Win32.brontok..... à l'aide svp

boumara -  
 gen-hackman -
bonjours

j'ai été infecté par win32.brontok et je ne peu plus accéder à firefox et internet explorer.
une fenêtre windows security center alert me propose de télécharger un truc pour l'éliminer mais je ne l'ai pas fait.
A part ca les programmes tournent mais sont un peu lents.

je vous poste le rapport brontgui et RSIT

merci d'avance!

RESOLVE Version 1.07
Copyright (c) 2004, Sophos Plc, www.sophos.com

System disinfection for W32/Brontok

Data Version 1.03

System scan started at 03:00 on 8 August 2009

Checking for W32/Brontok in memory

Checking for registry keys affected by W32/Brontok

Reset registry value HKCU\software\microsoft\windows\currentversion\explorer\advanced\ShowSuperHidden
Reset registry value HKCU\software\microsoft\windows\currentversion\explorer\advanced\HideFileExt

Checking for files affected by W32/Brontok

Scanning C:

Error opening file C:\Documents and Settings\guillaume\Cookies\index.dat

Could not scan 12-{3231C557-19CA-0191-2F65-7124C305FF64}-v1-{D72C1052-D1FB-469C-B2BA-777B95383F4E}-v12-Downloaded.frx

Error opening file C:\Documents and Settings\guillaume\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

Error opening file C:\Documents and Settings\guillaume\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

Error opening file C:\Documents and Settings\guillaume\Local Settings\Historique\History.IE5\index.dat

Error opening file C:\Documents and Settings\guillaume\Local Settings\Temp\~DF987.tmp

Error opening file C:\Documents and Settings\guillaume\Local Settings\Temporary Internet Files\Content.IE5\index.dat

Error opening file C:\Documents and Settings\guillaume\Mes documents\cours kiné\memoire sept\MEMOIRE DEFINITIF\._stratégie H?C an9.doc

Error opening file C:\Documents and Settings\guillaume\Mes documents\cours kiné\memoire sept\MEMOIRE DEFINITIF\PDF\stratégie H?C an9.pdf

Error opening file C:\Documents and Settings\guillaume\Mes documents\cours kiné\memoire sept\MEMOIRE DEFINITIF\stratégie H?C an9.doc

Could not scan 00-idren_natural_bw_jah_shaka_and_mighty_massa-justice-(10_inch-br1006)-vinyl-2007-gmg.jpg

Could not scan 00-idren_natural_bw_jah_shaka_and_mighty_massa-justice-(10_inch-br1006)-vinyl-2007-gmg.m3u

Could not scan 00-idren_natural_bw_jah_shaka_and_mighty_massa-justice-(10_inch-br1006)-vinyl-2007-gmg.nfo

Could not scan 00-idren_natural_bw_jah_shaka_and_mighty_massa-justice-(10_inch-br1006)-vinyl-2007-gmg.sfv

Could not scan INCOMPLETE~Blakamix Feat. Horace Andy - Seek And You Will Find - A2 - Seek And You Will Find (Acapella).mp3

Error opening file C:\Documents and Settings\guillaume\Mes documents\download\- roots dub steppa\+ Blakamix\blakamix feat. horace andy - seek and you will find [12'' single]\INCOMPLETE~Blakamix Feat. Horace Andy - Seek And You Will Find - B2 - Dub And You Will Find (Verse 2).mp3

Could not scan 00-counteraction_warriors_bw_jah_mystic-where_were_from-(count001)-vinyl-2007-a-gmg.jpg

Could not scan 00-counteraction_warriors_bw_jah_mystic-where_were_from-(count001)-vinyl-2007-b-gmg.jpg

Could not scan 00-counteraction_warriors_bw_jah_mystic-where_were_from-(count001)-vinyl-2007-gmg.m3u

Could not scan 00-counteraction_warriors_bw_jah_mystic-where_were_from-(count001)-vinyl-2007-gmg.nfo

Could not scan 00-counteraction_warriors_bw_jah_mystic-where_were_from-(count001)-vinyl-2007-gmg.sfv

Error opening file C:\Documents and Settings\guillaume\Mes documents\download\- roots dub steppa\+ INNER SANCTUARY\Mykal_Rose_Bw_Paul_Fox-Babylon_Kingdom_Fall-(12_Inch_ACT12_16)-Vinyl-2007-GMG\00-mykal_rose_bw_paul_fox-babylon_kingdom_fall-(12_inch_act12_16)-vinyl-2007-a-gmg.jpg

Error opening file C:\Documents and Settings\guillaume\Mes documents\download\- roots dub steppa\+ INNER SANCTUARY\Mykal_Rose_Bw_Paul_Fox-Babylon_Kingdom_Fall-(12_Inch_ACT12_16)-Vinyl-2007-GMG\00-mykal_rose_bw_paul_fox-babylon_kingdom_fall-(12_inch_act12_16)-vinyl-2007-b-gmg.jpg

Could not scan REGGAE ON TOP - ROTS028A - Barry Isaac - Japanese Girl - 7 inch - Barry Isaac & Hughie Izachaar - 2001.mp3

Could not scan REGGAE ON TOP - ROTS028B - Reggae On Top All Stars - Japanese Girl Dub - 7 inch - Barry Isaac & Hughie I.mp3

Could not scan 00 - Twinkle Brothers - Rasta Pon Top and It Gwine Dreada (Twinkle 12'' 198x) - 1981.m3u

Could not scan 00-noel_zebulon_mts_isses_dread-international_dubwise-(10_inch-h_and_h101)-vinyl-2007-a-gmg.jpg

Could not scan 00-noel_zebulon_mts_isses_dread-international_dubwise-(10_inch-h_and_h101)-vinyl-2007-b-gmg.jpg

Could not scan 00-noel_zebulon_mts_isses_dread-international_dubwise-(10_inch-h_and_h101)-vinyl-2007-gmg.m3u

Could not scan 00-noel_zebulon_mts_isses_dread-international_dubwise-(10_inch-h_and_h101)-vinyl-2007-gmg.nfo

Could not scan 00-noel_zebulon_mts_isses_dread-international_dubwise-(10_inch-h_and_h101)-vinyl-2007-gmg.sfv

Could not scan 00-hugo_blackwood_and_dr_alimantado-reggae_music-(roots9-reissue_1977)-ep-2006-a-gmg.jpg

Could not scan 00-hugo_blackwood_and_dr_alimantado-reggae_music-(roots9-reissue_1977)-ep-2006-b-gmg.jpg

Could not scan 00-hugo_blackwood_and_dr_alimantado-reggae_music-(roots9-reissue_1977)-ep-2006-gmg.m3u

Could not scan 00-hugo_blackwood_and_dr_alimantado-reggae_music-(roots9-reissue_1977)-ep-2006-gmg.nfo

Could not scan 00-hugo_blackwood_and_dr_alimantado-reggae_music-(roots9-reissue_1977)-ep-2006-gmg.sfv

Could not scan 00-wailing_souls_and_ranking_trevor-war-(12_inch_reissue_1978-gred1)-vinyl-2007-a-gmg.jpg

Could not scan 00-wailing_souls_and_ranking_trevor-war-(12_inch_reissue_1978-gred1)-vinyl-2007-b-gmg.jpg

Could not scan 00-wailing_souls_and_ranking_trevor-war-(12_inch_reissue_1978-gred1)-vinyl-2007-gmg.m3u

Could not scan 00-wailing_souls_and_ranking_trevor-war-(12_inch_reissue_1978-gred1)-vinyl-2007-gmg.nfo

Could not scan 00-wailing_souls_and_ranking_trevor-war-(12_inch_reissue_1978-gred1)-vinyl-2007-gmg.sfv

Could not scan 00-creation_stepper_and_the_dubateers_bw_dandelion-go_back_a_yard-(da1005)-vinyl-2007-gmg.m3u

Could not scan 00-creation_stepper_and_the_dubateers_bw_dandelion-go_back_a_yard-(da1005)-vinyl-2007-gmg.nfo

Could not scan 00-creation_stepper_and_the_dubateers_bw_dandelion-go_back_a_yard-(da1005)-vinyl-2007-gmg.sfv

Error opening file C:\Documents and Settings\guillaume\NTUSER.DAT

Error opening file C:\Documents and Settings\guillaume\ntuser.dat.LOG

Error opening file C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

Error opening file C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

Error opening file C:\Documents and Settings\NetworkService\NTUSER.DAT

Error opening file C:\Documents and Settings\NetworkService\ntuser.dat.LOG

Error opening file C:\pagefile.sys

Error opening file C:\resolve.log

Error opening file C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP665\change.log

Error opening file C:\WINDOWS\Debug\PASSWD.LOG

Error opening file C:\WINDOWS\system32\config\ACEEvent.evt

Error opening file C:\WINDOWS\system32\config\AppEvent.Evt

Error opening file C:\WINDOWS\system32\config\default

Error opening file C:\WINDOWS\system32\config\default.LOG

Error opening file C:\WINDOWS\system32\config\Internet.evt

Error opening file C:\WINDOWS\system32\config\Media Ce.evt

Error opening file C:\WINDOWS\system32\config\SAM

Error opening file C:\WINDOWS\system32\config\SAM.LOG

Error opening file C:\WINDOWS\system32\config\SecEvent.Evt

Error opening file C:\WINDOWS\system32\config\SECURITY

Error opening file C:\WINDOWS\system32\config\SECURITY.LOG

Error opening file C:\WINDOWS\system32\config\software

Error opening file C:\WINDOWS\system32\config\software.LOG

Error opening file C:\WINDOWS\system32\config\SysEvent.Evt

Error opening file C:\WINDOWS\system32\config\system

Error opening file C:\WINDOWS\system32\config\system.LOG

Error opening file C:\WINDOWS\system32\drivers\sptd.sys

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP

Scanning C:\WINDOWS

Error opening file C:\WINDOWS\Debug\PASSWD.LOG

Error opening file C:\WINDOWS\system32\config\ACEEvent.evt

Error opening file C:\WINDOWS\system32\config\AppEvent.Evt

Error opening file C:\WINDOWS\system32\config\default

Error opening file C:\WINDOWS\system32\config\default.LOG

Error opening file C:\WINDOWS\system32\config\Internet.evt

Error opening file C:\WINDOWS\system32\config\Media Ce.evt

Error opening file C:\WINDOWS\system32\config\SAM

Error opening file C:\WINDOWS\system32\config\SAM.LOG

Error opening file C:\WINDOWS\system32\config\SecEvent.Evt

Error opening file C:\WINDOWS\system32\config\SECURITY

Error opening file C:\WINDOWS\system32\config\SECURITY.LOG

Error opening file C:\WINDOWS\system32\config\software

Error opening file C:\WINDOWS\system32\config\software.LOG

Error opening file C:\WINDOWS\system32\config\SysEvent.Evt

Error opening file C:\WINDOWS\system32\config\system

Error opening file C:\WINDOWS\system32\config\system.LOG

Error opening file C:\WINDOWS\system32\drivers\sptd.sys

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP

Checking for registry keys affected by W32/Brontok

System scan finished at 04:06 on 8 August 2009

Processes found : 0
Processes terminated or disinfected : 0
Registry keys affected : 2
Registry keys changed : 2
Files found : 0
Files deleted : 0
Configuration: Windows XP
Firefox 3.0.13

41 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Infection par Win32.Brontok empêche l'accès à Firefox et Internet Explorer et provoque des alertes de sécurité, tandis que les performances restent lentes et plusieurs éléments du système semblent affectés. Des solutions de nettoyage ont été proposées, notamment UsbFix et Malwarebytes, avec procédures étape par étape et rapports à envoyer; certaines réponses évoquent aussi une suppression manuelle de fichiers système. La meilleure approche préconisée privilégie un examen complet avec Malwarebytes, déconnexion des applications, puis suppression des objets infectés et redémarrage, suivi de la transmission du rapport de nettoyage. Certaines interventions évoquent l'utilisation d'outils comme AD-Remover ou des modes sans échec pour mener l'analyse lorsque les outils principaux peinent, ce qui peut nécessiter une réorganisation du démarrage et des sauvegardes préalables.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. gen-hackman
     
    salut :

    ▶ Télécharge CleanX-II de sUBs (merci mOe) ici :

    ▶ Déconnecte tes accès internet. Coupe tous les accès physiques (débranchement du modem, ...).
    ▶ Ferme toutes les applications.
    ▶ Désactive puis réactive ta restauration système.
    ▶ Double-clique sur CleanX-II.exe pour démarrer la réparation.
    ▶ Clique OK lorsque tu reçois un message d'avertissement.
    ▶ A la fin du scan (qui peut prendre plusieurs minutes, patiente le temps qu'il finisse), il va produire un message d'erreur (parce que l'outil ne prend pas en compte la copie pour un Windows français). Pour contourner cette erreur, fais ceci :
    ▶ Démarrer, exécuter et tape : %temp%\report.txt . Le bloc-note va ouvrir le rapport, copie/colle le dans ton nouveau post.

    ▶ Si ce rapport montre qu'il reste encore des fichiers infectés (en fin de rapport après "POST RUN ANALYSIS"), relance l'outil une nouvelle fois.
    ▶ Ouvre à nouveau le rapport avec la méthode ci-dessus et copie le dans ta réponse. S'il reste encore des fichiers infectés, inutile de relancer encore l'outil. Il faut examiner le rapport.
    0
  2. boumara
     
    ok merci vous etes super rapides!

    voila le rapport cleanerX:

    #######################################################################

    Brontok Worm Removal Tool - (Version - 06.09.17B)
    by sUBs

    #######################################################################

    Current date: 11/08/2009 Current time: 14:48:07,70

    === PRE RUN ANALYSIS ===================================

    === POST RUN ANALYSIS ==================================

    NOTE
    The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.
    14:50:45,09

    ======================================================

    ca dit quoi doc?
    0
  3. boumara
     
    j'ai redemaré et la fenetre wibndows est toujours la.
    quand je lance cleanerX après le premier mess d'erreur ou je clic sur OK, il y en a un deuxieme qui dit :
    SYSTEM\currentcontrolset\control\virtualdevicedriver. le format du pilote de periphérique virtuel dans le registre n'est pas valide. choisissez fermer pou mettre fin à l'aplication.

    ce à quoi j'ai répondu "igorer"...

    j'ai bon?
    0
  4. boumara
     
    le deuxieme rapport :

    #######################################################################

    Brontok Worm Removal Tool - (Version - 06.09.17B)
    by sUBs

    #######################################################################

    Current date: 11/08/2009 Current time: 15:01:40,35

    === PRE RUN ANALYSIS ===================================

    === POST RUN ANALYSIS ==================================

    NOTE
    The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.
    15:08:32,09

    ======================================================
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. gen-hackman
     
    Desactive la protection residente de ton antivirus et ton parefeu si present , le temps du scan

    Telecharge List'em et enregistre-le sur ton bureau et pas ailleurs

    double-clic (Pour vista clic droit "executer en tant qu'administrateur")sur l'icone présent sur le bureau pour le lancer

    laisse travailler l'outil, le scan devrait durer moins de 10 mn

    une fois le scan Terminé le rapport s'affiche

    colle son contenu si des fichiers sont detectés dans ta prochaine reponse ici.
    0
  7. boumara
     
    voila le résultat :
    List'em by g3n-h@ckm@n 1.0.1.1

    Microsoft Windows XP [version 5.1.2600]

    Infections possibles :

    C:\WINDOWS\System.exe - Présent !
    C:\WINDOWS\System32\drivers\svchost.exe - Présent !
    C:\WINDOWS\config\svchost.exe - Présent !
    C:\WINDOWS\System32\ACTSKN43.OCX - Présent !
    Clé infectieuse présente ! HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
    Clé infectieuse présente ! HKCU\SOFTWARE\EoRezo
    Clé infectieuse présente ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
    Clé infectieuse présente ! HKLM\SOFTWARE\EoRezo
    Clé infectieuse présente ! HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
    Clé infectieuse présente ! "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EoEngine"
    Clé infectieuse présente ! "HKLM\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\EoRss"
    Clé infectieuse présente ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
    Clé infectieuse présente ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EoRss_is1
    Clé infectieuse présente ! HKCU\SOFTWARE\ItsLabel
    Clé infectieuse présente ! "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ItsTV"
    0
  8. gen-hackman
     
    Télécharge OTL de OLDTimer

    ▶ Double clic sur OTL.exe pour le lancer.

    ▶Copie la liste qui se trouve en gras ci-dessous,

    ▶ colle-la dans la zone sous Customs Scans/Fixes :

    :processes
    explorer.exe
    iexplore.exe
    firefox.exe
    msnmsgr.exe
    Teatimer.exe

    :reg
    [-HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}]
    [-HKEY_CURRENT_USER\SOFTWARE\EoRezo]
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64­F56FC1-1272-44CD-BA6E-39723696E350}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-3972369­6E350}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EoEngine]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\EoRss]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EoRss_is1]
    [-HKEY_CURRENT_USER\SOFTWARE\ItsLabel]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ItsTV]

    :files
    C:\WINDOWS\System.exe
    C:\WINDOWS\System32\drivers\svchost.exe
    C:\WINDOWS\config\svchost.exe
    C:\WINDOWS\System32\ACTSKN43.OCX

    :commands
    [emptytemp]
    [reboot]


    ▶ Clique sur RunFix pour lancer la suppression.

    ▶ Poste le rapport.

    ensuite :

    ▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :

    ▶ Déconnecte toi et ferme toutes applications en cours !

    ▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

    ▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

    ▶ Au menu principal choisis l'option "L" et tape sur [entrée] .

    ▶ Laisse travailler l'outil et ne touche à rien ...

    ▶ Poste le rapport qui apparait à la fin , sur le forum ...

    ( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    ▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
  9. boumara
     
    ensuite ? j'ai lancé run scan. j'ai bien fait?
    0
  10. gen-hackman
     
    ce n'est pas ce qui etait demandé
    0
  11. boumara
     
    les résultats :

    OTL Extras logfile created on: 11/08/2009 15:52:46 - Run 1
    OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\guillaume\Bureau
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1021,98 Mb Total Physical Memory | 692,56 Mb Available Physical Memory | 67,77% Memory free
    2,41 Gb Paging File | 2,19 Gb Available in Paging File | 91,10% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 92,91 Gb Total Space | 25,86 Gb Free Space | 27,83% Space Free | Partition Type: NTFS
    Drive D: | 50,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
    E: Drive not present or media not loaded
    Drive F: | 2,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
    Drive G: | 991,22 Mb Total Space | 139,28 Mb Free Space | 14,05% Space Free | Partition Type: FAT
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: YOUR-6FBB7B0EF0
    Current User Name: guillaume
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    [color=#E56717]========== Extra Registry (SafeList) ==========[/color]

    [color=#E56717]========== File Associations ==========[/color]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found
    .url [@ = InternetShortcut] -- Reg Error: Key error. File not found

    [color=#E56717]========== Security Center Settings ==========[/color]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 1
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
    "4662:TCP" = 4662:TCP:*:Enabled:emule TCP
    "4672:UDP" = 4672:UDP:*:Enabled:emule UDP

    [color=#E56717]========== Authorized Applications List ==========[/color]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
    "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- File not found
    "C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" = C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite -- File not found
    "C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\graw.exe" = C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\graw.exe:*:Enabled:graw -- File not found
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
    "C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
    "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
    "C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()
    "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus -- File not found
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
    "C:\Documents and Settings\guillaume\Bureau\freezer.exe" = C:\Documents and Settings\guillaume\Bureau\freezer.exe:*:Enabled:freezer -- ()
    "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
    "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- ()

    [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
    "{09F55516-AC75-43EA-8127-292E5A28B7DF}" = Monster Trux Extreme - Offroad Edition
    "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
    "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = Assist TOSHIBA
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
    "{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
    "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
    "{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
    "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{3EB6332B-AF02-457C-A31C-835458C5B48B}" = Manuels TOSHIBA
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
    "{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = Formatage de carte mémoire SD TOSHIBA
    "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
    "{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
    "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = Utilitaire de zoom TOSHIBA
    "{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
    "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works
    "{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
    "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = Son virtuel TOSHIBA
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
    "{91A1040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit lect. CD/DVD
    "{A3E69764-3368-4FFF-9132-DBCA6394797C}" = SymNet
    "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = Commandes TOSHIBA
    "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{AF3C56EF-C317-4496-86D3-A03642A9918A}" = SynthEdit
    "{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
    "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
    "{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FADB55D0-403F-4413-A268-CF0A6F1185C2}" = OpenOffice.org 2.3
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "{FFB4DD53-28B7-4981-BFF0-9BD801F61095}" = Norton Internet Security
    "Ad-Aware SE Personal" = Ad-Aware SE Personal
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AGEIA PhysX v2.3.3" = AGEIA PhysX v2.3.3
    "Audacity_is1" = Audacity 1.2.6
    "BitTorrent" = BitTorrent 5.0.9
    "CDex" = CDex extraction audio
    "Collab" = Collab
    "Compel install Adaptec WinASPI-4.6.0(1021)_is1" = Compel Adaptec WinASPI
    "dBpowerAMP FLAC Codec" = dBpowerAMP FLAC Codec
    "DC++" = DC++ 0.699
    "Deckadance" = Deckadance
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "eoEngine_is1" = eoEngine 4.5
    "eoRss_is1" = eoRss 2.2
    "ffdshow_is1" = ffdshow [rev 2060] [2008-08-01]
    "File Writer output plugin" = File Writer output plugin for WinAMP 2 v1.17(c) (remove only)
    "FL Studio 7" = FL Studio 7
    "FLVplayer" = FLV Player
    "Free Audio Converter_is1" = Free Audio Converter 2.0.0.5
    "Free Download Manager_is1" = Free Download Manager 2.5
    "Google Updater" = Outil de mise à jour Google
    "HP Photo & Imaging" = HP Image Zone 4.7
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "IL Download Manager" = IL Download Manager
    "InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "LastFM_is1" = Last.fm 1.5.1.30182
    "Les pays d'Afrique" = Les pays d'Afrique
    "LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
    "Magic ISO Maker v5.3 (build 0229)" = Magic ISO Maker v5.3 (build 0229)
    "Media Player Classic" = Media Player Classic fr
    "MeowMultiSound_is1" = MeowMultiSound 1.00
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
    "mmswitch" = Morgan Stream Switcher
    "Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NeoDivX2008" = NeoDivx 2008
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "PartyPoker" = PartyPoker
    "Picasa2" = Picasa 2
    "Power Saver" = Gestion d'énergie TOSHIBA
    "ProInst" = Logiciel Intel(R) PROSet/Wireless
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "ShockwaveFlash" = Macromedia Flash Player 8
    "Soulseek" = SoulSeek Client 156c
    "Stellar Phoenix FAT & NTFS_is1" = Stellar Phoenix (FAT & NTFS) 2.1
    "Stellar Phoenix Windows Data Recovery_is1" = Stellar Phoenix Windows Data Recovery V3.0
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "SystemGuards_is1" = SystemGuards 1.1.0.0
    "Theorica Divx ;-) Codecs" = Theorica Divx ;-) Codecs (remove only)
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "Veoh Web Player Beta" = Veoh Web Player
    "VLC media player" = VLC media player 0.9.8a
    "VST Bridge_is1" = VST Bridge 1.1
    "WinamaxPoker" = Winamax Poker (remove only)
    "Winamp" = Winamp (remove only)
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Lecteur Windows Media 11
    "WinGimp-2.0_is1" = GIMP 2.4.2
    "WinRAR archiver" = Archiveur WinRAR
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "X10Hardware" = X10 Hardware(TM)
    "x264 Revision 305 x264.nl" = x264 Revision 305 x264.nl (remove only)
    "Xvid_is1" = Xvid 1.1.3 final uninstall

    [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Warcraft III" = Warcraft III: All Products

    [color=#E56717]========== Last 10 Event Log Errors ==========[/color]

    [ Application Events ]
    Error - 07/08/2009 20:07:17 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

    Error - 07/08/2009 20:33:07 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Error | ID = 1000
    Description = Application défaillante iexplore.exe, version 6.0.2900.2180, module
    défaillant shell32.dll, version 0.0.0.0, adresse de défaillance 0x00002626.

    Error - 07/08/2009 20:37:38 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

    Error - 07/08/2009 20:52:03 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Error | ID = 1000
    Description = Application défaillante iexplore.exe, version 6.0.2900.2180, module
    défaillant kernel32.dll, version 5.1.2600.2945, adresse de défaillance 0x00012a5b.

    Error - 07/08/2009 22:16:57 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

    Error - 08/08/2009 07:57:28 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

    Error - 09/08/2009 09:11:39 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Hang | ID = 1002
    Description = Application bloquée winamp.exe, version 5.3.2.1003, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 09/08/2009 09:12:46 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Hang | ID = 1002
    Description = Application bloquée winamp.exe, version 5.3.2.1003, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 09/08/2009 09:13:47 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Hang | ID = 1002
    Description = Application bloquée winamp.exe, version 5.3.2.1003, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 11/08/2009 08:59:47 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

    [ Application Events ]
    Error - 07/08/2009 20:07:17 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

    Error - 07/08/2009 20:33:07 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Error | ID = 1000
    Description = Application défaillante iexplore.exe, version 6.0.2900.2180, module
    défaillant shell32.dll, version 0.0.0.0, adresse de défaillance 0x00002626.

    Error - 07/08/2009 20:37:38 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

    Error - 07/08/2009 20:52:03 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Error | ID = 1000
    Description = Application défaillante iexplore.exe, version 6.0.2900.2180, module
    défaillant kernel32.dll, version 5.1.2600.2945, adresse de défaillance 0x00012a5b.

    Error - 07/08/2009 22:16:57 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

    Error - 08/08/2009 07:57:28 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

    Error - 09/08/2009 09:11:39 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Hang | ID = 1002
    Description = Application bloquée winamp.exe, version 5.3.2.1003, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 09/08/2009 09:12:46 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Hang | ID = 1002
    Description = Application bloquée winamp.exe, version 5.3.2.1003, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 09/08/2009 09:13:47 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Hang | ID = 1002
    Description = Application bloquée winamp.exe, version 5.3.2.1003, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 11/08/2009 08:59:47 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

    [ System Events ]
    Error - 08/08/2009 07:58:30 | Computer Name = YOUR-6FBB7B0EF0 | Source = Service Control Manager | ID = 7000
    Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
    en raison de l'erreur : %%1053

    Error - 08/08/2009 12:59:42 | Computer Name = YOUR-6FBB7B0EF0 | Source = Service Control Manager | ID = 7023
    Description = Le service Explorateur d'ordinateur s'est arrêté avec l'erreur : %%1460

    Error - 09/08/2009 09:11:27 | Computer Name = YOUR-6FBB7B0EF0 | Source = Disk | ID = 262151
    Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux.

    Error - 09/08/2009 09:11:29 | Computer Name = YOUR-6FBB7B0EF0 | Source = Disk | ID = 262151
    Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux.

    Error - 09/08/2009 09:11:31 | Computer Name = YOUR-6FBB7B0EF0 | Source = Disk | ID = 262151
    Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux.

    Error - 09/08/2009 09:11:38 | Computer Name = YOUR-6FBB7B0EF0 | Source = Disk | ID = 262151
    Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux.

    Error - 11/08/2009 09:00:49 | Computer Name = YOUR-6FBB7B0EF0 | Source = Service Control Manager | ID = 7000
    Description = Le service Creative Service for CDROM Access n'a pas pu démarrer en
    raison de l'erreur : %%2

    Error - 11/08/2009 09:00:49 | Computer Name = YOUR-6FBB7B0EF0 | Source = Service Control Manager | ID = 7009
    Description = Délai (30000 millisecondes) d'attente pour une connexion du service
    Planificateur LiveUpdate automatique.

    Error - 11/08/2009 09:00:49 | Computer Name = YOUR-6FBB7B0EF0 | Source = Service Control Manager | ID = 7000
    Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
    en raison de l'erreur : %%1053

    Error - 11/08/2009 09:06:46 | Computer Name = YOUR-6FBB7B0EF0 | Source = Service Control Manager | ID = 7023
    Description = Le service Explorateur d'ordinateur s'est arrêté avec l'erreur : %%1460

    < End of report >

    OTL logfile created on: 11/08/2009 15:50:28 - Run 1
    OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\guillaume\Bureau
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1021,98 Mb Total Physical Memory | 708,94 Mb Available Physical Memory | 69,37% Memory free
    2,41 Gb Paging File | 2,20 Gb Available in Paging File | 91,65% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 92,91 Gb Total Space | 25,86 Gb Free Space | 27,83% Space Free | Partition Type: NTFS
    Drive D: | 50,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
    E: Drive not present or media not loaded
    Drive F: | 2,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
    Drive G: | 991,22 Mb Total Space | 139,33 Mb Free Space | 14,06% Space Free | Partition Type: FAT
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: YOUR-6FBB7B0EF0
    Current User Name: guillaume
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    [color=#E56717]========== Processes (SafeList) ==========[/color]

    PRC - [2006/08/02 01:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2006/08/02 01:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    PRC - [2005/01/18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2007/08/15 10:01:26 | 00,159,744 | -HS- | M] ( ) -- C:\WINDOWS\System.exe
    PRC - [2004/08/10 14:00:00 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
    PRC - [2006/03/01 03:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\System32\crypserv.exe
    PRC - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
    PRC - [2005/08/05 15:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
    PRC - [2006/05/01 22:04:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
    PRC - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
    PRC - [2006/08/02 01:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2007/01/08 23:39:44 | 00,171,040 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    PRC - [2007/09/04 12:44:04 | 00,028,672 | ---- | M] () -- C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
    PRC - [2006/02/07 16:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    PRC - [2001/11/12 13:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
    PRC - [2005/08/05 13:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
    PRC - [2007/04/07 17:39:24 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2009/08/08 01:45:39 | 00,043,180 | ---- | M] () -- C:\WINDOWS\System32\drivers\svchost.exe
    PRC - [2006/03/23 21:13:30 | 00,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
    PRC - [2009/08/11 15:47:30 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\guillaume\Bureau\OTL.exe

    [color=#E56717]========== Win32 Services (SafeList) ==========[/color]

    SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
    SRV - [2006/03/22 08:48:56 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
    SRV - File not found -- -- (ccEvtMgr [Auto | Stopped])
    SRV - File not found -- -- (ccSetMgr [Auto | Stopped])
    SRV - [2005/01/18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
    SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
    SRV - File not found -- -- (Creative Service for CDROM Access [Auto | Stopped])
    SRV - [2006/03/01 03:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\System32\crypserv.exe -- (Crypkey License [Auto | Running])
    SRV - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
    SRV - [2005/08/05 15:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
    SRV - [2006/08/02 01:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
    SRV - [2009/04/05 01:19:46 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
    SRV - [2004/08/10 14:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
    SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
    SRV - File not found -- -- (LiveUpdate [On_Demand | Stopped])
    SRV - [2005/08/05 13:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
    SRV - [2004/08/10 07:30:26 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
    SRV - File not found -- -- (NSCService [On_Demand | Stopped])
    SRV - [2006/05/01 22:04:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
    SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
    SRV - [2006/08/03 18:29:28 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Planificateur LiveUpdate automatique [Auto | Stopped])
    SRV - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
    SRV - [2006/08/02 01:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
    SRV - [2007/01/08 23:39:44 | 00,171,040 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
    SRV - [2006/08/02 01:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
    SRV - [2007/09/04 12:44:04 | 00,028,672 | ---- | M] () -- C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe -- (sgSchedulerService [Auto | Running])
    SRV - File not found -- -- (SNDSrvc [On_Demand | Stopped])
    SRV - [2006/02/07 16:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV [Auto | Running])
    SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
    SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
    SRV - [2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
    SRV - File not found -- -- (x10nets [Auto | Running])

    [color=#E56717]========== Driver Services (SafeList) ==========[/color]

    DRV - [2006/12/23 17:11:16 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
    DRV - [2005/12/13 18:08:44 | 01,124,097 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
    DRV - [2006/04/02 02:46:28 | 00,471,264 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])
    DRV - [1999/09/10 13:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (Aspi32 [Auto | Running])
    DRV - [2006/03/22 08:56:24 | 01,522,688 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
    DRV - [2005/10/06 05:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
    DRV - [2005/08/25 12:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
    DRV - [2005/10/06 05:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
    DRV - [2005/10/06 05:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
    DRV - [2005/10/06 05:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
    DRV - [2005/10/06 05:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
    DRV - [2005/08/25 12:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
    DRV - [2005/10/06 05:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
    DRV - [2005/10/06 05:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
    DRV - [2005/09/12 03:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
    DRV - [2005/08/12 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
    DRV - [2006/01/13 01:27:48 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
    DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
    DRV - [2007/03/08 06:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
    DRV - [2007/03/08 06:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
    DRV - [2007/03/08 06:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
    DRV - [2006/03/23 21:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
    DRV - [2006/05/05 16:13:52 | 04,271,616 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
    DRV - [2003/09/10 23:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\System32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
    DRV - [2003/01/29 23:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
    DRV - [2006/07/26 19:39:32 | 01,707,776 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])
    DRV - [2006/01/10 04:47:27 | 00,031,846 | ---- | M] () -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX [System | Running])
    DRV - [2006/05/01 22:04:00 | 03,643,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
    DRV - [2003/09/19 01:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
    DRV - [2004/08/10 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
    DRV - [2008/02/23 04:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
    DRV - [2006/08/02 02:27:48 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
    DRV - [2004/08/10 14:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
    DRV - [2001/08/17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
    DRV - [2007/01/15 20:00:53 | 00,639,224 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
    DRV - [2007/01/07 12:38:48 | 00,115,000 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
    DRV - [2006/08/07 17:02:22 | 00,024,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Stopped])
    DRV - [2006/08/07 17:02:26 | 00,195,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
    DRV - [2006/03/03 00:46:54 | 00,191,968 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
    DRV - [2005/11/30 19:12:00 | 00,162,560 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
    DRV - [2005/09/09 14:47:10 | 00,009,344 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tosrfec.sys -- (tosrfec [On_Demand | Stopped])
    DRV - [2005/10/20 14:03:42 | 00,006,144 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\DRIVERS\NBSMI.sys -- (TVALD [On_Demand | Running])
    DRV - [2006/05/30 16:42:52 | 00,045,696 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Running])
    DRV - [2005/11/28 10:45:16 | 00,007,040 | ---- | M] (X10 Wireless Technology, Inc.) -- C:\WINDOWS\System32\Drivers\x10hid.sys -- (X10Hid [On_Demand | Running])

    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]

    [color=#E56717]========== Internet Explorer ==========[/color]

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    [color=#E56717]========== FireFox ==========[/color]

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaulturl: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
    FF - prefs.js..browser.startup.homepage: "http://french.icrfast.com/index.php?rvs=hompag"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
    FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
    FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.4.4
    FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
    FF - prefs.js..network.proxy.http: "localhost"
    FF - prefs.js..network.proxy.http_port: 8800
    FF - prefs.js..network.proxy.type: 4

    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/08 01:58:11 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/08 01:58:11 | 00,000,000 | ---D | M]

    [2009/03/07 20:47:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\guillaume\Application Data\mozilla\Extensions
    [2009/03/07 20:47:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\guillaume\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2009/08/08 02:00:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\guillaume\Application Data\mozilla\Firefox\Profiles\ns6b0g4r.default\extensions
    [2008/12/14 18:59:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\guillaume\Application Data\mozilla\Firefox\Profiles\ns6b0g4r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2009/07/27 18:43:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\guillaume\Application Data\mozilla\Firefox\Profiles\ns6b0g4r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2009/05/06 04:06:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\guillaume\Application Data\mozilla\Firefox\Profiles\ns6b0g4r.default\extensions\searchrecs@veoh.com
    [2009/08/02 16:53:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
    [2006/12/23 20:55:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2009/08/08 01:58:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2007/10/20 18:01:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    [2008/04/12 00:00:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    [2009/08/08 01:58:06 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
    [2009/08/08 01:58:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
    [2009/04/15 22:24:54 | 01,044,480 | ---- | M] (The OpenSSL Project, https://www.openssl.org/ -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
    [2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
    [2007/08/16 02:05:00 | 00,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
    [2009/04/15 22:24:36 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
    [2009/04/15 22:24:44 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
    [2007/10/11 15:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
    [2009/08/08 01:58:08 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
    [2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
    [2008/01/16 22:25:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
    [2008/01/16 22:25:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
    [2008/01/16 22:25:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
    [2008/01/16 22:25:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
    [2008/01/16 22:25:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
    [2008/01/16 22:25:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
    [2008/01/16 22:25:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
    [2008/10/04 21:24:00 | 03,695,008 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
    [2009/04/15 22:24:54 | 00,200,704 | ---- | M] (The OpenSSL Project, https://www.openssl.org/ -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
    [2009/05/15 14:27:29 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2009/05/15 14:27:29 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2009/05/15 14:27:29 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2009/05/15 14:27:29 | 00,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
    [2009/05/15 14:27:29 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2009/05/15 14:27:29 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (EoBho Class) - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll ()
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
    O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
    O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\System32\ieso0.dll ()
    O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [SVCHOST.EXE] C:\WINDOWS\System32\drivers\svchost.exe ()
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\.pro File not found
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\guillaume\Menu Démarrer\Programmes\Démarrage\.pro File not found
    F3 - HKCU WinNT: Load - (System) - C:\WINDOWS\System.exe ( )
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Télécharger avec Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
    O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
    O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
    O8 - Extra context menu item: Tout télécharger avec Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
    O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/... (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (System) - C:\WINDOWS\System.exe ( )
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/08/11 14:59:45 | 00,000,124 | -HS- | M] () - C:\Autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2008/07/21 12:33:27 | 00,000,027 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O32 - AutoRun File - [2005/10/14 23:07:27 | 00,106,496 | R--- | M] () - F:\Autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2006/03/03 18:02:09 | 00,000,086 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
    O32 - AutoRun File - [2005/10/14 23:07:27 | 00,106,496 | R--- | M] () - F:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2009/08/11 15:49:10 | 00,000,124 | -HS- | M] () - G:\Autorun.inf -- [ FAT ]
    O33 - MountPoints2\{00172267-9ddb-11dd-a596-00a0d15e3078}\Shell\AutoRun\command - "" = E:\
    O33 - MountPoints2\{00172267-9ddb-11dd-a596-00a0d15e3078}\Shell\explore\Command - "" = E:\RECYCLED\INFO.exe -- File not found
    O33 - MountPoints2\{00172267-9ddb-11dd-a596-00a0d15e3078}\Shell\open\Command - "" = E:\RECYCLED\INFO.exe -- File not found
    O33 - MountPoints2\{07c33796-9667-11db-a479-00a0d15e3078}\Shell\AutoRun\command - "" = E:\bicsxk03.com -- File not found
    O33 - MountPoints2\{07c33796-9667-11db-a479-00a0d15e3078}\Shell\explore\Command - "" = E:\bicsxk03.com -- File not found
    O33 - MountPoints2\{07c33796-9667-11db-a479-00a0d15e3078}\Shell\open\Command - "" = E:\bicsxk03.com -- File not found
    O33 - MountPoints2\{0ac4f6ce-1c66-11de-a5b5-00a0d15e3078}\Shell\AutoRun\command - "" = G:\bicsxk03.com -- File not found
    O33 - MountPoints2\{0ac4f6ce-1c66-11de-a5b5-00a0d15e3078}\Shell\explore\Command - "" = G:\bicsxk03.com -- File not found
    O33 - MountPoints2\{0ac4f6ce-1c66-11de-a5b5-00a0d15e3078}\Shell\open\Command - "" = G:\bicsxk03.com -- File not found
    O33 - MountPoints2\{38eb1ef5-e57f-11dc-a526-00a0d15e3078}\Shell\AutoRun\command - "" = E:\bicsxk03.com -- File not found
    O33 - MountPoints2\{38eb1ef5-e57f-11dc-a526-00a0d15e3078}\Shell\explore\Command - "" = E:\bicsxk03.com -- File not found
    O33 - MountPoints2\{38eb1ef5-e57f-11dc-a526-00a0d15e3078}\Shell\open\Command - "" = E:\bicsxk03.com -- File not found
    O33 - MountPoints2\{45a48944-7a90-11dc-a4cf-00a0d15e3078}\Shell\AutoRun\command - "" = E:\bicsxk03.com -- File not found
    O33 - MountPoints2\{45a48944-7a90-11dc-a4cf-00a0d15e3078}\Shell\explore\Command - "" = E:\bicsxk03.com -- File not found
    O33 - MountPoints2\{45a48944-7a90-11dc-a4cf-00a0d15e3078}\Shell\open\Command - "" = E:\bicsxk03.com -- File not found
    O33 - MountPoints2\{534ad411-2a19-11dd-a55c-00a0d15e3078}\Shell - "" = AutoRun
    O33 - MountPoints2\{534ad411-2a19-11dd-a55c-00a0d15e3078}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{534ad412-2a19-11dd-a55c-00a0d15e3078}\Shell\AutoRun\command - "" =
    0
  12. boumara
     
    ha... pardon pardon....

    j'ai compris pour agrandir la fenetre de discution...

    OTL donne Range check error.

    et cet fois j'ai respecté vos instructions
    0
  13. gen-hackman
     
    bon supprime ces 4 fichiers manuellement et passe à AD-Remover :

    C:\WINDOWS\System.exe
    C:\WINDOWS\System32\drivers\svchost.exe
    C:\WINDOWS\config\svchost.exe
    C:\WINDOWS\System32\ACTSKN43.OCX
    0
  14. boumara
     
    je ne trouve aucun des quatre fichiers

    je suis rentré ds le dossier windows via la commande executé.
    il y a bien une icone "system" mais pas de system.exe.
    les autre dossier sont présent mais pas les fichiers que je dois suprimé.

    que fair?
    0
  15. gen-hackman
     
    fais ceci , ils vont apparaitre comme par enchantement ^^

    ▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    * - Coche Afficher les fichiers et dossiers cachés
    * - Décoche Masquer les extensions des fichiers dont le type est connu
    * - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

    ▶ clique sur Appliquer, puis OK.
    0
  16. boumara
     
    alors c'est bizards :
    à chaque fois que je coche "afficher les fichiers et dossiers cachés" j'applique puis "ok" et la rien ne se passe!
    je retourne ds options des dossiers / affichage et à chaque fois l'item "afficher les fichiers et dossiers cachés" est décoché...

    crise de nerfs... snif
    0
  17. gen-hackman
     
    les autres cases sont restées cochées ? va verifier et supprimer les fichers demandés en ce cas
    0
  18. boumara
     
    oui les autrres cases sont resté cochés mais les fichiers ne sont pas apparus
    0
  19. gen-hackman
     
    ▶ Télécharge et install UsbFix par Chiquitine29

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    ▶ Double clic sur le raccourci UsbFix présent sur ton bureau .

    ▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    ▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

    ▶ Laisse travailler l'outil.

    ▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

    Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
  • 1
  • 2
  • 3