Win32.brontok..... à l'aide svp

[Fermé]
Signaler
-
 Utilisateur anonyme -
bonjours

j'ai été infecté par win32.brontok et je ne peu plus accéder à firefox et internet explorer.
une fenêtre windows security center alert me propose de télécharger un truc pour l'éliminer mais je ne l'ai pas fait.
A part ca les programmes tournent mais sont un peu lents.

je vous poste le rapport brontgui et RSIT

merci d'avance!



RESOLVE Version 1.07
Copyright (c) 2004, Sophos Plc, www.sophos.com

System disinfection for W32/Brontok

Data Version 1.03

System scan started at 03:00 on 8 August 2009

Checking for W32/Brontok in memory

Checking for registry keys affected by W32/Brontok

Reset registry value HKCU\software\microsoft\windows\currentversion\explorer\advanced\ShowSuperHidden
Reset registry value HKCU\software\microsoft\windows\currentversion\explorer\advanced\HideFileExt

Checking for files affected by W32/Brontok

Scanning C:

Error opening file C:\Documents and Settings\guillaume\Cookies\index.dat


Could not scan 12-{3231C557-19CA-0191-2F65-7124C305FF64}-v1-{D72C1052-D1FB-469C-B2BA-777B95383F4E}-v12-Downloaded.frx

Error opening file C:\Documents and Settings\guillaume\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

Error opening file C:\Documents and Settings\guillaume\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

Error opening file C:\Documents and Settings\guillaume\Local Settings\Historique\History.IE5\index.dat

Error opening file C:\Documents and Settings\guillaume\Local Settings\Temp\~DF987.tmp

Error opening file C:\Documents and Settings\guillaume\Local Settings\Temporary Internet Files\Content.IE5\index.dat

Error opening file C:\Documents and Settings\guillaume\Mes documents\cours kiné\memoire sept\MEMOIRE DEFINITIF\._stratégie H?C an9.doc

Error opening file C:\Documents and Settings\guillaume\Mes documents\cours kiné\memoire sept\MEMOIRE DEFINITIF\PDF\stratégie H?C an9.pdf

Error opening file C:\Documents and Settings\guillaume\Mes documents\cours kiné\memoire sept\MEMOIRE DEFINITIF\stratégie H?C an9.doc


Could not scan 00-idren_natural_bw_jah_shaka_and_mighty_massa-justice-(10_inch-br1006)-vinyl-2007-gmg.jpg


Could not scan 00-idren_natural_bw_jah_shaka_and_mighty_massa-justice-(10_inch-br1006)-vinyl-2007-gmg.m3u


Could not scan 00-idren_natural_bw_jah_shaka_and_mighty_massa-justice-(10_inch-br1006)-vinyl-2007-gmg.nfo


Could not scan 00-idren_natural_bw_jah_shaka_and_mighty_massa-justice-(10_inch-br1006)-vinyl-2007-gmg.sfv


Could not scan INCOMPLETE~Blakamix Feat. Horace Andy - Seek And You Will Find - A2 - Seek And You Will Find (Acapella).mp3

Error opening file C:\Documents and Settings\guillaume\Mes documents\download\- roots dub steppa\+ Blakamix\blakamix feat. horace andy - seek and you will find [12'' single]\INCOMPLETE~Blakamix Feat. Horace Andy - Seek And You Will Find - B2 - Dub And You Will Find (Verse 2).mp3


Could not scan 00-counteraction_warriors_bw_jah_mystic-where_were_from-(count001)-vinyl-2007-a-gmg.jpg


Could not scan 00-counteraction_warriors_bw_jah_mystic-where_were_from-(count001)-vinyl-2007-b-gmg.jpg


Could not scan 00-counteraction_warriors_bw_jah_mystic-where_were_from-(count001)-vinyl-2007-gmg.m3u


Could not scan 00-counteraction_warriors_bw_jah_mystic-where_were_from-(count001)-vinyl-2007-gmg.nfo


Could not scan 00-counteraction_warriors_bw_jah_mystic-where_were_from-(count001)-vinyl-2007-gmg.sfv

Error opening file C:\Documents and Settings\guillaume\Mes documents\download\- roots dub steppa\+ INNER SANCTUARY\Mykal_Rose_Bw_Paul_Fox-Babylon_Kingdom_Fall-(12_Inch_ACT12_16)-Vinyl-2007-GMG\00-mykal_rose_bw_paul_fox-babylon_kingdom_fall-(12_inch_act12_16)-vinyl-2007-a-gmg.jpg

Error opening file C:\Documents and Settings\guillaume\Mes documents\download\- roots dub steppa\+ INNER SANCTUARY\Mykal_Rose_Bw_Paul_Fox-Babylon_Kingdom_Fall-(12_Inch_ACT12_16)-Vinyl-2007-GMG\00-mykal_rose_bw_paul_fox-babylon_kingdom_fall-(12_inch_act12_16)-vinyl-2007-b-gmg.jpg


Could not scan REGGAE ON TOP - ROTS028A - Barry Isaac - Japanese Girl - 7 inch - Barry Isaac & Hughie Izachaar - 2001.mp3


Could not scan REGGAE ON TOP - ROTS028B - Reggae On Top All Stars - Japanese Girl Dub - 7 inch - Barry Isaac & Hughie I.mp3


Could not scan 00 - Twinkle Brothers - Rasta Pon Top and It Gwine Dreada (Twinkle 12'' 198x) - 1981.m3u


Could not scan 00-noel_zebulon_mts_isses_dread-international_dubwise-(10_inch-h_and_h101)-vinyl-2007-a-gmg.jpg


Could not scan 00-noel_zebulon_mts_isses_dread-international_dubwise-(10_inch-h_and_h101)-vinyl-2007-b-gmg.jpg


Could not scan 00-noel_zebulon_mts_isses_dread-international_dubwise-(10_inch-h_and_h101)-vinyl-2007-gmg.m3u


Could not scan 00-noel_zebulon_mts_isses_dread-international_dubwise-(10_inch-h_and_h101)-vinyl-2007-gmg.nfo


Could not scan 00-noel_zebulon_mts_isses_dread-international_dubwise-(10_inch-h_and_h101)-vinyl-2007-gmg.sfv


Could not scan 00-hugo_blackwood_and_dr_alimantado-reggae_music-(roots9-reissue_1977)-ep-2006-a-gmg.jpg


Could not scan 00-hugo_blackwood_and_dr_alimantado-reggae_music-(roots9-reissue_1977)-ep-2006-b-gmg.jpg


Could not scan 00-hugo_blackwood_and_dr_alimantado-reggae_music-(roots9-reissue_1977)-ep-2006-gmg.m3u


Could not scan 00-hugo_blackwood_and_dr_alimantado-reggae_music-(roots9-reissue_1977)-ep-2006-gmg.nfo


Could not scan 00-hugo_blackwood_and_dr_alimantado-reggae_music-(roots9-reissue_1977)-ep-2006-gmg.sfv


Could not scan 00-wailing_souls_and_ranking_trevor-war-(12_inch_reissue_1978-gred1)-vinyl-2007-a-gmg.jpg


Could not scan 00-wailing_souls_and_ranking_trevor-war-(12_inch_reissue_1978-gred1)-vinyl-2007-b-gmg.jpg


Could not scan 00-wailing_souls_and_ranking_trevor-war-(12_inch_reissue_1978-gred1)-vinyl-2007-gmg.m3u


Could not scan 00-wailing_souls_and_ranking_trevor-war-(12_inch_reissue_1978-gred1)-vinyl-2007-gmg.nfo


Could not scan 00-wailing_souls_and_ranking_trevor-war-(12_inch_reissue_1978-gred1)-vinyl-2007-gmg.sfv


Could not scan 00-creation_stepper_and_the_dubateers_bw_dandelion-go_back_a_yard-(da1005)-vinyl-2007-gmg.m3u


Could not scan 00-creation_stepper_and_the_dubateers_bw_dandelion-go_back_a_yard-(da1005)-vinyl-2007-gmg.nfo


Could not scan 00-creation_stepper_and_the_dubateers_bw_dandelion-go_back_a_yard-(da1005)-vinyl-2007-gmg.sfv

Error opening file C:\Documents and Settings\guillaume\NTUSER.DAT

Error opening file C:\Documents and Settings\guillaume\ntuser.dat.LOG

Error opening file C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

Error opening file C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

Error opening file C:\Documents and Settings\NetworkService\NTUSER.DAT

Error opening file C:\Documents and Settings\NetworkService\ntuser.dat.LOG

Error opening file C:\pagefile.sys

Error opening file C:\resolve.log

Error opening file C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP665\change.log

Error opening file C:\WINDOWS\Debug\PASSWD.LOG

Error opening file C:\WINDOWS\system32\config\ACEEvent.evt

Error opening file C:\WINDOWS\system32\config\AppEvent.Evt

Error opening file C:\WINDOWS\system32\config\default

Error opening file C:\WINDOWS\system32\config\default.LOG

Error opening file C:\WINDOWS\system32\config\Internet.evt

Error opening file C:\WINDOWS\system32\config\Media Ce.evt

Error opening file C:\WINDOWS\system32\config\SAM

Error opening file C:\WINDOWS\system32\config\SAM.LOG

Error opening file C:\WINDOWS\system32\config\SecEvent.Evt

Error opening file C:\WINDOWS\system32\config\SECURITY

Error opening file C:\WINDOWS\system32\config\SECURITY.LOG

Error opening file C:\WINDOWS\system32\config\software

Error opening file C:\WINDOWS\system32\config\software.LOG

Error opening file C:\WINDOWS\system32\config\SysEvent.Evt

Error opening file C:\WINDOWS\system32\config\system

Error opening file C:\WINDOWS\system32\config\system.LOG

Error opening file C:\WINDOWS\system32\drivers\sptd.sys

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP


Scanning C:\WINDOWS

Error opening file C:\WINDOWS\Debug\PASSWD.LOG

Error opening file C:\WINDOWS\system32\config\ACEEvent.evt

Error opening file C:\WINDOWS\system32\config\AppEvent.Evt

Error opening file C:\WINDOWS\system32\config\default

Error opening file C:\WINDOWS\system32\config\default.LOG

Error opening file C:\WINDOWS\system32\config\Internet.evt

Error opening file C:\WINDOWS\system32\config\Media Ce.evt

Error opening file C:\WINDOWS\system32\config\SAM

Error opening file C:\WINDOWS\system32\config\SAM.LOG

Error opening file C:\WINDOWS\system32\config\SecEvent.Evt

Error opening file C:\WINDOWS\system32\config\SECURITY

Error opening file C:\WINDOWS\system32\config\SECURITY.LOG

Error opening file C:\WINDOWS\system32\config\software

Error opening file C:\WINDOWS\system32\config\software.LOG

Error opening file C:\WINDOWS\system32\config\SysEvent.Evt

Error opening file C:\WINDOWS\system32\config\system

Error opening file C:\WINDOWS\system32\config\system.LOG

Error opening file C:\WINDOWS\system32\drivers\sptd.sys

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP


Checking for registry keys affected by W32/Brontok


System scan finished at 04:06 on 8 August 2009

Processes found : 0
Processes terminated or disinfected : 0
Registry keys affected : 2
Registry keys changed : 2
Files found : 0
Files deleted : 0

41 réponses


salut :

▶ Télécharge CleanX-II de sUBs (merci mOe) ici :



▶ Déconnecte tes accès internet. Coupe tous les accès physiques (débranchement du modem, ...).
▶ Ferme toutes les applications.
▶ Désactive puis réactive ta restauration système.
▶ Double-clique sur CleanX-II.exe pour démarrer la réparation.
▶ Clique OK lorsque tu reçois un message d'avertissement.
▶ A la fin du scan (qui peut prendre plusieurs minutes, patiente le temps qu'il finisse), il va produire un message d'erreur (parce que l'outil ne prend pas en compte la copie pour un Windows français). Pour contourner cette erreur, fais ceci :
▶ Démarrer, exécuter et tape : %temp%\report.txt . Le bloc-note va ouvrir le rapport, copie/colle le dans ton nouveau post.

▶ Si ce rapport montre qu'il reste encore des fichiers infectés (en fin de rapport après "POST RUN ANALYSIS"), relance l'outil une nouvelle fois.
▶ Ouvre à nouveau le rapport avec la méthode ci-dessus et copie le dans ta réponse. S'il reste encore des fichiers infectés, inutile de relancer encore l'outil. Il faut examiner le rapport.
ok merci vous etes super rapides!

voila le rapport cleanerX:

#######################################################################

Brontok Worm Removal Tool - (Version - 06.09.17B)
by sUBs

#######################################################################

Current date: 11/08/2009 Current time: 14:48:07,70

=== PRE RUN ANALYSIS ===================================


=== POST RUN ANALYSIS ==================================



NOTE
The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.
14:50:45,09

======================================================


ca dit quoi doc?
j'ai redemaré et la fenetre wibndows est toujours la.
quand je lance cleanerX après le premier mess d'erreur ou je clic sur OK, il y en a un deuxieme qui dit :
SYSTEM\currentcontrolset\control\virtualdevicedriver. le format du pilote de periphérique virtuel dans le registre n'est pas valide. choisissez fermer pou mettre fin à l'aplication.

ce à quoi j'ai répondu "igorer"...

j'ai bon?
le deuxieme rapport :


#######################################################################

Brontok Worm Removal Tool - (Version - 06.09.17B)
by sUBs

#######################################################################

Current date: 11/08/2009 Current time: 15:01:40,35

=== PRE RUN ANALYSIS ===================================

=== POST RUN ANALYSIS ==================================


NOTE
The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.
15:08:32,09

======================================================

Desactive la protection residente de ton antivirus et ton parefeu si present , le temps du scan

Telecharge List'em et enregistre-le sur ton bureau et pas ailleurs

double-clic (Pour vista clic droit "executer en tant qu'administrateur")sur l'icone présent sur le bureau pour le lancer

laisse travailler l'outil, le scan devrait durer moins de 10 mn

une fois le scan Terminé le rapport s'affiche

colle son contenu si des fichiers sont detectés dans ta prochaine reponse ici.
voila le résultat :
List'em by g3n-h@ckm@n 1.0.1.1


Microsoft Windows XP [version 5.1.2600]

Infections possibles :

C:\WINDOWS\System.exe - Présent !
C:\WINDOWS\System32\drivers\svchost.exe - Présent !
C:\WINDOWS\config\svchost.exe - Présent !
C:\WINDOWS\System32\ACTSKN43.OCX - Présent !
Clé infectieuse présente ! HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
Clé infectieuse présente ! HKCU\SOFTWARE\EoRezo
Clé infectieuse présente ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
Clé infectieuse présente ! HKLM\SOFTWARE\EoRezo
Clé infectieuse présente ! HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
Clé infectieuse présente ! "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EoEngine"
Clé infectieuse présente ! "HKLM\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\EoRss"
Clé infectieuse présente ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
Clé infectieuse présente ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EoRss_is1
Clé infectieuse présente ! HKCU\SOFTWARE\ItsLabel
Clé infectieuse présente ! "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ItsTV"

Télécharge OTL de OLDTimer

▶ Double clic sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:reg
[-HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}]
[-HKEY_CURRENT_USER\SOFTWARE\EoRezo]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64­F56FC1-1272-44CD-BA6E-39723696E350}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-3972369­6E350}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EoEngine]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\EoRss]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EoRss_is1]
[-HKEY_CURRENT_USER\SOFTWARE\ItsLabel]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ItsTV]

:files
C:\WINDOWS\System.exe
C:\WINDOWS\System32\drivers\svchost.exe
C:\WINDOWS\config\svchost.exe
C:\WINDOWS\System32\ACTSKN43.OCX

:commands
[emptytemp]
[reboot]



▶ Clique sur RunFix pour lancer la suppression.


▶ Poste le rapport.

ensuite :


▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :


▶ Déconnecte toi et ferme toutes applications en cours !

▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

▶ Au menu principal choisis l'option "L" et tape sur [entrée] .

▶ Laisse travailler l'outil et ne touche à rien ...

▶ Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
ensuite ? j'ai lancé run scan. j'ai bien fait?

ce n'est pas ce qui etait demandé
les résultats :


OTL Extras logfile created on: 11/08/2009 15:52:46 - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\guillaume\Bureau
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1021,98 Mb Total Physical Memory | 692,56 Mb Available Physical Memory | 67,77% Memory free
2,41 Gb Paging File | 2,19 Gb Available in Paging File | 91,10% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92,91 Gb Total Space | 25,86 Gb Free Space | 27,83% Space Free | Partition Type: NTFS
Drive D: | 50,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 2,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 991,22 Mb Total Space | 139,28 Mb Free Space | 14,05% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-6FBB7B0EF0
Current User Name: guillaume
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"4662:TCP" = 4662:TCP:*:Enabled:emule TCP
"4672:UDP" = 4672:UDP:*:Enabled:emule UDP

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- File not found
"C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" = C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite -- File not found
"C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\graw.exe" = C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\graw.exe:*:Enabled:graw -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Documents and Settings\guillaume\Bureau\freezer.exe" = C:\Documents and Settings\guillaume\Bureau\freezer.exe:*:Enabled:freezer -- ()
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- ()


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{09F55516-AC75-43EA-8127-292E5A28B7DF}" = Monster Trux Extreme - Offroad Edition
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = Assist TOSHIBA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = Manuels TOSHIBA
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = Formatage de carte mémoire SD TOSHIBA
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = Utilitaire de zoom TOSHIBA
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = Son virtuel TOSHIBA
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A1040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit lect. CD/DVD
"{A3E69764-3368-4FFF-9132-DBCA6394797C}" = SymNet
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = Commandes TOSHIBA
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF3C56EF-C317-4496-86D3-A03642A9918A}" = SynthEdit
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FADB55D0-403F-4413-A268-CF0A6F1185C2}" = OpenOffice.org 2.3
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FFB4DD53-28B7-4981-BFF0-9BD801F61095}" = Norton Internet Security
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AGEIA PhysX v2.3.3" = AGEIA PhysX v2.3.3
"Audacity_is1" = Audacity 1.2.6
"BitTorrent" = BitTorrent 5.0.9
"CDex" = CDex extraction audio
"Collab" = Collab
"Compel install Adaptec WinASPI-4.6.0(1021)_is1" = Compel Adaptec WinASPI
"dBpowerAMP FLAC Codec" = dBpowerAMP FLAC Codec
"DC++" = DC++ 0.699
"Deckadance" = Deckadance
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eoEngine_is1" = eoEngine 4.5
"eoRss_is1" = eoRss 2.2
"ffdshow_is1" = ffdshow [rev 2060] [2008-08-01]
"File Writer output plugin" = File Writer output plugin for WinAMP 2 v1.17(c) (remove only)
"FL Studio 7" = FL Studio 7
"FLVplayer" = FLV Player
"Free Audio Converter_is1" = Free Audio Converter 2.0.0.5
"Free Download Manager_is1" = Free Download Manager 2.5
"Google Updater" = Outil de mise à jour Google
"HP Photo & Imaging" = HP Image Zone 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IL Download Manager" = IL Download Manager
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"LastFM_is1" = Last.fm 1.5.1.30182
"Les pays d'Afrique" = Les pays d'Afrique
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Magic ISO Maker v5.3 (build 0229)" = Magic ISO Maker v5.3 (build 0229)
"Media Player Classic" = Media Player Classic fr
"MeowMultiSound_is1" = MeowMultiSound 1.00
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"mmswitch" = Morgan Stream Switcher
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeoDivX2008" = NeoDivx 2008
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPoker" = PartyPoker
"Picasa2" = Picasa 2
"Power Saver" = Gestion d'énergie TOSHIBA
"ProInst" = Logiciel Intel(R) PROSet/Wireless
"PROSet" = Intel(R) PRO Network Connections Drivers
"ShockwaveFlash" = Macromedia Flash Player 8
"Soulseek" = SoulSeek Client 156c
"Stellar Phoenix FAT & NTFS_is1" = Stellar Phoenix (FAT & NTFS) 2.1
"Stellar Phoenix Windows Data Recovery_is1" = Stellar Phoenix Windows Data Recovery V3.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemGuards_is1" = SystemGuards 1.1.0.0
"Theorica Divx ;-) Codecs" = Theorica Divx ;-) Codecs (remove only)
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 0.9.8a
"VST Bridge_is1" = VST Bridge 1.1
"WinamaxPoker" = Winamax Poker (remove only)
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WinGimp-2.0_is1" = GIMP 2.4.2
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware(TM)
"x264 Revision 305 x264.nl" = x264 Revision 305 x264.nl (remove only)
"Xvid_is1" = Xvid 1.1.3 final uninstall

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 07/08/2009 20:07:17 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

Error - 07/08/2009 20:33:07 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 6.0.2900.2180, module
défaillant shell32.dll, version 0.0.0.0, adresse de défaillance 0x00002626.

Error - 07/08/2009 20:37:38 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

Error - 07/08/2009 20:52:03 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 6.0.2900.2180, module
défaillant kernel32.dll, version 5.1.2600.2945, adresse de défaillance 0x00012a5b.

Error - 07/08/2009 22:16:57 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

Error - 08/08/2009 07:57:28 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

Error - 09/08/2009 09:11:39 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Hang | ID = 1002
Description = Application bloquée winamp.exe, version 5.3.2.1003, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 09/08/2009 09:12:46 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Hang | ID = 1002
Description = Application bloquée winamp.exe, version 5.3.2.1003, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 09/08/2009 09:13:47 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Hang | ID = 1002
Description = Application bloquée winamp.exe, version 5.3.2.1003, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 11/08/2009 08:59:47 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

[ Application Events ]
Error - 07/08/2009 20:07:17 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

Error - 07/08/2009 20:33:07 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 6.0.2900.2180, module
défaillant shell32.dll, version 0.0.0.0, adresse de défaillance 0x00002626.

Error - 07/08/2009 20:37:38 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

Error - 07/08/2009 20:52:03 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 6.0.2900.2180, module
défaillant kernel32.dll, version 5.1.2600.2945, adresse de défaillance 0x00012a5b.

Error - 07/08/2009 22:16:57 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

Error - 08/08/2009 07:57:28 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

Error - 09/08/2009 09:11:39 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Hang | ID = 1002
Description = Application bloquée winamp.exe, version 5.3.2.1003, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 09/08/2009 09:12:46 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Hang | ID = 1002
Description = Application bloquée winamp.exe, version 5.3.2.1003, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 09/08/2009 09:13:47 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Hang | ID = 1002
Description = Application bloquée winamp.exe, version 5.3.2.1003, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 11/08/2009 08:59:47 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer.

[ System Events ]
Error - 08/08/2009 07:58:30 | Computer Name = YOUR-6FBB7B0EF0 | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%1053

Error - 08/08/2009 12:59:42 | Computer Name = YOUR-6FBB7B0EF0 | Source = Service Control Manager | ID = 7023
Description = Le service Explorateur d'ordinateur s'est arrêté avec l'erreur : %%1460

Error - 09/08/2009 09:11:27 | Computer Name = YOUR-6FBB7B0EF0 | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux.

Error - 09/08/2009 09:11:29 | Computer Name = YOUR-6FBB7B0EF0 | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux.

Error - 09/08/2009 09:11:31 | Computer Name = YOUR-6FBB7B0EF0 | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux.

Error - 09/08/2009 09:11:38 | Computer Name = YOUR-6FBB7B0EF0 | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux.

Error - 11/08/2009 09:00:49 | Computer Name = YOUR-6FBB7B0EF0 | Source = Service Control Manager | ID = 7000
Description = Le service Creative Service for CDROM Access n'a pas pu démarrer en
raison de l'erreur : %%2

Error - 11/08/2009 09:00:49 | Computer Name = YOUR-6FBB7B0EF0 | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Planificateur LiveUpdate automatique.

Error - 11/08/2009 09:00:49 | Computer Name = YOUR-6FBB7B0EF0 | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%1053

Error - 11/08/2009 09:06:46 | Computer Name = YOUR-6FBB7B0EF0 | Source = Service Control Manager | ID = 7023
Description = Le service Explorateur d'ordinateur s'est arrêté avec l'erreur : %%1460


< End of report >









OTL logfile created on: 11/08/2009 15:50:28 - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\guillaume\Bureau
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1021,98 Mb Total Physical Memory | 708,94 Mb Available Physical Memory | 69,37% Memory free
2,41 Gb Paging File | 2,20 Gb Available in Paging File | 91,65% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92,91 Gb Total Space | 25,86 Gb Free Space | 27,83% Space Free | Partition Type: NTFS
Drive D: | 50,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 2,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 991,22 Mb Total Space | 139,33 Mb Free Space | 14,06% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-6FBB7B0EF0
Current User Name: guillaume
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2006/08/02 01:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/08/02 01:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/01/18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/08/15 10:01:26 | 00,159,744 | -HS- | M] ( ) -- C:\WINDOWS\System.exe
PRC - [2004/08/10 14:00:00 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/03/01 03:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\System32\crypserv.exe
PRC - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 15:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2006/05/01 22:04:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2006/08/02 01:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/01/08 23:39:44 | 00,171,040 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/09/04 12:44:04 | 00,028,672 | ---- | M] () -- C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
PRC - [2006/02/07 16:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2001/11/12 13:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
PRC - [2005/08/05 13:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2007/04/07 17:39:24 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/08/08 01:45:39 | 00,043,180 | ---- | M] () -- C:\WINDOWS\System32\drivers\svchost.exe
PRC - [2006/03/23 21:13:30 | 00,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2009/08/11 15:47:30 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\guillaume\Bureau\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/03/22 08:48:56 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - File not found -- -- (ccEvtMgr [Auto | Stopped])
SRV - File not found -- -- (ccSetMgr [Auto | Stopped])
SRV - [2005/01/18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (Creative Service for CDROM Access [Auto | Stopped])
SRV - [2006/03/01 03:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\System32\crypserv.exe -- (Crypkey License [Auto | Running])
SRV - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 15:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2006/08/02 01:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2009/04/05 01:19:46 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2004/08/10 14:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - File not found -- -- (LiveUpdate [On_Demand | Stopped])
SRV - [2005/08/05 13:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 07:30:26 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - File not found -- -- (NSCService [On_Demand | Stopped])
SRV - [2006/05/01 22:04:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/08/03 18:29:28 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Planificateur LiveUpdate automatique [Auto | Stopped])
SRV - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006/08/02 01:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2007/01/08 23:39:44 | 00,171,040 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2006/08/02 01:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2007/09/04 12:44:04 | 00,028,672 | ---- | M] () -- C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe -- (sgSchedulerService [Auto | Running])
SRV - File not found -- -- (SNDSrvc [On_Demand | Stopped])
SRV - [2006/02/07 16:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV [Auto | Running])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - File not found -- -- (x10nets [Auto | Running])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2006/12/23 17:11:16 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/12/13 18:08:44 | 01,124,097 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2006/04/02 02:46:28 | 00,471,264 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])
DRV - [1999/09/10 13:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (Aspi32 [Auto | Running])
DRV - [2006/03/22 08:56:24 | 01,522,688 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2005/10/06 05:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 12:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/10/06 05:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 12:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/10/06 05:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 03:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/01/13 01:27:48 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/03/08 06:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2007/03/08 06:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2007/03/08 06:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2006/03/23 21:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2006/05/05 16:13:52 | 04,271,616 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2003/09/10 23:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\System32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
DRV - [2003/01/29 23:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
DRV - [2006/07/26 19:39:32 | 01,707,776 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])
DRV - [2006/01/10 04:47:27 | 00,031,846 | ---- | M] () -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX [System | Running])
DRV - [2006/05/01 22:04:00 | 03,643,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2003/09/19 01:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
DRV - [2004/08/10 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/02/23 04:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/08/02 02:27:48 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2004/08/10 14:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/08/17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2007/01/15 20:00:53 | 00,639,224 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007/01/07 12:38:48 | 00,115,000 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2006/08/07 17:02:22 | 00,024,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Stopped])
DRV - [2006/08/07 17:02:26 | 00,195,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2006/03/03 00:46:54 | 00,191,968 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2005/11/30 19:12:00 | 00,162,560 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2005/09/09 14:47:10 | 00,009,344 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tosrfec.sys -- (tosrfec [On_Demand | Stopped])
DRV - [2005/10/20 14:03:42 | 00,006,144 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\DRIVERS\NBSMI.sys -- (TVALD [On_Demand | Running])
DRV - [2006/05/30 16:42:52 | 00,045,696 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Running])
DRV - [2005/11/28 10:45:16 | 00,007,040 | ---- | M] (X10 Wireless Technology, Inc.) -- C:\WINDOWS\System32\Drivers\x10hid.sys -- (X10Hid [On_Demand | Running])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
FF - prefs.js..browser.startup.homepage: "http://french.icrfast.com/index.php?rvs=hompag"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.4.4
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8800
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/08 01:58:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/08 01:58:11 | 00,000,000 | ---D | M]

[2009/03/07 20:47:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\guillaume\Application Data\mozilla\Extensions
[2009/03/07 20:47:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\guillaume\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/08 02:00:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\guillaume\Application Data\mozilla\Firefox\Profiles\ns6b0g4r.default\extensions
[2008/12/14 18:59:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\guillaume\Application Data\mozilla\Firefox\Profiles\ns6b0g4r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/27 18:43:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\guillaume\Application Data\mozilla\Firefox\Profiles\ns6b0g4r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/06 04:06:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\guillaume\Application Data\mozilla\Firefox\Profiles\ns6b0g4r.default\extensions\searchrecs@veoh.com
[2009/08/02 16:53:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/12/23 20:55:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/08/08 01:58:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/20 18:01:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/04/12 00:00:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/08/08 01:58:06 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/08 01:58:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/15 22:24:54 | 01,044,480 | ---- | M] (The OpenSSL Project, https://www.openssl.org/ -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2007/08/16 02:05:00 | 00,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/04/15 22:24:36 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/04/15 22:24:44 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/10/11 15:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/08 01:58:08 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/01/16 22:25:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/01/16 22:25:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/01/16 22:25:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/01/16 22:25:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/01/16 22:25:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/01/16 22:25:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/01/16 22:25:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/10/04 21:24:00 | 03,695,008 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2009/04/15 22:24:54 | 00,200,704 | ---- | M] (The OpenSSL Project, https://www.openssl.org/ -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/05/15 14:27:29 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2009/05/15 14:27:29 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/05/15 14:27:29 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/15 14:27:29 | 00,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2009/05/15 14:27:29 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/05/15 14:27:29 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (EoBho Class) - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\System32\ieso0.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SVCHOST.EXE] C:\WINDOWS\System32\drivers\svchost.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\.pro File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\guillaume\Menu Démarrer\Programmes\Démarrage\.pro File not found
F3 - HKCU WinNT: Load - (System) - C:\WINDOWS\System.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Télécharger avec Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/... (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (System) - C:\WINDOWS\System.exe ( )
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/11 14:59:45 | 00,000,124 | -HS- | M] () - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/07/21 12:33:27 | 00,000,027 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/10/14 23:07:27 | 00,106,496 | R--- | M] () - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/03/03 18:02:09 | 00,000,086 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/10/14 23:07:27 | 00,106,496 | R--- | M] () - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/08/11 15:49:10 | 00,000,124 | -HS- | M] () - G:\Autorun.inf -- [ FAT ]
O33 - MountPoints2\{00172267-9ddb-11dd-a596-00a0d15e3078}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{00172267-9ddb-11dd-a596-00a0d15e3078}\Shell\explore\Command - "" = E:\RECYCLED\INFO.exe -- File not found
O33 - MountPoints2\{00172267-9ddb-11dd-a596-00a0d15e3078}\Shell\open\Command - "" = E:\RECYCLED\INFO.exe -- File not found
O33 - MountPoints2\{07c33796-9667-11db-a479-00a0d15e3078}\Shell\AutoRun\command - "" = E:\bicsxk03.com -- File not found
O33 - MountPoints2\{07c33796-9667-11db-a479-00a0d15e3078}\Shell\explore\Command - "" = E:\bicsxk03.com -- File not found
O33 - MountPoints2\{07c33796-9667-11db-a479-00a0d15e3078}\Shell\open\Command - "" = E:\bicsxk03.com -- File not found
O33 - MountPoints2\{0ac4f6ce-1c66-11de-a5b5-00a0d15e3078}\Shell\AutoRun\command - "" = G:\bicsxk03.com -- File not found
O33 - MountPoints2\{0ac4f6ce-1c66-11de-a5b5-00a0d15e3078}\Shell\explore\Command - "" = G:\bicsxk03.com -- File not found
O33 - MountPoints2\{0ac4f6ce-1c66-11de-a5b5-00a0d15e3078}\Shell\open\Command - "" = G:\bicsxk03.com -- File not found
O33 - MountPoints2\{38eb1ef5-e57f-11dc-a526-00a0d15e3078}\Shell\AutoRun\command - "" = E:\bicsxk03.com -- File not found
O33 - MountPoints2\{38eb1ef5-e57f-11dc-a526-00a0d15e3078}\Shell\explore\Command - "" = E:\bicsxk03.com -- File not found
O33 - MountPoints2\{38eb1ef5-e57f-11dc-a526-00a0d15e3078}\Shell\open\Command - "" = E:\bicsxk03.com -- File not found
O33 - MountPoints2\{45a48944-7a90-11dc-a4cf-00a0d15e3078}\Shell\AutoRun\command - "" = E:\bicsxk03.com -- File not found
O33 - MountPoints2\{45a48944-7a90-11dc-a4cf-00a0d15e3078}\Shell\explore\Command - "" = E:\bicsxk03.com -- File not found
O33 - MountPoints2\{45a48944-7a90-11dc-a4cf-00a0d15e3078}\Shell\open\Command - "" = E:\bicsxk03.com -- File not found
O33 - MountPoints2\{534ad411-2a19-11dd-a55c-00a0d15e3078}\Shell - "" = AutoRun
O33 - MountPoints2\{534ad411-2a19-11dd-a55c-00a0d15e3078}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{534ad412-2a19-11dd-a55c-00a0d15e3078}\Shell\AutoRun\command - "" =

ce n'est pas ce qui etait demandé
ha... pardon pardon....

j'ai compris pour agrandir la fenetre de discution...

OTL donne Range check error.

et cet fois j'ai respecté vos instructions
et la, il à l'air bloqué.

bon supprime ces 4 fichiers manuellement et passe à AD-Remover :

C:\WINDOWS\System.exe
C:\WINDOWS\System32\drivers\svchost.exe
C:\WINDOWS\config\svchost.exe
C:\WINDOWS\System32\ACTSKN43.OCX
je ne trouve aucun des quatre fichiers

je suis rentré ds le dossier windows via la commande executé.
il y a bien une icone "system" mais pas de system.exe.
les autre dossier sont présent mais pas les fichiers que je dois suprimé.

que fair?

fais ceci , ils vont apparaitre comme par enchantement ^^

▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

▶ clique sur Appliquer, puis OK.
alors c'est bizards :
à chaque fois que je coche "afficher les fichiers et dossiers cachés" j'applique puis "ok" et la rien ne se passe!
je retourne ds options des dossiers / affichage et à chaque fois l'item "afficher les fichiers et dossiers cachés" est décoché...


crise de nerfs... snif

les autres cases sont restées cochées ? va verifier et supprimer les fichers demandés en ce cas
oui les autrres cases sont resté cochés mais les fichiers ne sont pas apparus

▶ Télécharge et install UsbFix par Chiquitine29

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

▶ Double clic sur le raccourci UsbFix présent sur ton bureau .

▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

▶ Laisse travailler l'outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.