win32.brontok..... à l'aide svpFermé

Question

bonjours

j'ai été infecté par win32.brontok et je ne peu plus accéder à firefox et internet explorer.
une fenêtre windows security center alert me propose de télécharger un truc pour l'éliminer mais je ne l'ai pas fait.
A part ca les programmes tournent mais sont un peu lents.

je vous poste le rapport brontgui et RSIT

merci d'avance!



RESOLVE Version 1.07
Copyright (c) 2004, Sophos Plc, www.sophos.com

System disinfection for W32/Brontok

Data Version 1.03

System scan started at 03:00 on 8 August 2009

Checking for W32/Brontok in memory

Checking for registry keys affected by W32/Brontok

Reset registry value HKCU\software\microsoft\windows\currentversion\explorer\advanced\ShowSuperHidden
Reset registry value HKCU\software\microsoft\windows\currentversion\explorer\advanced\HideFileExt

Checking for files affected by W32/Brontok

Scanning C:

Error opening file C:\Documents and Settings\guillaume\Cookies\index.dat


Could not scan 12-{3231C557-19CA-0191-2F65-7124C305FF64}-v1-{D72C1052-D1FB-469C-B2BA-777B95383F4E}-v12-Downloaded.frx

Error opening file C:\Documents and Settings\guillaume\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

Error opening file C:\Documents and Settings\guillaume\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

Error opening file C:\Documents and Settings\guillaume\Local Settings\Historique\History.IE5\index.dat

Error opening file C:\Documents and Settings\guillaume\Local Settings\Temp\~DF987.tmp

Error opening file C:\Documents and Settings\guillaume\Local Settings\Temporary Internet Files\Content.IE5\index.dat

Error opening file C:\Documents and Settings\guillaume\Mes documents\cours kiné\memoire sept\MEMOIRE DEFINITIF\._stratégie H?C an9.doc

Error opening file C:\Documents and Settings\guillaume\Mes documents\cours kiné\memoire sept\MEMOIRE DEFINITIF\PDF\stratégie H?C an9.pdf

Error opening file C:\Documents and Settings\guillaume\Mes documents\cours kiné\memoire sept\MEMOIRE DEFINITIF\stratégie H?C an9.doc


Could not scan 00-idren_natural_bw_jah_shaka_and_mighty_massa-justice-(10_inch-br1006)-vinyl-2007-gmg.jpg


Could not scan 00-idren_natural_bw_jah_shaka_and_mighty_massa-justice-(10_inch-br1006)-vinyl-2007-gmg.m3u


Could not scan 00-idren_natural_bw_jah_shaka_and_mighty_massa-justice-(10_inch-br1006)-vinyl-2007-gmg.nfo


Could not scan 00-idren_natural_bw_jah_shaka_and_mighty_massa-justice-(10_inch-br1006)-vinyl-2007-gmg.sfv


Could not scan INCOMPLETE~Blakamix Feat. Horace Andy - Seek And You Will Find - A2 - Seek And You Will Find (Acapella).mp3

Error opening file C:\Documents and Settings\guillaume\Mes documents\download\- roots dub steppa\+ Blakamix\blakamix feat. horace andy - seek and you will find [12'' single]\INCOMPLETE~Blakamix Feat. Horace Andy - Seek And You Will Find - B2 - Dub And You Will Find (Verse 2).mp3


Could not scan 00-counteraction_warriors_bw_jah_mystic-where_were_from-(count001)-vinyl-2007-a-gmg.jpg


Could not scan 00-counteraction_warriors_bw_jah_mystic-where_were_from-(count001)-vinyl-2007-b-gmg.jpg


Could not scan 00-counteraction_warriors_bw_jah_mystic-where_were_from-(count001)-vinyl-2007-gmg.m3u


Could not scan 00-counteraction_warriors_bw_jah_mystic-where_were_from-(count001)-vinyl-2007-gmg.nfo


Could not scan 00-counteraction_warriors_bw_jah_mystic-where_were_from-(count001)-vinyl-2007-gmg.sfv

Error opening file C:\Documents and Settings\guillaume\Mes documents\download\- roots dub steppa\+ INNER SANCTUARY\Mykal_Rose_Bw_Paul_Fox-Babylon_Kingdom_Fall-(12_Inch_ACT12_16)-Vinyl-2007-GMG\00-mykal_rose_bw_paul_fox-babylon_kingdom_fall-(12_inch_act12_16)-vinyl-2007-a-gmg.jpg

Error opening file C:\Documents and Settings\guillaume\Mes documents\download\- roots dub steppa\+ INNER SANCTUARY\Mykal_Rose_Bw_Paul_Fox-Babylon_Kingdom_Fall-(12_Inch_ACT12_16)-Vinyl-2007-GMG\00-mykal_rose_bw_paul_fox-babylon_kingdom_fall-(12_inch_act12_16)-vinyl-2007-b-gmg.jpg


Could not scan REGGAE ON TOP - ROTS028A - Barry Isaac - Japanese Girl - 7 inch - Barry Isaac & Hughie Izachaar - 2001.mp3


Could not scan REGGAE ON TOP - ROTS028B - Reggae On Top All Stars - Japanese Girl Dub - 7 inch - Barry Isaac & Hughie I.mp3


Could not scan 00 - Twinkle Brothers - Rasta Pon Top and It Gwine Dreada (Twinkle 12'' 198x) - 1981.m3u


Could not scan 00-noel_zebulon_mts_isses_dread-international_dubwise-(10_inch-h_and_h101)-vinyl-2007-a-gmg.jpg


Could not scan 00-noel_zebulon_mts_isses_dread-international_dubwise-(10_inch-h_and_h101)-vinyl-2007-b-gmg.jpg


Could not scan 00-noel_zebulon_mts_isses_dread-international_dubwise-(10_inch-h_and_h101)-vinyl-2007-gmg.m3u


Could not scan 00-noel_zebulon_mts_isses_dread-international_dubwise-(10_inch-h_and_h101)-vinyl-2007-gmg.nfo


Could not scan 00-noel_zebulon_mts_isses_dread-international_dubwise-(10_inch-h_and_h101)-vinyl-2007-gmg.sfv


Could not scan 00-hugo_blackwood_and_dr_alimantado-reggae_music-(roots9-reissue_1977)-ep-2006-a-gmg.jpg


Could not scan 00-hugo_blackwood_and_dr_alimantado-reggae_music-(roots9-reissue_1977)-ep-2006-b-gmg.jpg


Could not scan 00-hugo_blackwood_and_dr_alimantado-reggae_music-(roots9-reissue_1977)-ep-2006-gmg.m3u


Could not scan 00-hugo_blackwood_and_dr_alimantado-reggae_music-(roots9-reissue_1977)-ep-2006-gmg.nfo


Could not scan 00-hugo_blackwood_and_dr_alimantado-reggae_music-(roots9-reissue_1977)-ep-2006-gmg.sfv


Could not scan 00-wailing_souls_and_ranking_trevor-war-(12_inch_reissue_1978-gred1)-vinyl-2007-a-gmg.jpg


Could not scan 00-wailing_souls_and_ranking_trevor-war-(12_inch_reissue_1978-gred1)-vinyl-2007-b-gmg.jpg


Could not scan 00-wailing_souls_and_ranking_trevor-war-(12_inch_reissue_1978-gred1)-vinyl-2007-gmg.m3u


Could not scan 00-wailing_souls_and_ranking_trevor-war-(12_inch_reissue_1978-gred1)-vinyl-2007-gmg.nfo


Could not scan 00-wailing_souls_and_ranking_trevor-war-(12_inch_reissue_1978-gred1)-vinyl-2007-gmg.sfv


Could not scan 00-creation_stepper_and_the_dubateers_bw_dandelion-go_back_a_yard-(da1005)-vinyl-2007-gmg.m3u


Could not scan 00-creation_stepper_and_the_dubateers_bw_dandelion-go_back_a_yard-(da1005)-vinyl-2007-gmg.nfo


Could not scan 00-creation_stepper_and_the_dubateers_bw_dandelion-go_back_a_yard-(da1005)-vinyl-2007-gmg.sfv

Error opening file C:\Documents and Settings\guillaume\NTUSER.DAT

Error opening file C:\Documents and Settings\guillaume
tuser.dat.LOG

Error opening file C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

Error opening file C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

Error opening file C:\Documents and Settings\NetworkService\NTUSER.DAT

Error opening file C:\Documents and Settings\NetworkService
tuser.dat.LOG

Error opening file C:\pagefile.sys

Error opening file C:esolve.log

Error opening file C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP665\change.log

Error opening file C:\WINDOWS\Debug\PASSWD.LOG

Error opening file C:\WINDOWS\system32\config\ACEEvent.evt

Error opening file C:\WINDOWS\system32\config\AppEvent.Evt

Error opening file C:\WINDOWS\system32\config\default

Error opening file C:\WINDOWS\system32\config\default.LOG

Error opening file C:\WINDOWS\system32\config\Internet.evt

Error opening file C:\WINDOWS\system32\config\Media Ce.evt

Error opening file C:\WINDOWS\system32\config\SAM

Error opening file C:\WINDOWS\system32\config\SAM.LOG

Error opening file C:\WINDOWS\system32\config\SecEvent.Evt

Error opening file C:\WINDOWS\system32\config\SECURITY

Error opening file C:\WINDOWS\system32\config\SECURITY.LOG

Error opening file C:\WINDOWS\system32\config\software

Error opening file C:\WINDOWS\system32\config\software.LOG

Error opening file C:\WINDOWS\system32\config\SysEvent.Evt

Error opening file C:\WINDOWS\system32\config\system

Error opening file C:\WINDOWS\system32\config\system.LOG

Error opening file C:\WINDOWS\system32\drivers\sptd.sys

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP


Scanning C:\WINDOWS

Error opening file C:\WINDOWS\Debug\PASSWD.LOG

Error opening file C:\WINDOWS\system32\config\ACEEvent.evt

Error opening file C:\WINDOWS\system32\config\AppEvent.Evt

Error opening file C:\WINDOWS\system32\config\default

Error opening file C:\WINDOWS\system32\config\default.LOG

Error opening file C:\WINDOWS\system32\config\Internet.evt

Error opening file C:\WINDOWS\system32\config\Media Ce.evt

Error opening file C:\WINDOWS\system32\config\SAM

Error opening file C:\WINDOWS\system32\config\SAM.LOG

Error opening file C:\WINDOWS\system32\config\SecEvent.Evt

Error opening file C:\WINDOWS\system32\config\SECURITY

Error opening file C:\WINDOWS\system32\config\SECURITY.LOG

Error opening file C:\WINDOWS\system32\config\software

Error opening file C:\WINDOWS\system32\config\software.LOG

Error opening file C:\WINDOWS\system32\config\SysEvent.Evt

Error opening file C:\WINDOWS\system32\config\system

Error opening file C:\WINDOWS\system32\config\system.LOG

Error opening file C:\WINDOWS\system32\drivers\sptd.sys

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP


Checking for registry keys affected by W32/Brontok


System scan finished at 04:06 on 8 August 2009

Processes found : 0
Processes terminated or disinfected : 0
Registry keys affected : 2
Registry keys changed : 2
Files found : 0
Files deleted : 0

gen-hackman · Answer

salut :

&#9654 Télécharge CleanX-II de sUBs (merci mOe) ici : 



&#9654 Déconnecte tes accès internet. Coupe tous les accès physiques (débranchement du modem, ...). 
&#9654 Ferme toutes les applications. 
&#9654 Désactive puis réactive ta restauration système. 
&#9654 Double-clique sur CleanX-II.exe pour démarrer la réparation. 
&#9654 Clique OK lorsque tu reçois un message d'avertissement. 
&#9654 A la fin du scan (qui peut prendre plusieurs minutes, patiente le temps qu'il finisse), il va produire un message d'erreur (parce que l'outil ne prend pas en compte la copie pour un Windows français). Pour contourner cette erreur, fais ceci : 
&#9654 Démarrer, exécuter et tape : %temp%\report.txt . Le bloc-note va ouvrir le rapport, copie/colle le dans ton nouveau post. 

&#9654 Si ce rapport montre qu'il reste encore des fichiers infectés (en fin de rapport après "POST RUN ANALYSIS"), relance l'outil une nouvelle fois. 
&#9654 Ouvre à nouveau le rapport avec la méthode ci-dessus et copie le dans ta réponse. S'il reste encore des fichiers infectés, inutile de relancer encore l'outil. Il faut examiner le rapport.

boumara · Answer

ok merci vous etes super rapides!

voila le rapport cleanerX:

#######################################################################
 
                        Brontok Worm Removal Tool - (Version - 06.09.17B)
                                                 by sUBs 

#######################################################################
 
Current date: 11/08/2009  Current time: 14:48:07,70

=== PRE RUN ANALYSIS ===================================


=== POST RUN ANALYSIS ==================================



NOTE
The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.
14:50:45,09

======================================================


ca dit quoi doc?

boumara · Answer

j'ai redemaré et la fenetre wibndows est toujours la. 
quand je lance cleanerX après le premier mess d'erreur ou je clic sur OK, il y en a un deuxieme qui dit : 
SYSTEM\currentcontrolset\control\virtualdevicedriver. le format du pilote de periphérique virtuel dans le registre n'est pas valide. choisissez fermer pou mettre fin à l'aplication.

ce à quoi j'ai répondu  "igorer"...

j'ai bon?

boumara · Answer

le deuxieme rapport : 


#######################################################################
 
                        Brontok Worm Removal Tool - (Version - 06.09.17B)
                                                 by sUBs 

#######################################################################
 
Current date: 11/08/2009  Current time: 15:01:40,35

=== PRE RUN ANALYSIS ===================================

=== POST RUN ANALYSIS ==================================


NOTE
The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.
15:08:32,09

======================================================

gen-hackman · Answer

Desactive la protection residente de ton antivirus et ton parefeu si present , le temps du scan

Telecharge  List'em et enregistre-le sur ton bureau et pas ailleurs

double-clic (Pour vista clic droit "executer en tant qu'administrateur")sur l'icone présent sur le bureau pour le lancer

laisse travailler l'outil, le scan devrait durer moins de 10 mn

une fois le scan Terminé le rapport s'affiche

colle son contenu si des fichiers sont detectés dans ta prochaine reponse ici.

boumara · Answer

voila le résultat :
List'em by g3n-h@ckm@n 1.0.1.1 


Microsoft Windows XP [version 5.1.2600]

Infections possibles : 

C:\WINDOWS\System.exe - Présent ! 
C:\WINDOWS\System32\drivers\svchost.exe - Présent ! 
C:\WINDOWS\config\svchost.exe - Présent ! 
C:\WINDOWS\System32\ACTSKN43.OCX - Présent ! 
Clé infectieuse présente ! HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}  
Clé infectieuse présente ! HKCU\SOFTWARE\EoRezo  
Clé infectieuse présente ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}  
Clé infectieuse présente ! HKLM\SOFTWARE\EoRezo  
Clé infectieuse présente ! HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}  
Clé infectieuse présente ! "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EoEngine"  
Clé infectieuse présente ! "HKLM\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\EoRss"  
Clé infectieuse présente ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1  
Clé infectieuse présente ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EoRss_is1  
Clé infectieuse présente ! HKCU\SOFTWARE\ItsLabel  
Clé infectieuse présente ! "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ItsTV"

gen-hackman · Answer

Télécharge OTL de OLDTimer

&#9654 Double clic sur OTL.exe pour le lancer.


&#9654Copie la liste qui se trouve en gras ci-dessous,

&#9654 colle-la dans la zone sous Customs Scans/Fixes :

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:reg
[-HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}]
[-HKEY_CURRENT_USER\SOFTWARE\EoRezo]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64­F56FC1-1272-44CD-BA6E-39723696E350}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-3972369­6E350}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EoEngine]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\EoRss]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EoRss_is1]
[-HKEY_CURRENT_USER\SOFTWARE\ItsLabel]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ItsTV]

:files
C:\WINDOWS\System.exe
C:\WINDOWS\System32\drivers\svchost.exe
C:\WINDOWS\config\svchost.exe
C:\WINDOWS\System32\ACTSKN43.OCX

:commands
[emptytemp]
[reboot]


&#9654 Clique sur RunFix pour lancer la suppression.


&#9654 Poste le rapport.

ensuite :


&#9654 Télécharge Ad-remover ( de C_XX ) sur ton bureau : 


&#9654 Déconnecte toi et ferme toutes applications en cours ! 

&#9654 Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut . 

&#9654 Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
 
&#9654 Au menu principal choisis l'option "L" et tape sur [entrée] .

&#9654 Laisse travailler l'outil et ne touche à rien ... 

&#9654 Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log ) 
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller ) 

&#9654 Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

boumara · Answer

ensuite ? j'ai lancé run scan. j'ai bien fait?

gen-hackman · Answer

ce n'est pas ce qui etait demandé

boumara · Answer

les résultats : OTL Extras logfile created on: 11/08/2009 15:52:46 - Run 1 OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\guillaume\Bureau Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1021,98 Mb Total Physical Memory | 692,56 Mb Available Physical Memory | 67,77% Memory free 2,41 Gb Paging File | 2,19 Gb Available in Paging File | 91,10% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 92,91 Gb Total Space | 25,86 Gb Free Space | 27,83% Space Free | Partition Type: NTFS Drive D: | 50,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded Drive F: | 2,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 991,22 Mb Total Space | 139,28 Mb Free Space | 14,05% Space Free | Partition Type: FAT H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-6FBB7B0EF0 Current User Name: guillaume Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = htmlfile] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- Reg Error: Key error. File not found [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "4662:TCP" = 4662:TCP:*:Enabled:emule TCP "4672:UDP" = 4672:UDP:*:Enabled:emule UDP [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation) "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- File not found "C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" = C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite -- File not found "C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\graw.exe" = C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\graw.exe:*:Enabled:graw -- File not found "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- () "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- () "C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- () "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus -- File not found "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation) "C:\Documents and Settings\guillaume\Bureau\freezer.exe" = C:\Documents and Settings\guillaume\Bureau\freezer.exe:*:Enabled:freezer -- () "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks) "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- () [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player "{09F55516-AC75-43EA-8127-292E5A28B7DF}" = Monster Trux Extreme - Offroad Edition "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = Assist TOSHIBA "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224 "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox "{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2 "{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{3EB6332B-AF02-457C-A31C-835458C5B48B}" = Manuels TOSHIBA "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI "{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = Formatage de carte mémoire SD TOSHIBA "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger "{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7 "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = Utilitaire de zoom TOSHIBA "{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works "{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = Son virtuel TOSHIBA "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz "{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA "{91A1040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003 "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit lect. CD/DVD "{A3E69764-3368-4FFF-9132-DBCA6394797C}" = SymNet "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = Commandes TOSHIBA "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AF3C56EF-C317-4496-86D3-A03642A9918A}" = SynthEdit "{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree "{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FADB55D0-403F-4413-A268-CF0A6F1185C2}" = OpenOffice.org 2.3 "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "{FFB4DD53-28B7-4981-BFF0-9BD801F61095}" = Norton Internet Security "Ad-Aware SE Personal" = Ad-Aware SE Personal "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "AGEIA PhysX v2.3.3" = AGEIA PhysX v2.3.3 "Audacity_is1" = Audacity 1.2.6 "BitTorrent" = BitTorrent 5.0.9 "CDex" = CDex extraction audio "Collab" = Collab "Compel install Adaptec WinASPI-4.6.0(1021)_is1" = Compel Adaptec WinASPI "dBpowerAMP FLAC Codec" = dBpowerAMP FLAC Codec "DC++" = DC++ 0.699 "Deckadance" = Deckadance "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "eoEngine_is1" = eoEngine 4.5 "eoRss_is1" = eoRss 2.2 "ffdshow_is1" = ffdshow [rev 2060] [2008-08-01] "File Writer output plugin" = File Writer output plugin for WinAMP 2 v1.17(c) (remove only) "FL Studio 7" = FL Studio 7 "FLVplayer" = FLV Player "Free Audio Converter_is1" = Free Audio Converter 2.0.0.5 "Free Download Manager_is1" = Free Download Manager 2.5 "Google Updater" = Outil de mise à jour Google "HP Photo & Imaging" = HP Image Zone 4.7 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "IL Download Manager" = IL Download Manager "InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "LastFM_is1" = Last.fm 1.5.1.30182 "Les pays d'Afrique" = Les pays d'Afrique "LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation) "Magic ISO Maker v5.3 (build 0229)" = Magic ISO Maker v5.3 (build 0229) "Media Player Classic" = Media Player Classic fr "MeowMultiSound_is1" = MeowMultiSound 1.00 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "mmswitch" = Morgan Stream Switcher "Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NeoDivX2008" = NeoDivx 2008 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "PartyPoker" = PartyPoker "Picasa2" = Picasa 2 "Power Saver" = Gestion d'énergie TOSHIBA "ProInst" = Logiciel Intel(R) PROSet/Wireless "PROSet" = Intel(R) PRO Network Connections Drivers "ShockwaveFlash" = Macromedia Flash Player 8 "Soulseek" = SoulSeek Client 156c "Stellar Phoenix FAT & NTFS_is1" = Stellar Phoenix (FAT & NTFS) 2.1 "Stellar Phoenix Windows Data Recovery_is1" = Stellar Phoenix Windows Data Recovery V3.0 "SynTPDeinstKey" = Synaptics Pointing Device Driver "SystemGuards_is1" = SystemGuards 1.1.0.0 "Theorica Divx ;-) Codecs" = Theorica Divx ;-) Codecs (remove only) "TOSHIBA Software Modem" = TOSHIBA Software Modem "Veoh Web Player Beta" = Veoh Web Player "VLC media player" = VLC media player 0.9.8a "VST Bridge_is1" = VST Bridge 1.1 "WinamaxPoker" = Winamax Poker (remove only) "Winamp" = Winamp (remove only) "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "WinGimp-2.0_is1" = GIMP 2.4.2 "WinRAR archiver" = Archiveur WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "X10Hardware" = X10 Hardware(TM) "x264 Revision 305 x264.nl" = x264 Revision 305 x264.nl (remove only) "Xvid_is1" = Xvid 1.1.3 final uninstall [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Warcraft III" = Warcraft III: All Products [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 07/08/2009 20:07:17 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer. Error - 07/08/2009 20:33:07 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 6.0.2900.2180, module défaillant shell32.dll, version 0.0.0.0, adresse de défaillance 0x00002626. Error - 07/08/2009 20:37:38 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer. Error - 07/08/2009 20:52:03 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 6.0.2900.2180, module défaillant kernel32.dll, version 5.1.2600.2945, adresse de défaillance 0x00012a5b. Error - 07/08/2009 22:16:57 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer. Error - 08/08/2009 07:57:28 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer. Error - 09/08/2009 09:11:39 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Hang | ID = 1002 Description = Application bloquée winamp.exe, version 5.3.2.1003, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 09/08/2009 09:12:46 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Hang | ID = 1002 Description = Application bloquée winamp.exe, version 5.3.2.1003, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 09/08/2009 09:13:47 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Hang | ID = 1002 Description = Application bloquée winamp.exe, version 5.3.2.1003, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 11/08/2009 08:59:47 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer. [ Application Events ] Error - 07/08/2009 20:07:17 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer. Error - 07/08/2009 20:33:07 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 6.0.2900.2180, module défaillant shell32.dll, version 0.0.0.0, adresse de défaillance 0x00002626. Error - 07/08/2009 20:37:38 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer. Error - 07/08/2009 20:52:03 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 6.0.2900.2180, module défaillant kernel32.dll, version 5.1.2600.2945, adresse de défaillance 0x00012a5b. Error - 07/08/2009 22:16:57 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer. Error - 08/08/2009 07:57:28 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer. Error - 09/08/2009 09:11:39 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Hang | ID = 1002 Description = Application bloquée winamp.exe, version 5.3.2.1003, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 09/08/2009 09:12:46 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Hang | ID = 1002 Description = Application bloquée winamp.exe, version 5.3.2.1003, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 09/08/2009 09:13:47 | Computer Name = YOUR-6FBB7B0EF0 | Source = Application Hang | ID = 1002 Description = Application bloquée winamp.exe, version 5.3.2.1003, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 11/08/2009 08:59:47 | Computer Name = YOUR-6FBB7B0EF0 | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Niveau d'information : error Ce service n'est pas autorisé à démarrer. [ System Events ] Error - 08/08/2009 07:58:30 | Computer Name = YOUR-6FBB7B0EF0 | Source = Service Control Manager | ID = 7000 Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer en raison de l'erreur : %%1053 Error - 08/08/2009 12:59:42 | Computer Name = YOUR-6FBB7B0EF0 | Source = Service Control Manager | ID = 7023 Description = Le service Explorateur d'ordinateur s'est arrêté avec l'erreur : %%1460 Error - 09/08/2009 09:11:27 | Computer Name = YOUR-6FBB7B0EF0 | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux. Error - 09/08/2009 09:11:29 | Computer Name = YOUR-6FBB7B0EF0 | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux. Error - 09/08/2009 09:11:31 | Computer Name = YOUR-6FBB7B0EF0 | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux. Error - 09/08/2009 09:11:38 | Computer Name = YOUR-6FBB7B0EF0 | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux. Error - 11/08/2009 09:00:49 | Computer Name = YOUR-6FBB7B0EF0 | Source = Service Control Manager | ID = 7000 Description = Le service Creative Service for CDROM Access n'a pas pu démarrer en raison de l'erreur : %%2 Error - 11/08/2009 09:00:49 | Computer Name = YOUR-6FBB7B0EF0 | Source = Service Control Manager | ID = 7009 Description = Délai (30000 millisecondes) d'attente pour une connexion du service Planificateur LiveUpdate automatique. Error - 11/08/2009 09:00:49 | Computer Name = YOUR-6FBB7B0EF0 | Source = Service Control Manager | ID = 7000 Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer en raison de l'erreur : %%1053 Error - 11/08/2009 09:06:46 | Computer Name = YOUR-6FBB7B0EF0 | Source = Service Control Manager | ID = 7023 Description = Le service Explorateur d'ordinateur s'est arrêté avec l'erreur : %%1460 < End of report > OTL logfile created on: 11/08/2009 15:50:28 - Run 1 OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\guillaume\Bureau Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1021,98 Mb Total Physical Memory | 708,94 Mb Available Physical Memory | 69,37% Memory free 2,41 Gb Paging File | 2,20 Gb Available in Paging File | 91,65% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 92,91 Gb Total Space | 25,86 Gb Free Space | 27,83% Space Free | Partition Type: NTFS Drive D: | 50,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded Drive F: | 2,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 991,22 Mb Total Space | 139,33 Mb Free Space | 14,06% Space Free | Partition Type: FAT H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-6FBB7B0EF0 Current User Name: guillaume Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2006/08/02 01:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe PRC - [2006/08/02 01:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe PRC - [2005/01/18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2007/08/15 10:01:26 | 00,159,744 | -HS- | M] ( ) -- C:\WINDOWS\System.exe PRC - [2004/08/10 14:00:00 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2006/03/01 03:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\System32\crypserv.exe PRC - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe PRC - [2005/08/05 15:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe PRC - [2006/05/01 22:04:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32 vsvc32.exe PRC - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe PRC - [2006/08/02 01:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe PRC - [2007/01/08 23:39:44 | 00,171,040 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe PRC - [2007/09/04 12:44:04 | 00,028,672 | ---- | M] () -- C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe PRC - [2006/02/07 16:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe PRC - [2001/11/12 13:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe PRC - [2005/08/05 13:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe PRC - [2007/04/07 17:39:24 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009/08/08 01:45:39 | 00,043,180 | ---- | M] () -- C:\WINDOWS\System32\drivers\svchost.exe PRC - [2006/03/23 21:13:30 | 00,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe PRC - [2009/08/11 15:47:30 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\guillaume\Bureau\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2006/03/22 08:48:56 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped]) SRV - File not found -- -- (ccEvtMgr [Auto | Stopped]) SRV - File not found -- -- (ccSetMgr [Auto | Stopped]) SRV - [2005/01/18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running]) SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - File not found -- -- (Creative Service for CDROM Access [Auto | Stopped]) SRV - [2006/03/01 03:10:18 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\System32\crypserv.exe -- (Crypkey License [Auto | Running]) SRV - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running]) SRV - [2005/08/05 15:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running]) SRV - [2006/08/02 01:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running]) SRV - [2009/04/05 01:19:46 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped]) SRV - [2004/08/10 14:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - File not found -- -- (LiveUpdate [On_Demand | Stopped]) SRV - [2005/08/05 13:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running]) SRV - [2004/08/10 07:30:26 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped]) SRV - File not found -- -- (NSCService [On_Demand | Stopped]) SRV - [2006/05/01 22:04:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32 vsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2006/08/03 18:29:28 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Planificateur LiveUpdate automatique [Auto | Stopped]) SRV - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running]) SRV - [2006/08/02 01:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running]) SRV - [2007/01/08 23:39:44 | 00,171,040 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running]) SRV - [2006/08/02 01:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running]) SRV - [2007/09/04 12:44:04 | 00,028,672 | ---- | M] () -- C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe -- (sgSchedulerService [Auto | Running]) SRV - File not found -- -- (SNDSrvc [On_Demand | Stopped]) SRV - [2006/02/07 16:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV [Auto | Running]) SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped]) SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped]) SRV - [2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) SRV - File not found -- -- (x10nets [Auto | Running]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2006/12/23 17:11:16 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running]) DRV - [2005/12/13 18:08:44 | 01,124,097 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running]) DRV - [2006/04/02 02:46:28 | 00,471,264 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped]) DRV - [1999/09/10 13:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (Aspi32 [Auto | Running]) DRV - [2006/03/22 08:56:24 | 01,522,688 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped]) DRV - [2005/10/06 05:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running]) DRV - [2005/08/25 12:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running]) DRV - [2005/10/06 05:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running]) DRV - [2005/10/06 05:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running]) DRV - [2005/10/06 05:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running]) DRV - [2005/10/06 05:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running]) DRV - [2005/08/25 12:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running]) DRV - [2005/10/06 05:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running]) DRV - [2005/10/06 05:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running]) DRV - [2005/09/12 03:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running]) DRV - [2005/08/12 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running]) DRV - [2006/01/13 01:27:48 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running]) DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2007/03/08 06:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped]) DRV - [2007/03/08 06:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped]) DRV - [2007/03/08 06:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped]) DRV - [2006/03/23 21:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped]) DRV - [2006/05/05 16:13:52 | 04,271,616 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2003/09/10 23:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\System32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running]) DRV - [2003/01/29 23:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS etdevio.sys -- (Netdevio [Auto | Running]) DRV - [2006/07/26 19:39:32 | 01,707,776 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\NETw3x32.sys -- (NETw3x32 [On_Demand | Running]) DRV - [2006/01/10 04:47:27 | 00,031,846 | ---- | M] () -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX [System | Running]) DRV - [2006/05/01 22:04:00 | 03,643,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS v4_mini.sys -- (nv [On_Demand | Running]) DRV - [2003/09/19 01:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (Pfc [On_Demand | Running]) DRV - [2004/08/10 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008/02/23 04:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2006/08/02 02:27:48 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running]) DRV - [2004/08/10 14:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2001/08/17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped]) DRV - [2007/01/15 20:00:53 | 00,639,224 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running]) DRV - [2007/01/07 12:38:48 | 00,115,000 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running]) DRV - [2006/08/07 17:02:22 | 00,024,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Stopped]) DRV - [2006/08/07 17:02:26 | 00,195,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running]) DRV - [2006/03/03 00:46:54 | 00,191,968 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running]) DRV - [2005/11/30 19:12:00 | 00,162,560 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers ifm21.sys -- (tifm21 [On_Demand | Running]) DRV - [2005/09/09 14:47:10 | 00,009,344 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS osrfec.sys -- (tosrfec [On_Demand | Stopped]) DRV - [2005/10/20 14:03:42 | 00,006,144 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\DRIVERS\NBSMI.sys -- (TVALD [On_Demand | Running]) DRV - [2006/05/30 16:42:52 | 00,045,696 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Running]) DRV - [2005/11/28 10:45:16 | 00,007,040 | ---- | M] (X10 Wireless Technology, Inc.) -- C:\WINDOWS\System32\Drivers\x10hid.sys -- (X10Hid [On_Demand | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl" FF - prefs.js..browser.startup.homepage: "http://french.icrfast.com/index.php?rvs=hompag" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1 FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.4.4 FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 8800 FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\Components: C:\Program Files\Mozilla Firefox\components [2009/08/08 01:58:11 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/08 01:58:11 | 00,000,000 | ---D | M] [2009/03/07 20:47:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\guillaume\Application Data\mozilla\Extensions [2009/03/07 20:47:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\guillaume\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/08/08 02:00:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\guillaume\Application Data\mozilla\Firefox\Profiles s6b0g4r.default\extensions [2008/12/14 18:59:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\guillaume\Application Data\mozilla\Firefox\Profiles s6b0g4r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/07/27 18:43:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\guillaume\Application Data\mozilla\Firefox\Profiles s6b0g4r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/05/06 04:06:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\guillaume\Application Data\mozilla\Firefox\Profiles s6b0g4r.default\extensions\searchrecs@veoh.com [2009/08/02 16:53:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2006/12/23 20:55:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/08/08 01:58:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007/10/20 18:01:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2008/04/12 00:00:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2009/08/08 01:58:06 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/08/08 01:58:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/04/15 22:24:54 | 01,044,480 | ---- | M] (The OpenSSL Project, https://www.openssl.org/ -- C:\Program Files\mozilla firefox\plugins\libdivx.dll [2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins p-mswmp.dll [2007/08/16 02:05:00 | 00,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins pbittorrent.dll [2009/04/15 22:24:36 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins pdivx32.dll [2009/04/15 22:24:44 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins pDivxPlayerPlugin.dll [2007/10/11 15:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins pLegitCheckPlugin.dll [2009/08/08 01:58:08 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins pnul32.dll [2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins ppdf32.dll [2008/01/16 22:25:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins pqtplugin.dll [2008/01/16 22:25:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins pqtplugin2.dll [2008/01/16 22:25:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins pqtplugin3.dll [2008/01/16 22:25:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins pqtplugin4.dll [2008/01/16 22:25:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins pqtplugin5.dll [2008/01/16 22:25:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins pqtplugin6.dll [2008/01/16 22:25:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins pqtplugin7.dll [2008/10/04 21:24:00 | 03,695,008 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll [2009/04/15 22:24:54 | 00,200,704 | ---- | M] (The OpenSSL Project, https://www.openssl.org/ -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll [2009/05/15 14:27:29 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml [2009/05/15 14:27:29 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml [2009/05/15 14:27:29 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/05/15 14:27:29 | 00,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml [2009/05/15 14:27:29 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml [2009/05/15 14:27:29 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (EoBho Class) - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll () O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll () O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\System32\ieso0.dll () O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [SVCHOST.EXE] C:\WINDOWS\System32\drivers\svchost.exe () O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\.pro File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\guillaume\Menu Démarrer\Programmes\Démarrage\.pro File not found F3 - HKCU WinNT: Load - (System) - C:\WINDOWS\System.exe ( ) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Télécharger avec Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Tout télécharger avec Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm () O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin pjpi160_05.dll (Sun Microsystems, Inc.) O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/... (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (System) - C:\WINDOWS\System.exe ( ) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/08/11 14:59:45 | 00,000,124 | -HS- | M] () - C:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2008/07/21 12:33:27 | 00,000,027 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2005/10/14 23:07:27 | 00,106,496 | R--- | M] () - F:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2006/03/03 18:02:09 | 00,000,086 | R--- | M] () - F:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2005/10/14 23:07:27 | 00,106,496 | R--- | M] () - F:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2009/08/11 15:49:10 | 00,000,124 | -HS- | M] () - G:\Autorun.inf -- [ FAT ] O33 - MountPoints2\{00172267-9ddb-11dd-a596-00a0d15e3078}\Shell\AutoRun\command - "" = E:\ O33 - MountPoints2\{00172267-9ddb-11dd-a596-00a0d15e3078}\Shell\explore\Command - "" = E:\RECYCLED\INFO.exe -- File not found O33 - MountPoints2\{00172267-9ddb-11dd-a596-00a0d15e3078}\Shell\open\Command - "" = E:\RECYCLED\INFO.exe -- File not found O33 - MountPoints2\{07c33796-9667-11db-a479-00a0d15e3078}\Shell\AutoRun\command - "" = E:\bicsxk03.com -- File not found O33 - MountPoints2\{07c33796-9667-11db-a479-00a0d15e3078}\Shell\explore\Command - "" = E:\bicsxk03.com -- File not found O33 - MountPoints2\{07c33796-9667-11db-a479-00a0d15e3078}\Shell\open\Command - "" = E:\bicsxk03.com -- File not found O33 - MountPoints2\{0ac4f6ce-1c66-11de-a5b5-00a0d15e3078}\Shell\AutoRun\command - "" = G:\bicsxk03.com -- File not found O33 - MountPoints2\{0ac4f6ce-1c66-11de-a5b5-00a0d15e3078}\Shell\explore\Command - "" = G:\bicsxk03.com -- File not found O33 - MountPoints2\{0ac4f6ce-1c66-11de-a5b5-00a0d15e3078}\Shell\open\Command - "" = G:\bicsxk03.com -- File not found O33 - MountPoints2\{38eb1ef5-e57f-11dc-a526-00a0d15e3078}\Shell\AutoRun\command - "" = E:\bicsxk03.com -- File not found O33 - MountPoints2\{38eb1ef5-e57f-11dc-a526-00a0d15e3078}\Shell\explore\Command - "" = E:\bicsxk03.com -- File not found O33 - MountPoints2\{38eb1ef5-e57f-11dc-a526-00a0d15e3078}\Shell\open\Command - "" = E:\bicsxk03.com -- File not found O33 - MountPoints2\{45a48944-7a90-11dc-a4cf-00a0d15e3078}\Shell\AutoRun\command - "" = E:\bicsxk03.com -- File not found O33 - MountPoints2\{45a48944-7a90-11dc-a4cf-00a0d15e3078}\Shell\explore\Command - "" = E:\bicsxk03.com -- File not found O33 - MountPoints2\{45a48944-7a90-11dc-a4cf-00a0d15e3078}\Shell\open\Command - "" = E:\bicsxk03.com -- File not found O33 - MountPoints2\{534ad411-2a19-11dd-a55c-00a0d15e3078}\Shell - "" = AutoRun O33 - MountPoints2\{534ad411-2a19-11dd-a55c-00a0d15e3078}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{534ad412-2a19-11dd-a55c-00a0d15e3078}\Shell\AutoRun\command - "" =

gen-hackman · Answer

ce n'est pas ce qui etait demandé

boumara · Answer

ha... pardon pardon....

j'ai compris pour agrandir la fenetre de discution...

OTL donne Range check error.

et cet fois j'ai respecté vos instructions

boumara · Answer

et la, il à l'air bloqué.

gen-hackman · Answer

bon supprime ces 4 fichiers manuellement et passe à AD-Remover :

C:\WINDOWS\System.exe
C:\WINDOWS\System32\drivers\svchost.exe
C:\WINDOWS\config\svchost.exe
C:\WINDOWS\System32\ACTSKN43.OCX

boumara · Answer

je ne trouve aucun des quatre fichiers

je suis rentré ds le dossier windows via la commande executé.
il y a bien une icone "system" mais pas de system.exe.
les autre dossier sont présent mais pas les fichiers que je dois suprimé.

que fair?

gen-hackman · Answer

fais ceci , ils vont apparaitre comme par enchantement ^^

&#9654 Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche    Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

&#9654 clique sur Appliquer, puis OK.

boumara · Answer

alors c'est bizards : 
à chaque fois que je coche "afficher les fichiers et dossiers cachés" j'applique puis "ok"   et la rien ne se passe!
je retourne ds options des dossiers / affichage et à chaque fois l'item  "afficher les fichiers et dossiers cachés" est décoché...
 

crise de nerfs... snif

gen-hackman · Answer

les autres cases sont restées cochées ? va verifier et supprimer les fichers demandés en ce cas

boumara · Answer

oui les autrres cases sont resté cochés mais les fichiers ne sont pas apparus

gen-hackman · Answer

&#9654 Télécharge et install UsbFix par Chiquitine29

 (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

&#9654 Double clic sur le raccourci UsbFix présent sur ton bureau .

&#9654 Au menu principal choisis l'option " F " pour français et tape sur [entrée] . 

&#9654 Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée] 

&#9654 Laisse travailler l'outil.

&#9654 Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

 Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
          Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
          Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

boumara · Answer

j'ai essayer de delete avec killbox mais il me dit que les fichiers ne sembles pas exister.

le rapport : 


############################## | UsbFix V6.016 |

User : guillaume (Administrateurs) # YOUR-6FBB7B0EF0
Update on 11/08/09 by Chiquitine29 & C_XX
Start at: 18:49:59 | 11/08/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Core(TM)2 CPU         T5500  @ 1.66GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : Norton Internet Security 2006 2006 [ Enabled | Updated ]
FW : Norton Internet Security 2006[ Enabled ]2006

C:\ -> Disque fixe local # 92,91 Go (27,81 Go free) # NTFS
D:\ -> Disque CD-ROM # 50,45 Mo (0 Mo free) [Monster Trux] # CDFS
F:\ -> Disque CD-ROM # 2,51 Go (0 Mo free) [GRAW] # CDFS
G:\ -> Disque amovible # 991,22 Mo (136,77 Mo free) # FAT

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Documents and Settings\guillaume\Application Data\Google\cqvgl19623160.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

Présent ! C:\WINDOWS\system32\ieso0.dll  
Présent ! C:\WINDOWS\system32\ieso1.dll  
Présent ! C:\WINDOWS\system32\ieso2.dll  
C:\autorun.inf # -> fichier appelé  : "C:\RECYCLED\INFO.exe" ( Présent ! )  
Présent ! C:\.ecycled\info.exe  
Présent ! C:\RECYCLED\INFO.exe  
Présent ! C:\autorun.inf  
Présent ! D:\autorun.inf  
Présent ! F:\autorun.inf  
G:\autorun.inf # -> fichier appelé  : "G:\RECYCLED\INFO.exe" ( Absent ! )  
Présent ! G:\autorun.inf  

################## | Suspect ! ... | https://www.virustotal.com/gui/ |


################## | Registre # Clés Run infectieuses |

Présent ! HKLM\software\microsoft\security center "AntiVirusDisableNotify" ( 0x1 )  

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\C
Shell\AutoRun\command =C:\bicsxk03.com 
Shell\explore\Command =C:\bicsxk03.com 
Shell\open\Command =C:\bicsxk03.com 

HKCU\..\..\Explorer\MountPoints2\D
Shell\AutoRun\command =D:\setup.exe 

HKCU\..\..\Explorer\MountPoints2\F
Shell\AutoRun\command =F:\Autorun\UbiAutorun.exe 

HKCU\..\..\Explorer\MountPoints2\G
Shell\AutoRun\command =G:\bicsxk03.com 
Shell\explore\Command =G:\bicsxk03.com 
Shell\open\Command =G:\bicsxk03.com 

HKCU\..\..\Explorer\MountPoints2\{00172267-9ddb-11dd-a596-00a0d15e3078}
Shell\AutoRun\command =E:\ 
Shell\explore\Command =E:\RECYCLED\INFO.exe 
Shell\open\Command =E:\RECYCLED\INFO.exe 

HKCU\..\..\Explorer\MountPoints2\{07c33796-9667-11db-a479-00a0d15e3078}
Shell\AutoRun\command =E:\bicsxk03.com 
Shell\explore\Command =E:\bicsxk03.com 
Shell\open\Command =E:\bicsxk03.com 

HKCU\..\..\Explorer\MountPoints2\{0ac4f6ce-1c66-11de-a5b5-00a0d15e3078}
Shell\AutoRun\command =G:\bicsxk03.com 
Shell\explore\Command =G:\bicsxk03.com 
Shell\open\Command =G:\bicsxk03.com 

HKCU\..\..\Explorer\MountPoints2\{38eb1ef5-e57f-11dc-a526-00a0d15e3078}
Shell\AutoRun\command =E:\bicsxk03.com 
Shell\explore\Command =E:\bicsxk03.com 
Shell\open\Command =E:\bicsxk03.com 

HKCU\..\..\Explorer\MountPoints2\{45a48944-7a90-11dc-a4cf-00a0d15e3078}
Shell\AutoRun\command =E:\bicsxk03.com 
Shell\explore\Command =E:\bicsxk03.com 
Shell\open\Command =E:\bicsxk03.com 

HKCU\..\..\Explorer\MountPoints2\{534ad411-2a19-11dd-a55c-00a0d15e3078}
Shell\AutoRun\command =E:\LaunchU3.exe -a

HKCU\..\..\Explorer\MountPoints2\{534ad412-2a19-11dd-a55c-00a0d15e3078}
Shell\AutoRun\command =G:\bicsxk03.com 
Shell\explore\Command =G:\bicsxk03.com 
Shell\open\Command =G:\bicsxk03.com 

HKCU\..\..\Explorer\MountPoints2\{65087cff-5022-11dc-a4bf-00a0d15e3078}
Shell\Auto\command =E:\AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{79f77acf-67c1-11dd-a579-00a0d15e3078}
Shell\AutoRun\command =E:\bicsxk03.com 
Shell\explore\Command =E:\bicsxk03.com 
Shell\open\Command =E:\bicsxk03.com 

HKCU\..\..\Explorer\MountPoints2\{7f25a959-f887-11dc-a53e-00a0d15e3078}
Shell\AutoRun\command =oufddh.exe 
Shell\explore\Command =oufddh.exe 
Shell\open\Command =oufddh.exe 

HKCU\..\..\Explorer\MountPoints2\{9a395707-bf9d-11db-a492-00a0d15e3078}
Shell\AutoRun\command =E:\bicsxk03.com 
Shell\explore\Command =E:\bicsxk03.com 
Shell\open\Command =E:\bicsxk03.com 

HKCU\..\..\Explorer\MountPoints2\{aae6594c-7515-11dd-a582-00a0d15e3078}
Shell\AutoRun\command =E:\bicsxk03.com 
Shell\explore\Command =E:\bicsxk03.com 
Shell\open\Command =E:\bicsxk03.com 

HKCU\..\..\Explorer\MountPoints2\{aae65993-7515-11dd-a582-00a0d15e3078}
Shell\AutoRun\command =E:\bicsxk03.com 
Shell\explore\Command =E:\bicsxk03.com 
Shell\open\Command =E:\bicsxk03.com 

HKCU\..\..\Explorer\MountPoints2\{aae65a09-7515-11dd-a582-00a0d15e3078}
Shell\AutoRun\command =E:\ 
Shell\explore\Command =E:\RECYCLED\INFO.exe 
Shell\open\Command =E:\RECYCLED\INFO.exe 

HKCU\..\..\Explorer\MountPoints2\{be321e87-1221-11dd-a54f-00a0d15e3078}
Shell\AutoRun\command =E:\bicsxk03.com 
Shell\explore\Command =E:\bicsxk03.com 
Shell\open\Command =E:\bicsxk03.com 

HKCU\..\..\Explorer\MountPoints2\{c71856d4-e788-11dd-a5ac-ae8ac072cf01}
Shell\AutoRun\command =E:\ 
Shell\explore\Command =E:\RECYCLED\INFO.exe 
Shell\open\Command =E:\RECYCLED\INFO.exe 

HKCU\..\..\Explorer\MountPoints2\{d3f60a6c-988f-11dd-a595-00a0d15e3078}
Shell\AutoRun\command =E:\ 
Shell\explore\Command =E:\RECYCLED\INFO.exe 
Shell\open\Command =E:\RECYCLED\INFO.exe 

HKCU\..\..\Explorer\MountPoints2\{d8c769a5-ef71-11dc-a532-00a0d15e3078}
Shell\AutoRun\command =H:\bicsxk03.com 
Shell\explore\Command =H:\bicsxk03.com 
Shell\open\Command =H:\bicsxk03.com 

HKCU\..\..\Explorer\MountPoints2\{d8f7ca5c-8ed9-11dc-a4eb-00a0d15e3078}
Shell\AutoRun\command =E:\.\Recycler\S-1-5-21-3318671052-061502871-8581524341-500\~WRL0258.tmp 
Shell\explore\command =E:\.\Recycler\S-1-5-21-3318671052-061502871-8581524341-500\~WRL0258.tmp 
Shell\Open\command =E:\.\Recycler\S-1-5-21-3318671052-061502871-8581524341-500\~WRL0258.tmp 

HKCU\..\..\Explorer\MountPoints2\{d8f7ca5d-8ed9-11dc-a4eb-00a0d15e3078}
Shell\AutoRun\command =G:\ 
Shell\explore\Command =G:\RECYCLED\INFO.exe 
Shell\open\Command =G:\RECYCLED\INFO.exe 

HKCU\..\..\Explorer\MountPoints2\{dd3787e6-a90e-11dc-a4ff-00a0d15e3078}
Shell\AutoRun\command =bicsxk03.com 
Shell\explore\Command =bicsxk03.com 
Shell\open\Command =bicsxk03.com 

HKCU\..\..\Explorer\MountPoints2\{e82964ff-cc55-11db-a493-00a0d15e3078}
Shell\Auto\command =AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{f235c573-b3ca-11db-a48d-00a0d15e3078}
Shell\AutoRun\command =G:\ 
Shell\explore\Command =RECYCLED\INFO.exe 
Shell\open\Command =RECYCLED\INFO.exe 

################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.016 ! |

gen-hackman · Answer

&#9654  (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

&#9654 Double clic (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci UsbFix présent sur ton bureau

&#9654 Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

&#9654 Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]  

&#9654 Ton bureau disparaitra et le pc redémarrera .

&#9654 Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

&#9654 Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

boumara · Answer

le rapport : 



############################## | UsbFix V6.016 |

User : guillaume (Administrateurs) # YOUR-6FBB7B0EF0
Update on 11/08/09 by Chiquitine29 & C_XX
Start at: 19:58:07 | 11/08/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Core(TM)2 CPU         T5500  @ 1.66GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : Norton Internet Security 2006 2006 [ Enabled | Updated ]
FW : Norton Internet Security 2006[ Enabled ]2006

C:\ -> Disque fixe local # 92,91 Go (27,77 Go free) # NTFS
D:\ -> Disque CD-ROM # 50,45 Mo (0 Mo free) [Monster Trux] # CDFS
E:\ -> Disque amovible # 1,89 Go (1,5 Go free) [CHINE 2008] # FAT32
F:\ -> Disque CD-ROM # 2,51 Go (0 Mo free) [GRAW] # CDFS
G:\ -> Disque amovible # 991,22 Mo (136,83 Mo free) # FAT

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\WINDOWS\system32\ieso0.dll 
Supprimé ! C:\WINDOWS\system32\ieso1.dll 
Supprimé ! C:\WINDOWS\system32\ieso2.dll 
C:\autorun.inf # -> fichier appelé  : "C:\RECYCLED\INFO.exe" ( Présent ! )  
Supprimé ! -> C:\RECYCLED\INFO.exe 
Supprimé ! C:\autorun.inf 
Non supprimé ! D:\autorun.inf 
E:\autorun.inf # -> fichier appelé  : "E:\bicsxk03.com" ( Absent ! )  
E:\autorun.inf # -> fichier appelé  : "E:\RECYCLED\INFO.exe" ( Présent ! )  
Supprimé ! -> E:\RECYCLED\INFO.exe 
Supprimé ! E:\autorun.inf 
Non supprimé ! F:\autorun.inf 
G:\autorun.inf # -> fichier appelé  : "G:\RECYCLED\INFO.exe" ( Absent ! )  
Supprimé ! G:\autorun.inf 

################## | Autres |


################## | Suspect ! ... | https://www.virustotal.com/gui/ |


################## | Registre # Clés Run infectieuses |

# HKLM\software\microsoft\security center "AntiVirusDisableNotify" # -> Reset sucessfully !  

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\C\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\D\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\F\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\G\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{00172267-9ddb-11dd-a596-00a0d15e3078}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{07c33796-9667-11db-a479-00a0d15e3078}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{0ac4f6ce-1c66-11de-a5b5-00a0d15e3078}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{38eb1ef5-e57f-11dc-a526-00a0d15e3078}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{45a48944-7a90-11dc-a4cf-00a0d15e3078}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{534ad411-2a19-11dd-a55c-00a0d15e3078}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{534ad412-2a19-11dd-a55c-00a0d15e3078}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{65087cff-5022-11dc-a4bf-00a0d15e3078}\Shell\Auto\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{79f77acf-67c1-11dd-a579-00a0d15e3078}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{7f25a959-f887-11dc-a53e-00a0d15e3078}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{9a395707-bf9d-11db-a492-00a0d15e3078}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{aae6594c-7515-11dd-a582-00a0d15e3078}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{aae65993-7515-11dd-a582-00a0d15e3078}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{aae65a09-7515-11dd-a582-00a0d15e3078}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{be321e87-1221-11dd-a54f-00a0d15e3078}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{c71856d4-e788-11dd-a5ac-ae8ac072cf01}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{d3f60a6c-988f-11dd-a595-00a0d15e3078}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{d8c769a5-ef71-11dc-a532-00a0d15e3078}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{d8f7ca5c-8ed9-11dc-a4eb-00a0d15e3078}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{d8f7ca5d-8ed9-11dc-a4eb-00a0d15e3078}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{dd3787e6-a90e-11dc-a4ff-00a0d15e3078}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{e82964ff-cc55-11db-a493-00a0d15e3078}\Shell\Auto\Command  

################## | Listing des fichiers présent |

[30/12/2007 03:34|--ah-----|0] -> C:\.protected 
[11/08/2009 19:57|--a------|659570] -> C:\APIHook.log 
[28/03/2008 17:28|-rahs----|209] -> C:\boot.ini 
[10/08/2004 14:00|-rahs----|4952] -> C:\Bootfont.bin 
[15/09/2006 14:41|--a------|0] -> C:\CONFIG.SYS 
[?|?|?] -> C:\hiberfil.sys 
[30/12/2007 02:11|--a------|0] -> C:\Install 
[15/09/2006 14:41|-rahs----|0] -> C:\IO.SYS 
[11/08/2009 15:30|--a------|1233] -> C:\List'em.txt 
[11/05/2009 17:54|--a------|157184] -> C:\memoir.doc 
[10/05/2009 18:51|--a------|168381] -> C:\memoir.pdf 
[15/09/2006 14:41|-rahs----|0] -> C:\MSDOS.SYS 
[10/08/2004 14:00|-rahs----|47564] -> C:\NTDETECT.COM 
[10/08/2004 14:00|-rahs----|251712] -> C:
tldr 
[?|?|?] -> C:\pagefile.sys 
[08/08/2009 04:06|--a------|10247] -> C:esolve.log 
[11/08/2009 14:57|--ah-----|268] -> C:\sqmdata00.sqm 
[11/08/2009 15:01|--ah-----|268] -> C:\sqmdata01.sqm 
[11/08/2009 16:45|--ah-----|268] -> C:\sqmdata02.sqm 
[21/08/2008 18:09|--ah-----|268] -> C:\sqmdata03.sqm 
[21/08/2008 19:13|--ah-----|268] -> C:\sqmdata04.sqm 
[24/08/2008 14:17|--ah-----|268] -> C:\sqmdata05.sqm 
[27/08/2008 01:47|--ah-----|268] -> C:\sqmdata06.sqm 
[29/08/2008 17:44|--ah-----|268] -> C:\sqmdata07.sqm 
[29/08/2008 19:04|--ah-----|268] -> C:\sqmdata08.sqm 
[14/09/2008 02:37|--ah-----|268] -> C:\sqmdata09.sqm 
[02/11/2008 13:06|--ah-----|268] -> C:\sqmdata10.sqm 
[14/12/2008 18:25|--ah-----|232] -> C:\sqmdata11.sqm 
[06/02/2009 17:26|--ah-----|268] -> C:\sqmdata12.sqm 
[16/03/2009 00:33|--ah-----|268] -> C:\sqmdata13.sqm 
[23/07/2009 15:03|--ah-----|268] -> C:\sqmdata14.sqm 
[23/07/2009 16:04|--ah-----|268] -> C:\sqmdata15.sqm 
[30/07/2009 13:20|--ah-----|268] -> C:\sqmdata16.sqm 
[30/07/2009 13:32|--ah-----|268] -> C:\sqmdata17.sqm 
[08/08/2009 01:46|--ah-----|268] -> C:\sqmdata18.sqm 
[08/08/2009 02:01|--ah-----|268] -> C:\sqmdata19.sqm 
[11/08/2009 14:57|--ah-----|244] -> C:\sqmnoopt00.sqm 
[11/08/2009 15:01|--ah-----|244] -> C:\sqmnoopt01.sqm 
[11/08/2009 16:45|--ah-----|244] -> C:\sqmnoopt02.sqm 
[21/08/2008 18:09|--ah-----|244] -> C:\sqmnoopt03.sqm 
[21/08/2008 19:13|--ah-----|244] -> C:\sqmnoopt04.sqm 
[24/08/2008 14:17|--ah-----|244] -> C:\sqmnoopt05.sqm 
[27/08/2008 01:47|--ah-----|244] -> C:\sqmnoopt06.sqm 
[29/08/2008 17:44|--ah-----|244] -> C:\sqmnoopt07.sqm 
[29/08/2008 19:04|--ah-----|244] -> C:\sqmnoopt08.sqm 
[14/09/2008 02:37|--ah-----|244] -> C:\sqmnoopt09.sqm 
[02/11/2008 13:06|--ah-----|244] -> C:\sqmnoopt10.sqm 
[14/12/2008 18:25|--ah-----|244] -> C:\sqmnoopt11.sqm 
[06/02/2009 17:26|--ah-----|244] -> C:\sqmnoopt12.sqm 
[16/03/2009 00:33|--ah-----|244] -> C:\sqmnoopt13.sqm 
[23/07/2009 15:03|--ah-----|244] -> C:\sqmnoopt14.sqm 
[23/07/2009 16:04|--ah-----|244] -> C:\sqmnoopt15.sqm 
[30/07/2009 13:20|--ah-----|244] -> C:\sqmnoopt16.sqm 
[30/07/2009 13:32|--ah-----|244] -> C:\sqmnoopt17.sqm 
[08/08/2009 01:46|--ah-----|244] -> C:\sqmnoopt18.sqm 
[08/08/2009 02:01|--ah-----|244] -> C:\sqmnoopt19.sqm 
[27/09/2006 16:30|--ah-----|176] -> C:\SWSTAMP.TXT 
[11/08/2009 20:02|--a------|8991] -> C:\UsbFix.txt 
[21/07/2008 12:33|-r-------|3822] -> D:\Readme.txt 
[18/07/2008 15:02|-r-------|52519708] -> D:\Setup.exe 
[21/07/2008 12:33|-r-------|27] -> D:\autorun.inf 
[20/06/2009 05:47|--ah-----|4096] -> E:\._.Trashes 
[03/07/2009 14:58|--ah-----|6148] -> E:\.DS_Store 
[11/08/2009 14:43|--a------|113270] -> E:\CleanX-II.exe 
[11/08/2009 14:52|--a------|646] -> E:\cleaner.txt 
[11/08/2009 14:18|--a------|31496] -> E:\info.txt 
[11/08/2009 14:18|--a------|30989] -> E:\log.txt 
[11/08/2009 14:20|--a------|10247] -> E:esolve.txt 
[03/07/2009 15:26|--a------|263074] -> E:\M‚moire ssh, m‚dias, pouvoir et soci‚t‚.pdf 
[03/07/2009 15:28|--ah-----|4096] -> E:\._M‚moire ssh, m‚dias, pouvoir et soci‚t‚.pdf 
[03/03/2006 18:02|-r-------|86] -> F:\Autorun.inf 
[27/02/2006 11:51|-r-------|4406] -> F:\GRAW.ico 
[14/10/2005 23:07|-r-------|106496] -> F:\autorun.exe 
[17/04/2006 14:06|-r-------|1586612] -> F:\data1.cab 
[17/04/2006 14:06|-r-------|110022] -> F:\data1.hdr 
[17/04/2006 14:09|-r-------|578248704] -> F:\data2.cab 
[17/04/2006 14:12|-r-------|702545920] -> F:\data3.cab 
[17/04/2006 14:15|-r-------|702545920] -> F:\data4.cab 
[17/04/2006 14:17|-r-------|576910302] -> F:\data5.cab 
[24/03/2005 08:46|-r-------|417992] -> F:\engine32.cab 
[17/04/2006 14:17|-r-------|1683] -> F:\layout.bin 
[10/02/2006 11:45|-r-------|689456] -> F:\setup.bmp 
[17/04/2006 14:06|-r-------|406425] -> F:\setup.boot 
[24/03/2005 11:00|-r-------|109800] -> F:\setup.exe 
[17/04/2006 14:06|-r-------|486] -> F:\setup.ini 
[13/04/2006 23:02|-r-------|187170] -> F:\setup.inx 
[28/06/2008 14:29|--a------|205317] -> G:\passeport.jpg 
[08/08/2009 02:51|--a------|88064] -> G:\brontgui.com 
[12/05/2009 22:37|--ah-----|12292] -> G:\.DS_Store 
[23/11/2008 16:03|--ah-----|296] -> G:\WMPInfo.xml 
[24/07/2009 15:42|--a------|13388] -> G:\MEM AOUT.odt 
[28/06/2008 14:54|--ah-----|82] -> G:\._scan_8628142923_1.jpg 
[24/07/2009 15:42|--a------|75776] -> G:\MEM AOUT.doc 
[08/08/2009 04:32|--a------|73728] -> G:\KillBox.exe 
[08/08/2009 04:31|--a------|9021376] -> G:\windows-kb890830-v2.12.exe 
[08/08/2009 02:31|--a------|812344] -> G:\HJTInstall.exe 
[08/08/2009 09:52|--a------|68096] -> G:\TableauVolailles_fev oct  09.xls 
[24/04/2007 04:07|--ah-----|82] -> G:\._.TemporaryItems 
[11/08/2009 18:52|--a------|8181] -> G:\Nouveau Document texte.txt 
[10/02/2009 18:01|--ah-----|82] -> G:\._dossier sport k3 gb 
[11/08/2009 15:25|--a------|67584] -> G:\Listem.exe 
[11/08/2009 15:47|--a------|513536] -> G:\OTL.exe 
[11/08/2009 16:03|--a------|1501965] -> G:\AD-R.exe 
[28/03/2009 15:23|--a------|1125020] -> G:\Muscle control-muscle what exercises whould you prescribe.pdf 
[11/08/2009 16:02|--a------|1067] -> G:\Nouveau Document texte (2).txt 
[11/08/2009 18:47|--a------|1266287] -> G:\UsbFix.exe 
[28/06/2008 14:55|--a------|102254] -> G:\carte vitale.jpg 
[28/06/2008 14:54|--ah-----|82] -> G:\._scan_8628142734_1.jpg 
[24/06/2008 20:30|--a------|79064] -> G:\curriculum vitae.pdf 
[28/06/2008 14:55|--ah-----|82] -> G:\._scan_8628145525_1.jpg 
[15/10/2008 19:07|--a------|10940] -> G:\cv guillaume.odt 
[28/06/2008 14:27|--a------|232522] -> G:\diplome bnssa.jpg 
[18/06/2008 17:25|--a------|14839] -> G:\dossier cardio.odt 
[07/04/2009 16:54|--a------|8190] -> G:\langue africaine.odt 
[17/05/2008 22:54|-r-h-----|474] -> G:\winamp_cache_0001.xml 

################## | Cracks / Keygens / Serials |


################## | Upload | 

Veuillez envoyer le fichier : C:\UsbFix\UsbFix_Upload_Me_YOUR-6FBB7B0EF0.zip : https://www.androidworld.fr/ 
Merci pour votre contribution .

gen-hackman · Answer

si tu as ce dossier présent , à la fin de ton rapport , envoie-le au lien indiqué

boumara · Answer

c'est fait doc.

j'attend vos instructions

gen-hackman · Answer

&#9654 Télécharge Cleansur ton bureau : 

&#9654 Une fois sur le bureau, tu fais un clic droit sur ton fichier clean.zip et dans le menu déroulant, tu clics sur extrait tout ou extraire ici. 
&#9654 Cela va créer un dossier clean. 
&#9654 Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers. 
&#9654 Double-clic sur clean. Cela va ouvrir une fenêtre noire. 
&#9654 Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier. 
&#9654 Clean va travailler. 
&#9654 Un rapport Va etre généré, colle le contenu entier ici.

boumara · Answer

je dois partir et je n'ais pa de connexion chez moi.

je serais la demain vers 16h

merci beaucoup pour le temps que vous avez pris pour m'aider.

gen-hackman · Answer

;°)

boumara · Answer

salut voila le rapport clean : 

 13/08/2009 a 12:52:22,45 
 
*** Recherche des fichiers dans C: 
 
*** Recherche des fichiers dans C:\WINDOWS\ 
 
*** Recherche des fichiers dans C:\WINDOWS\system32 
C:\WINDOWS\system32\SpoonUninstall.exe FOUND 
 
*** Recherche des fichiers dans C:\Program Files 
"C:\Program Files\Outerinfo" FOUND 
"C:\Program Files\PartyGaming\" FOUND 
"C:\Program Files\Ultimate Cleaner\" FOUND 
"C:\Program Files\Ultimate Defender" FOUND 




Veuillez svp envoyer le fichier C:\upload_moi_YOUR-6FBB7B0EF0.tar.gz a l'adresse http://upload.malekal.com

boumara · Answer

ps : il m'a encore écrit un message sur les pilotes de périphérique et j'ai cliqué sur ignorer.

boumara · Answer

ca a l'air d'allé mieu car je n'ai plus le message de windows et les navigateur remarche.

gen-hackman · Answer

tu peux faire l'option nettoyage avec clean

boumara · Answer

c'est fait

c'est fini?

gen-hackman · Answer

non


Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.



&#9654 Télécharge :

Malwarebytes  

ou  :

Malwarebytes

&#9654 Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

&#9654 Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

&#9654 Lance Malwarebyte's .

Fais un examen dit "Complet" .

&#9654 Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
&#9654 à la fin tu cliques sur "résultat" .
&#9654 Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

&#9654 Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


&#9654 Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

boumara · Answer

salut
il refuse de lancé malware en mode normale....
j'essaye en mode sans echec?

gen-hackman · Answer

oui 

tu peux me remerttre le rapport de netttoyage de clean stp ?

boumara · Answer

oui, dès que malware a fini.

gen-hackman · Answer

non je te demande le rapport du nettoyage de clean zip

boumara · Answer

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2630
Windows 5.1.2600 Service Pack 2 (Safe Mode)

15/08/2009 19:31:52
mbam-log-2009-08-15 (19-31-48).txt

Type de recherche: Examen complet (C:\|G:\|)
Eléments examinés: 160911
Temps écoulé: 1 hour(s), 11 minute(s), 42 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 20

Processus mémoire infecté(s):
C:\WINDOWS\System.exe (Worm.Autorun) -> No action taken.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)




rapport clean : upload 2



C:\WINDOWS\System32\MRT.exe -->07/07/2009 08:10:58
C:\WINDOWS\System32\pxinsi64.exe -->15/04/2009 22:25:42
C:\WINDOWS\System32\pxinsa64.exe -->15/04/2009 22:25:42
C:\WINDOWS\System32\pxhpinst.exe -->15/04/2009 22:25:42
C:\WINDOWS\System32\pxcpyi64.exe -->15/04/2009 22:25:42
C:\WINDOWS\System32\pxcpya64.exe -->15/04/2009 22:25:42
C:\WINDOWS\System32\VXBLOCK.dll -->15/04/2009 22:25:42
C:\WINDOWS\System32\PxWave.dll -->15/04/2009 22:25:42
C:\WINDOWS\System32\pxsfs.dll -->15/04/2009 22:25:42
C:\WINDOWS\System32\PxMas.dll -->15/04/2009 22:25:42
C:\WINDOWS\System32\pxdrv.dll -->15/04/2009 22:25:42
C:\WINDOWS\System32\pxafs.dll -->15/04/2009 22:25:42
C:\WINDOWS\System32\Px.dll -->15/04/2009 22:25:42
C:\WINDOWS\System32\dpl100.dll -->15/04/2009 22:24:40
C:\WINDOWS\System32\divx_xx11.dll -->15/04/2009 22:24:38
C:\WINDOWS\System32\divx_xx0c.dll -->15/04/2009 22:24:38
C:\WINDOWS\System32\divx_xx0a.dll -->15/04/2009 22:24:38
C:\WINDOWS\System32\divx_xx07.dll -->15/04/2009 22:24:38


Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\realteks (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Dossier(s) infecté(s):
C:\Documents and Settings\guillaume\Application Data\EliteProtector (Rogue.EliteProtector) -> No action taken.
C:\Documents and Settings\guillaume\Application Data\EliteProtector\logs (Rogue.EliteProtector) -> No action taken.
C:\Program Files\EliteProtector (Rogue.EliteProtector) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\guillaume\Application Data\pdinstall.exe (Rogue.PerfectDefender) -> No action taken.
C:\Program Files\eoRezo\EoEngine.exe (Adware.EoRezo) -> No action taken.
C:\Program Files\eoRezo\EoAdv\EoAdv.dll (Adware.EoRezo) -> No action taken.
C:\Program Files\SystemGuards.com\SystemGuards\update.exe (Rogue.MalwareSweeper) -> No action taken.
C:\Program Files\SystemGuards.com\SystemGuards\Update DB\update.exe (Rogue.MalwareSweeper) -> No action taken.
C:\WINDOWS\system32\md5.dll (Rogue.Trace) -> No action taken.
C:\Documents and Settings\guillaume\Application Data\EliteProtector\logs\1198975083.log (Rogue.EliteProtector) -> No action taken.
C:\Documents and Settings\guillaume\Application Data\EliteProtector\logs\1198976117.log (Rogue.EliteProtector) -> No action taken.
C:\Program Files\EliteProtector\EliteProtector.db (Rogue.EliteProtector) -> No action taken.
C:\Program Files\EliteProtector\EliteProtector.pkg (Rogue.EliteProtector) -> No action taken.
C:\Program Files\EliteProtector\program.info (Rogue.EliteProtector) -> No action taken.
C:\Documents and Settings\guillaume\Application Data\Google\Shell32.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\guillaume\Application Data\Google\cqvgl19623160.exe (Trojan.FakeAlert) -> No action taken.
C:\.protected (Rogue.Multiple) -> No action taken.
C:\Autorun.inf (SuspectAutorun.Rootdrive.H) -> No action taken.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\.protected (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\guillaume\Menu Démarrer\Programmes\Démarrage\.protected (Rogue.Multiple) -> No action taken.
C:\WINDOWS\system32\drivers\etc\.protected (Rogue.Multiple) -> No action taken.
C:\WINDOWS\.protected (Rogue.Multiple) -> No action taken.
C:\WINDOWS\System.exe (Worm.Autorun) -> No action taken.

boumara · Answer

je crois que c'est ce que tu voulais pour clean. le dernier rapport dans C:/ dis juste de upload un fichier zip

gen-hackman · Answer

ok et mon rapport de AD-Remover il est ou .?.

Win32.brontok..... à l'aide svp

41 réponses

Discussions similaires

Newsletters