2008/05/01 04:35:46 | 000,233,472 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2008/05/01 04:35:46 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
    [2008/05/01 04:35:46 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
    [2008/05/01 04:27:38 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
    [2008/05/01 04:27:37 | 000,233,472 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2008/05/01 04:27:37 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
    [2006/11/10 09:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
    [2004/09/05 02:59:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2004/09/05 02:58:04 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2002/12/14 17:46:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
    [2002/12/14 17:46:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2002/12/14 17:46:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
    [2002/12/14 16:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
    [2002/11/15 08:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll

    ========== LOP Check ==========

    [2010/01/18 11:31:31 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater
    [2009/12/27 10:03:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Dealio
    [2009/12/27 10:04:04 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Search Settings
    [2010/05/15 02:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\GameTracker
    [2009/01/11 12:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\avidemux
    [2008/12/13 07:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\BitTorrent
    [2008/05/07 13:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\BSplayer Pro
    [2010/05/13 03:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\cacaoweb
    [2008/06/06 16:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\CDBurnerXP_Soft
    [2008/10/02 04:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DAEMON Tools
    [2010/01/20 16:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Dealio
    [2009/01/15 18:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Dev-Cpp
    [2008/08/30 17:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DNA
    [2008/05/01 17:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ESET
    [2009/02/07 18:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FileZilla
    [2009/04/07 09:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FMZilla
    [2010/05/13 07:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\GameTracker
    [2009/10/12 12:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\GPass
    [2009/01/11 12:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\gtk-2.0
    [2009/07/25 04:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\LimeWire
    [2010/04/15 01:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Mostick
    [2008/05/21 15:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Notepad++
    [2010/03/17 11:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Recruitment Viewer
    [2009/12/27 13:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\SystemRequirementsLab
    [2009/03/08 13:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\The Creative Assembly
    [2010/03/06 07:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\TS3Client
    [2009/01/14 06:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Uniblue
    [2008/12/23 16:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\uTorrent
    [2009/08/18 10:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\VoipDiscount

    ========== Purity Check ==========


    < End of report >
    15 Mai 2010 22:51:43

    Ok!

  • Relance OTLPE:
  • Copies et colles le contenu ci dessous dans la partie inférieur d'OTL: Custom Scans/Files
  • :Files
    C:\Program Files\Application Updater
    C:\WINDOWS\System32\smss32.exe
    C:\Documents and Settings\USER\Application Data\avdrn.dat
    C:\WINDOWS\System32\drivers\skansogt.sys
    C:\Documents and Settings\LocalService\Application Data\qvjsge.dat
    C:\Documents and Settings\NetworkService\Application Data\qvjsge.dat

    :OTL
    O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\System32\smss32.exe File not found
    O4 - HKU\USER_ON_C\..\Run: [smss32.exe] C:\WINDOWS\System32\smss32.exe File not found

  • Enfin, $clique sur le bouton Run Fix. Le scan ne prendra pas beaucoup de temps.
  • Si une fenêtre s'ouvre avec un message : No Fix has been Provided! Do you want to load it from a file; cliquer sur YES.
  • Une fois l'analyse terminée, un rapport va s'ouvrir.
  • Copie/colle ensuite le rapport.
  • Note: Le rapport se trouve dans C:\OTL\

    =====

    Dire si possibilité de redémarrer en mode normal. :o 
    15 Mai 2010 23:13:49

    voila le rapport


    ========== FILES ==========
    File\Folder C:\Program Files\Application Updater not found.
    File\Folder C:\WINDOWS\System32\smss32.exe not found.
    File\Folder C:\Documents and Settings\USER\Application Data\avdrn.dat not found.
    File\Folder C:\WINDOWS\System32\drivers\skansogt.sys not found.
    File\Folder C:\Documents and Settings\LocalService\Application Data\qvjsge.dat not found.
    File\Folder C:\Documents and Settings\NetworkService\Application Data\qvjsge.dat not found.
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
    Registry key HKEY_USERS\USER_ON_C\\Software\Microsoft\Windows\CurrentVersion\Run not found.

    OTLPE by OldTimer - Version 3.1.39.0 log created on 05162010_011035

    16 Mai 2010 15:11:15

    salut

    Si je démarre en mode normal, j'ai toujours l'écran bleu
    16 Mai 2010 18:50:48

    Ok, tu peux me re-poster un rapport OTL?
    16 Mai 2010 19:36:31

    Ok voilà le rapport otlpe




    OTL logfile created on: 5/17/2010 12:28:45 AM - Run
    OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1,023.00 Mb Total Physical Memory | 810.00 Mb Available Physical Memory | 79.00% Memory free
    907.00 Mb Paging File | 848.00 Mb Available in Paging File | 93.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.30 Gb Total Space | 1.45 Gb Free Space | 3.88% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    Drive I: | 1.86 Gb Total Space | 0.33 Gb Free Space | 17.99% Space Free | Partition Type: FAT
    Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO
    Current User Name: SYSTEM
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
    Using ControlSet: ControlSet005

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto] -- -- (Application Updater)
    SRV - [2010/03/30 05:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2009/12/10 06:20:06 | 001,643,872 | ---- | M] (ClanServers Hosting LLC) [Auto] -- C:\Program Files\GameTracker\GSInGameService.exe -- (GS In-Game Service)
    SRV - [2009/08/18 09:56:46 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2009/07/24 12:16:37 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2008/10/01 08:06:14 | 000,116,040 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2008/07/10 20:28:44 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
    SRV - [2008/07/10 20:28:44 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) Agent SQL Server (SQLEXPRESS)
    SRV - [2008/07/10 20:28:40 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled] -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
    SRV - [2008/07/09 21:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
    SRV - [2008/07/09 21:49:34 | 000,258,072 | ---- | M] (Microsoft Corporation) [Disabled] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
    SRV - [2008/05/30 12:21:02 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
    SRV - [2008/03/09 05:20:26 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
    SRV - [2006/10/26 13:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
    SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
    SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - [2010/05/15 02:36:55 | 000,755,200 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec) Suppresseur d'écho acoustique (Noyau Microsoft)
    DRV - [2010/03/29 18:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2009/12/11 06:31:25 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009/09/23 04:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
    DRV - [2009/09/15 16:04:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2009/07/24 12:16:37 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/03/30 04:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2009/02/25 18:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2009/02/13 06:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2008/10/02 04:25:32 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2008/07/28 12:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/07/09 21:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
    DRV - [2006/11/10 09:08:50 | 000,024,064 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
    DRV - [2005/06/23 07:56:26 | 000,048,384 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [2004/11/17 07:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/10/19 16:01:04 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2004/10/19 16:01:02 | 000,033,280 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Administrateur_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
    IE - HKU\Administrateur_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
    IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
    IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\USER_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
    IE - HKU\USER_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\USER_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\USER_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\USER_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\USER_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

    ========== FireFox ==========

    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.2
    FF - prefs.js..extensions.enabledItems: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}:4.0
    FF - prefs.js..keyword.URL: "http://fr.search.yahoo.com/search?fr=greentree_ff1&ei=u..."

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/06 13:18:57 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/06 13:18:57 | 000,000,000 | ---D | M]

    [2009/11/23 14:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
    [2009/11/23 14:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\c90f1wfv.default\extensions
    [2010/01/21 03:05:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/11/11 03:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
    [2007/08/29 17:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    [2009/12/02 04:26:33 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2009/12/02 04:26:33 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2009/12/02 04:26:33 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2009/12/02 04:26:33 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2009/12/02 04:26:33 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2008/05/01 17:20:05 | 000,000,837 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
    O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
    O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
    O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll File not found
    O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
    O3 - HKU\USER_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\USER_ON_C\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKU\USER_ON_C\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\USER_ON_C\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\System32\smss32.exe File not found
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\USER_ON_C..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
    O4 - HKU\USER_ON_C..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O4 - HKU\USER_ON_C..\Run: [cacaoweb] C:\Program Files\cacaoweb\cacaoweb.exe ()
    O4 - HKU\USER_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    O4 - HKU\USER_ON_C..\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe (ClanServers Hosting LLC)
    O4 - HKU\USER_ON_C..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
    O4 - HKU\USER_ON_C..\Run: [smss32.exe] C:\WINDOWS\System32\smss32.exe File not found
    O4 - HKU\USER_ON_C..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
    O4 - HKU\USER_ON_C..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe File not found
    O4 - HKU\USER_ON_C..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe File not found
    O4 - HKU\USER_ON_C..\Run: [VoipDiscount] C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe File not found
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\USER\Menu Démarrer\Programmes\Démarrage\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O4 - Startup: C:\Documents and Settings\USER\Menu Démarrer\Programmes\Démarrage\Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
    O4 - Startup: C:\Documents and Settings\USER\Menu Démarrer\Programmes\Démarrage\wwwzuc32.exe ()
    O4 - Startup: C:\Documents and Settings\USER\Menu Démarrer\Programmes\Démarrage\Xfire.lnk = C:\Program Files\Xfire\xfire.exe (Xfire Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 128
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 128
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 1
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 128
    O7 - HKU\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 128
    O7 - HKU\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
    O7 - HKU\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O7 - HKU\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKU\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 1
    O7 - HKU\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9... (Reg Error: Key error.)
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://www.ma-config.com/plugins/MaConfig_4_0_1_3.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-wind... (Java Plug-in 1.6.0_05)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-wind... (Java Plug-in 1.6.0_05)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/fl... (Shockwave Flash Object)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\System32\winlogon32.exe File not found
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/05/01 04:24:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/05/15 20:23:35 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2009/08/20 15:18:54 | 000,000,116 | ---- | M] () - I:\autorun.inf -- [ FAT ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/05/16 01:06:56 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/05/15 02:30:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
    [2010/05/13 05:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\Super macro
    [2010/05/06 12:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Mes documents\codzr
    [2010/05/06 12:19:49 | 000,000,000 | ---D | C] -- C:\Nouveau dossier
    [2010/05/02 13:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\cacaoweb
    [2010/05/02 13:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\cacaoweb
    [2010/05/02 13:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Bureau\Telechargement firefox
    [2010/04/22 12:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Bureau\Le travail des enfants l'ampleur du problème_files
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\USER\Mes documents\*.tmp files -> C:\Documents and Settings\USER\Mes documents\*.tmp -> ]
    [1 C:\Documents and Settings\USER\Mes documents\*.tmp files -> C:\Documents and Settings\USER\Mes documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/05/16 08:21:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/05/16 08:21:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/05/16 08:21:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
    [2010/05/16 07:40:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/05/16 01:34:24 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrateur\NTUSER.DAT
    [2010/05/15 09:36:34 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\USER\NTUSER.DAT
    [2010/05/15 09:36:34 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\USER\ntuser.ini
    [2010/05/15 09:36:28 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Administrateur\ntuser.ini
    [2010/05/15 03:38:39 | 000,233,472 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2010/05/15 02:36:55 | 000,755,200 | ---- | M] () -- C:\WINDOWS\System32\drivers\aec.sys
    [2010/05/13 12:31:40 | 000,233,472 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2010/05/13 06:51:03 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-790525478-839522115-1003UA.job
    [2010/05/13 06:08:23 | 000,138,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2010/05/13 06:08:10 | 000,219,128 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
    [2010/05/13 05:32:37 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\USER\Bureau\Super macro.lnk
    [2010/05/12 10:51:15 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-790525478-839522115-1003Core.job
    [2010/05/10 14:43:27 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\USER\Bureau\adsl TV.lnk
    [2010/05/09 13:45:15 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2010/05/09 13:45:15 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
    [2010/05/09 13:45:15 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
    [2010/05/09 13:45:03 | 000,000,218 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
    [2010/05/07 15:52:46 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
    [2010/05/06 12:14:03 | 004,216,225 | ---- | M] () -- C:\Documents and Settings\USER\Mes documents\codzr.rar
    [2010/05/06 01:48:15 | 000,000,118 | -H-- | M] () -- C:\Documents and Settings\USER\Bureau\.~lock.tenfantpowerpaint.odp#
    [2010/05/06 01:31:07 | 000,005,801 | ---- | M] () -- C:\Documents and Settings\USER\Bureau\disney-logo.gif
    [2010/05/06 00:39:02 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\USER\Bureau\Dossier travail enfant réedition2.doc
    [2010/05/06 00:33:09 | 000,002,575 | ---- | M] () -- C:\Documents and Settings\USER\Bureau\Microsoft Office Word 2007.lnk
    [2010/05/05 15:24:59 | 000,032,370 | ---- | M] () -- C:\Documents and Settings\USER\Mes documents\Dossier travail enfant réedition.docx
    [2010/05/05 02:36:21 | 000,002,505 | ---- | M] () -- C:\Documents and Settings\USER\Bureau\Microsoft Office PowerPoint 2007.lnk
    [2010/05/01 12:54:22 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\USER\Bureau\Google Chrome.lnk
    [2010/04/23 17:17:34 | 000,014,116 | ---- | M] () -- C:\Documents and Settings\USER\Mes documents\On ne peut mettre fin au travail des enfants.docx
    [2010/04/22 12:09:33 | 000,028,892 | ---- | M] () -- C:\Documents and Settings\USER\Bureau\Le travail des enfants l'ampleur du problème.htm
    [2010/04/22 11:54:59 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/04/21 06:01:19 | 001,312,708 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/04/21 06:01:19 | 000,578,392 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2010/04/21 06:01:19 | 000,509,340 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/04/21 06:01:19 | 000,109,806 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2010/04/21 06:01:19 | 000,096,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/04/20 09:01:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/04/20 02:53:11 | 000,016,294 | ---- | M] () -- C:\Documents and Settings\USER\Mes documents\Le travail des enfants dans le mond1.docx
    [2010/04/18 17:32:50 | 002,646,324 | -H-- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\IconCache.db
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\USER\Mes documents\*.tmp files -> C:\Documents and Settings\USER\Mes documents\*.tmp -> ]
    [1 C:\Documents and Settings\USER\Mes documents\*.tmp files -> C:\Documents and Settings\USER\Mes documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/05/13 05:32:37 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\USER\Bureau\Super macro.lnk
    [2010/05/10 14:43:27 | 000,000,612 | ---- | C] () -- C:\Documents and Settings\USER\Bureau\adsl TV.lnk
    [2010/05/07 15:52:46 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
    [2010/05/06 12:13:53 | 004,216,225 | ---- | C] () -- C:\Documents and Settings\USER\Mes documents\codzr.rar
    [2010/05/06 01:43:50 | 000,000,118 | -H-- | C] () -- C:\Documents and Settings\USER\Bureau\.~lock.tenfantpowerpaint.odp#
    [2010/05/06 01:31:07 | 000,005,801 | ---- | C] () -- C:\Documents and Settings\USER\Bureau\disney-logo.gif
    [2010/05/06 00:39:02 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\USER\Bureau\Dossier travail enfant réedition2.doc
    [2010/05/02 12:08:26 | 000,032,370 | ---- | C] () -- C:\Documents and Settings\USER\Mes documents\Dossier travail enfant réedition.docx
    [2010/04/22 12:10:41 | 000,014,116 | ---- | C] () -- C:\Documents and Settings\USER\Mes documents\On ne peut mettre fin au travail des enfants.docx
    [2010/04/22 12:09:30 | 000,028,892 | ---- | C] () -- C:\Documents and Settings\USER\Bureau\Le travail des enfants l'ampleur du problème.htm
    [2010/04/20 02:53:11 | 000,016,294 | ---- | C] () -- C:\Documents and Settings\USER\Mes documents\Le travail des enfants dans le mond1.docx
    [2010/04/01 09:39:09 | 000,000,239 | ---- | C] () -- C:\WINDOWS\FXIWIN.INI
    [2010/03/13 09:50:27 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/03/06 16:43:45 | 000,159,896 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2009/12/16 10:54:25 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\DonationCoder_processtamer_InstallInfo.dat
    [2009/12/16 10:17:35 | 000,000,658 | RHS- | C] () -- C:\Documents and Settings\Administrateur\ntuser.pol
    [2009/10/09 16:44:37 | 000,688,128 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
    [2009/10/09 16:44:37 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2009/09/16 13:36:28 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\$_hpcst$.hpc
    [2009/04/11 06:41:27 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
    [2009/03/27 13:19:38 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2009/03/27 13:19:38 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2009/03/27 13:19:38 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
    [2009/03/27 13:11:50 | 000,000,218 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2009/01/03 13:51:58 | 000,000,539 | ---- | C] () -- C:\Program Files\Raccourci vers DAEMON Tools Toolbar.lnk
    [2008/11/21 17:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008/11/21 17:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
    [2008/11/21 17:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
    [2008/11/21 17:44:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2008/08/31 12:16:57 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NtUser.dat
    [2008/08/31 12:16:57 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
    [2008/08/31 12:16:10 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\Administrateur\ntuser.ini
    [2008/08/31 12:16:06 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Administrateur\NtUser.dat.LOG
    [2008/08/31 12:16:05 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Administrateur\NTUSER.DAT
    [2008/08/31 06:14:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
    [2008/06/06 16:23:31 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
    [2008/06/06 16:23:27 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2008/06/06 16:22:58 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll
    [2008/05/30 10:06:58 | 000,000,658 | RHS- | C] () -- C:\Documents and Settings\USER\ntuser.pol
    [2008/05/30 08:06:54 | 000,021,479 | ---- | C] () -- C:\Documents and Settings\USER\CCCInstall_200805301406545781.log
    [2008/05/28 14:49:09 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2008/05/28 08:58:21 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
    [2008/05/14 13:42:30 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\fusioncache.dat
    [2008/05/12 11:04:56 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/05/12 07:36:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/05/04 07:29:30 | 000,138,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2008/05/04 07:29:00 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\PnkBstrK.sys
    [2008/05/01 17:32:44 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2008/05/01 17:32:27 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2008/05/01 17:32:27 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
    [2008/05/01 17:14:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\aec.sys
    [2008/05/01 17:13:30 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2008/05/01 17:13:26 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2008/05/01 04:58:12 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\USER\ntuser.ini
    [2008/05/01 04:58:11 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\USER\ntuser.dat.LOG
    [2008/05/01 04:58:09 | 006,815,744 | -H-- | C] () -- C:\Documents and Settings\USER\NTUSER.DAT
    [2008/05/01 04:35:46 | 000,233,472 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2008/05/01 04:35:46 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
    [2008/05/01 04:35:46 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
    [2008/05/01 04:27:38 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
    [2008/05/01 04:27:37 | 000,233,472 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2008/05/01 04:27:37 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
    [2006/11/10 09:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
    [2004/09/05 02:59:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2004/09/05 02:58:04 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2002/12/14 17:46:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
    [2002/12/14 17:46:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2002/12/14 17:46:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
    [2002/12/14 16:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
    [2002/11/15 08:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll

    ========== LOP Check ==========

    [2010/01/18 11:31:31 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater
    [2009/12/27 10:03:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Dealio
    [2009/12/27 10:04:04 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Search Settings
    [2010/05/15 02:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\GameTracker
    [2009/01/11 12:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\avidemux
    [2008/12/13 07:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\BitTorrent
    [2008/05/07 13:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\BSplayer Pro
    [2010/05/13 03:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\cacaoweb
    [2008/06/06 16:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\CDBurnerXP_Soft
    [2008/10/02 04:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DAEMON Tools
    [2010/01/20 16:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Dealio
    [2009/01/15 18:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Dev-Cpp
    [2008/08/30 17:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DNA
    [2008/05/01 17:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ESET
    [2009/02/07 18:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FileZilla
    [2009/04/07 09:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FMZilla
    [2010/05/13 07:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\GameTracker
    [2009/10/12 12:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\GPass
    [2009/01/11 12:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\gtk-2.0
    [2009/07/25 04:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\LimeWire
    [2010/04/15 01:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Mostick
    [2008/05/21 15:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Notepad++
    [2010/03/17 11:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Recruitment Viewer
    [2009/12/27 13:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\SystemRequirementsLab
    [2009/03/08 13:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\The Creative Assembly
    [2010/03/06 07:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\TS3Client
    [2009/01/14 06:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Uniblue
    [2008/12/23 16:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\uTorrent
    [2009/08/18 10:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\VoipDiscount

    ========== Purity Check ==========


    < End of report >
    16 Mai 2010 20:34:06

    Tu pourrais m'indiquer le nom du logiciel que tu as installé avant que ça ne plante?
    16 Mai 2010 20:39:02

    Il s agit de super macro
    quelques minutes après l avoir fermer l ordinateur a afficher un compte a rebours disant qu il allait redémarrer du même pour les mises a jour.
    16 Mai 2010 20:44:18

    Mise à jour de windows ou du programme?
    16 Mai 2010 20:50:48

    Comme une fenêtre après une mise a jour qui dit que l ordinateur va redémarrer
    sauf qu il n y a pas eu de mise a jour.
    16 Mai 2010 20:59:29

    Hum.. ok, on va essayé de virer le programme. C'est pas beau et c'est moche, mais comme ça on sera fixé.
    Le répertoire de Super macro sera complètement supprimé.



  • Relance OTLPE:
  • Copies et colles le contenu ci dessous dans la partie inférieur d'OTL: Custom Scans/Files
  • :Files
    C:\WINDOWS\system32\config\systemprofile\Application Data\Search Settings
    C:\WINDOWS\system32\config\systemprofile\Application Data\Dealio
    C:\Program Files\Super macro

  • Enfin, clique sur le bouton Run Fix. Le scan ne prendra pas beaucoup de temps.
  • Si une fenêtre s'ouvre avec un message : No Fix has been Provided! Do you want to load it from a file; cliquer sur YES.
  • Une fois l'analyse terminée, un rapport va s'ouvrir.
  • Copie/colle ensuite le rapport.
  • Note: Le rapport se trouve dans C:\OTL\
    16 Mai 2010 21:19:50

    ========== FILES ==========
    C:\WINDOWS\system32\config\systemprofile\Application Data\Search Settings\kb128\temp folder moved successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Search Settings\kb128 folder moved successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Search Settings folder moved successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Dealio\temp folder moved successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Dealio\res folder moved successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\Dealio folder moved successfully.
    C:\Program Files\Super macro\tutoriel folder moved successfully.
    C:\Program Files\Super macro\Plugins folder moved successfully.
    C:\Program Files\Super macro folder moved successfully.

    OTLPE by OldTimer - Version 3.1.39.0 log created on 05172010_021417
    OTL\
    16 Mai 2010 21:25:40

    Essai de redémarrer.

    Si ça ne fonctionne pas, tu as un cd de windows?
    16 Mai 2010 21:33:56

    re

    non toujours pas
    et je n ai pas de cd de windows
    16 Mai 2010 21:58:19

    Ça a pas l'air d'être un virus, mais plutôt le pc qui a planté, il faudrait que tu puisse te procurer/faire prêter un cd/fichier iso de la même version que ton windows.
    16 Mai 2010 22:11:08

    Mince
    en tout cas je te remercie de m avoir aidé
    Bonne soirée

    Ps il faut donc que je réinstalle windows, donc les composants ne sont pas casses?
    16 Mai 2010 23:17:31

    Ok, je me suis trompé :bounce:  , fait ça:

  • Relance OTLPE:
  • Copies et colles le contenu ci dessous dans la partie inférieur d'OTL: Custom Scans/Files

  • :Reg
    [HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

  • Enfin, clique sur le bouton Run Fix. Le scan ne prendra pas beaucoup de temps.
  • Si une fenêtre s'ouvre avec un message : No Fix has been Provided! Do you want to load it from a file; cliquer sur YES.
  • Une fois l'analyse terminée, un rapport va s'ouvrir.
  • Copie/colle ensuite le rapport.
  • Note: Le rapport se trouve dans C:\OTL\

    =====

    Normalement le pc devrait pouvoir redémarrer.
    17 Mai 2010 08:48:48

    edit



    ========== REGISTRY ==========
    HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!

    OTLPE by OldTimer - Version 3.1.39.0 log created on 05172010_053130
    17 Mai 2010 13:46:17

    finalement j'ai réussis a redémarrer en mode sans échec et j'ai lancé MBAM
    j'ai supprimé les menaces et l'ordinateur a pu démarrer normalement
    Que doit je faire maintenant?


    voila le rapport

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3930

    Windows 5.1.2600 Service Pack 2 (Safe Mode)
    Internet Explorer 7.0.5730.13

    17/05/2010 13:29:34
    mbam-log-2010-05-17 (13-29-34).txt

    Scan type: Quick scan
    Objects scanned: 115367
    Time elapsed: 8 minute(s), 26 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 5
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)




    sinon mon antivir guard detecte des menaces du virus batch BAT/DellE.148
    17 Mai 2010 22:14:23

    Ok, fais un scan combofix:

  • Désactive l'antivirus.

    Télécharger et enregistrer sur le bureau « Combofix »

  • Double-clic sur Combofix.
  • Si invitation à télécharger et installer la console de récupération, l'accepter.
  • La recherche va ensuite se lancer,
  • Attendre la fermeture de l’outil ( 5 à 10 mn),
  • Un rapport dans C:\Combofix.txt: héberge le et donne le lien.
    19 Mai 2010 17:48:17

    Ok!

  • Mettre combofix sur le bureau
  • Copier ce texte:


    Driver::
    cnhcxgaf
    File::
    c:\windows\system32\drivers\cnhcxgaf.sys
    c:\documents and settings\NetworkService\Application Data\qvjsge.dat
    c:\documents and settings\USER\Menu Démarrer\Programmes\Démarrage\wwwzuc32.exe
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify]
    "IconStreams"=-
    "PastIconsStream"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole]
    "SetCommand"=dword:00000001
    "SecurityLevel"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"=dword:00000001
    Folder::
    C:\_OTL
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555


  • Ouvrir le Bloc-Notes,
  • Clic-droit ==> coller.
  • Faire ==> fichier ==> enregistrer sous ==> choisir Bureau.
  • Le nommer CFScript.txt
  • Fermer le bloc-note.
  • Prendre le fichier CFScript.txt qui est sur le bureau par un clic gauche maintenue,
  • L'amener sur l'icône de Combofix et relacher le clic.
  • Combofix se relance seul.
  • Héberger le rapport et donner le lien.
    20 Mai 2010 13:19:36

    Ok, fais un scan OTL:

    Télécharge OTL(de OldTimer) sur ton Bureau.
  • Double-clique sur OTL pour le lancer.
  • (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
  • Coche également les cases à côté de Recherche Lop et Recherche Purity.
  • Enfin, clique sur le bouton Analyse. Le scan ne prendra pas beaucoup de temps.
  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).
  • Héberge les rapports, puis donne leurs liens.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS