A voir également:
- Le Gestionnaire des tâches ne s'execute pas
- Gestionnaire des taches windows 11 - Guide
- Gestionnaire des taches - Guide
- Windows 11 barre des taches a gauche - Guide
- Barre des taches - Guide
- Gestionnaire de périphérique - Guide
22 réponses
salut :
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
▶ Télécharge List&Kill'em et enregistre le sur ton bureau
▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "creer une icone sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis la langue puis choisis l'option 1 = Mode Recherche
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
▶ Télécharge List&Kill'em et enregistre le sur ton bureau
▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "creer une icone sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis la langue puis choisis l'option 1 = Mode Recherche
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
espace
Je comprends pas mais quand je clic sur votre lien que vous m'avez envoyer le message "Oups ! Petit problème... Ce lien semble corrompu" apparait et par conséquence je pas télécharger le logiciel.
Voila puisque vous l'avez invoqué (le navigateur Firefox) je veux vous parler un peux à quoi consiste aussi mon problème: C'est que quand je veux ouvrir une fenêtre Firefox c'est Explorer qui s'ouvre à ça place sur une page de démarrage que moi-même je ne l’ai pas choisi et que je ne le connais même pas et dont l'historique d’Explorer s'efface automatiquement. En plus de cela même quand j'ai changé la page d'accueil ça n'a rein changer et Explorer continu à utiliser la première page d'accueil.
Et pour revenir à votre question: J'ai essayé même avec un autre PC et autre navigateur au même temps mais le résultat et toujours le même.
Et pour revenir à votre question: J'ai essayé même avec un autre PC et autre navigateur au même temps mais le résultat et toujours le même.
ma foi je comprends pas chez moi ca marche tres bien
▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option "L" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option "L" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 05.02.2010 à 17:34
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 19:53:26, 05/02/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: WINDOWS-5F42FC9 | Utilisateur actuel: Windows XP
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.7 [fr] *
.
Nom du profil: jkhyx6dn.default (Windows XP)
.
(WINDOW~1, prefs.js) Browser.download.lastDir, G:\Mémoire 2010\Cours\Divers
(WINDOW~1, prefs.js) Browser.search.defaultenginename, Yahoo
(WINDOW~1, prefs.js) Browser.search.defaulturl, hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
(WINDOW~1, prefs.js) Browser.search.selectedEngine, Wikipédia fr
(WINDOW~1, prefs.js) Browser.startup.homepage, www.google.fr
(WINDOW~1, prefs.js) Extensions.enabledItems, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,jqs@sun.com:1.0,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7
(WINDOW~1, prefs.js) Keyword.URL, hxxp://fr.search.yahoo.com/search?fr=ffds1&p=
.
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Use Custom Search URL: 1 (0x1)
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
2803 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
2197 Fichier(s) - C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp
116 Fichier(s) - C:\WINDOWS\Temp
0 Fichier(s) - C:\WINDOWS\Prefetch
.
18 Fichier(s) - C:\Ad-Remover\BACKUP
0 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 19:58:39 | 05/02/2010 - CLEAN[1]
.
============== E.O.F ==============
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 05.02.2010 à 17:34
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 19:53:26, 05/02/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: WINDOWS-5F42FC9 | Utilisateur actuel: Windows XP
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.7 [fr] *
.
Nom du profil: jkhyx6dn.default (Windows XP)
.
(WINDOW~1, prefs.js) Browser.download.lastDir, G:\Mémoire 2010\Cours\Divers
(WINDOW~1, prefs.js) Browser.search.defaultenginename, Yahoo
(WINDOW~1, prefs.js) Browser.search.defaulturl, hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
(WINDOW~1, prefs.js) Browser.search.selectedEngine, Wikipédia fr
(WINDOW~1, prefs.js) Browser.startup.homepage, www.google.fr
(WINDOW~1, prefs.js) Extensions.enabledItems, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,jqs@sun.com:1.0,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7
(WINDOW~1, prefs.js) Keyword.URL, hxxp://fr.search.yahoo.com/search?fr=ffds1&p=
.
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Use Custom Search URL: 1 (0x1)
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
2803 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
2197 Fichier(s) - C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp
116 Fichier(s) - C:\WINDOWS\Temp
0 Fichier(s) - C:\WINDOWS\Prefetch
.
18 Fichier(s) - C:\Ad-Remover\BACKUP
0 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 19:58:39 | 05/02/2010 - CLEAN[1]
.
============== E.O.F ==============
.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
List'em by g3n-h@ckm@n 1.2.4.0
User : Windows XP (Administrateurs)
Update on 05/02/2010 by g3n-h@ckm@n ::::: 18.40
Start at: 21:25:58 | 05/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
Intel(R) Pentium(R) 4 CPU 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 17,76 Go (6,76 Go free) | NTFS
D:\ -> Disque fixe local | 19,54 Go (18,96 Go free) | FAT32
E:\ -> Disque CD-ROM
G:\ -> Disque amovible | 1,92 Go (1018,24 Mo free) | FAT32
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Windows XP\Local Settings\Temp\2.tmp\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Search Protection REG_SZ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
baseWINDOWS REG_SZ C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HPDJ Taskbar Utility REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MsmqIntCert REG_SZ regsvr32 /s mqrt.dll
YSearchProtection REG_SZ "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
Adobe Reader 9.0 REG_SZ C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
DisableCAD REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 0 (0x0)
ForceClassicControlPanel REG_DWORD 1 (0x1)
NoSMMyPictures REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ WINDOWS-5F42FC9
DefaultUserName REG_SZ Windows XP
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
DisableCAD REG_DWORD 0 (0x0)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Windows XP
AltDefaultDomainName REG_SZ WINDOWS-5F42FC9
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\WINDOWS\system32\mqsvc.exe REG_SZ C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Paltalk Messenger\paltalk.exe REG_SZ C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene
C:\Program Files\Skype\Plugin Manager\skypePM.exe REG_SZ C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\WINDOWS\system32\mqsvc.exe REG_SZ C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30F71986-F2F2-33C8-89AA-99E566B04FD2}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CAAFB8F9-F8D1-3D27-9AAA-6301A4429440}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.site-officiel.110mb.com/
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x4 ( OK = 2 )
wuauserv : 0x4 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Windows XP\Local Settings\Temp\2.tmp
## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\Drivers\atapi.sys
Sources
=======
C:\WINDOWS\system32\drivers\atapi.sys
Référence :
==========
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
C:\Autorun.inf :
----------------
[autorun]
shellexecute=Wscript.exe /e:vbs Thumbss.db
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
17,76 Go total, 6,76 Go libre (38%), 17% fragment‚ (fragmentation du fichier 34%)
Vous devriez d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\Documents and Settings\Windows XP\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\Windows XP\Local Settings\Temp\RN1.htm
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\8BD54F3E-DD19-4a69-93D8-5C6A5BBBE20E.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx20Client_Package_x86.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx20SP2ClientLangpack_fr_x86.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx30Client_Package_x86.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx30SP2ClientLangpack_fr_x86.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx35Client_Package_x86.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx35SP1ClientLangpack_fr_x86.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx35SP1Client_fr_x86.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\ose00000.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\setup_wm.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures
Present !! : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures
Present !! : HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\taskmgr.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\trjscan.exe"
============
User : Windows XP (Administrateurs)
Update on 05/02/2010 by g3n-h@ckm@n ::::: 18.40
Start at: 21:25:58 | 05/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
Intel(R) Pentium(R) 4 CPU 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 17,76 Go (6,76 Go free) | NTFS
D:\ -> Disque fixe local | 19,54 Go (18,96 Go free) | FAT32
E:\ -> Disque CD-ROM
G:\ -> Disque amovible | 1,92 Go (1018,24 Mo free) | FAT32
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Windows XP\Local Settings\Temp\2.tmp\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Search Protection REG_SZ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
baseWINDOWS REG_SZ C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HPDJ Taskbar Utility REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MsmqIntCert REG_SZ regsvr32 /s mqrt.dll
YSearchProtection REG_SZ "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
Adobe Reader 9.0 REG_SZ C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
DisableCAD REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 0 (0x0)
ForceClassicControlPanel REG_DWORD 1 (0x1)
NoSMMyPictures REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ WINDOWS-5F42FC9
DefaultUserName REG_SZ Windows XP
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
DisableCAD REG_DWORD 0 (0x0)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Windows XP
AltDefaultDomainName REG_SZ WINDOWS-5F42FC9
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\WINDOWS\system32\mqsvc.exe REG_SZ C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Paltalk Messenger\paltalk.exe REG_SZ C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene
C:\Program Files\Skype\Plugin Manager\skypePM.exe REG_SZ C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\WINDOWS\system32\mqsvc.exe REG_SZ C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30F71986-F2F2-33C8-89AA-99E566B04FD2}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CAAFB8F9-F8D1-3D27-9AAA-6301A4429440}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.site-officiel.110mb.com/
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x4 ( OK = 2 )
wuauserv : 0x4 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Windows XP\Local Settings\Temp\2.tmp
## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\Drivers\atapi.sys
Sources
=======
C:\WINDOWS\system32\drivers\atapi.sys
Référence :
==========
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
C:\Autorun.inf :
----------------
[autorun]
shellexecute=Wscript.exe /e:vbs Thumbss.db
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
17,76 Go total, 6,76 Go libre (38%), 17% fragment‚ (fragmentation du fichier 34%)
Vous devriez d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\Documents and Settings\Windows XP\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\Windows XP\Local Settings\Temp\RN1.htm
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\8BD54F3E-DD19-4a69-93D8-5C6A5BBBE20E.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx20Client_Package_x86.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx20SP2ClientLangpack_fr_x86.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx30Client_Package_x86.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx30SP2ClientLangpack_fr_x86.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx35Client_Package_x86.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx35SP1ClientLangpack_fr_x86.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx35SP1Client_fr_x86.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\ose00000.exe
Present !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\setup_wm.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures
Present !! : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures
Present !! : HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\taskmgr.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\trjscan.exe"
============
▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option 2 = Mode Suppression
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
mais cette fois-ci :
▶ choisis l'option 2 = Mode Suppression
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
Kill'em by g3n-h@ckm@n 1.2.4.0
User : Windows XP (Administrateurs)
Update on 05/02/2010 by g3n-h@ckm@n ::::: 18.40
Start at: 13:11:22 | 06/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
Intel(R) Pentium(R) 4 CPU 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 17,76 Go (6,76 Go free) | NTFS
D:\ -> Disque fixe local | 19,54 Go (18,96 Go free) | FAT32
E:\ -> Disque CD-ROM
G:\ -> Disque amovible | 1,92 Go (1018,24 Mo free) | FAT32
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Windows XP\Local Settings\Temp\B.tmp\ERUNT.EXE
C:\Documents and Settings\Windows XP\Local Settings\Temp\B.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\Local Settings\Temp\dw.log
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\Local Settings\Temp\RN1.htm
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\8BD54F3E-DD19-4a69-93D8-5C6A5BBBE20E.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx20Client_Package_x86.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx20SP2ClientLangpack_fr_x86.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx30Client_Package_x86.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx30SP2ClientLangpack_fr_x86.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx35Client_Package_x86.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx35SP1ClientLangpack_fr_x86.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx35SP1Client_fr_x86.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\ose00000.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\setup_wm.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\catchme.dll
==============
host file OK !
==============
========
Registry
========
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures
Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\taskmgr.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\trjscan.exe"
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
User : Windows XP (Administrateurs)
Update on 05/02/2010 by g3n-h@ckm@n ::::: 18.40
Start at: 13:11:22 | 06/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
Intel(R) Pentium(R) 4 CPU 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 17,76 Go (6,76 Go free) | NTFS
D:\ -> Disque fixe local | 19,54 Go (18,96 Go free) | FAT32
E:\ -> Disque CD-ROM
G:\ -> Disque amovible | 1,92 Go (1018,24 Mo free) | FAT32
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\WINDOWS\system32\Wscript.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Windows XP\Local Settings\Temp\B.tmp\ERUNT.EXE
C:\Documents and Settings\Windows XP\Local Settings\Temp\B.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\Local Settings\Temp\dw.log
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\Local Settings\Temp\RN1.htm
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\8BD54F3E-DD19-4a69-93D8-5C6A5BBBE20E.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx20Client_Package_x86.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx20SP2ClientLangpack_fr_x86.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx30Client_Package_x86.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx30SP2ClientLangpack_fr_x86.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx35Client_Package_x86.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx35SP1ClientLangpack_fr_x86.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\DotNetFx35SP1Client_fr_x86.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\ose00000.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\setup_wm.exe
Quarantined & Deleted !! : C:\Documents and Settings\Windows XP\LOCAL Settings\Temp\catchme.dll
==============
host file OK !
==============
========
Registry
========
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures
Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\taskmgr.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\trjscan.exe"
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
▶ clic droit "executer en tant qu'administrateur" sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
O27 - HKLM IFEO\AutorunRemover.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\Avira.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\chrome.exe: Debugger - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
O27 - HKLM IFEO\dotnet3.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnet3[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnet3[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx30SP1setup.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx30SP1setup[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx30SP1setup[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35setup.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35setup[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35setup[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3setup.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3setup[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3setup[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\drwtsn32.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\dwwin.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\firefox.exe: Debugger - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
O27 - HKLM IFEO\LaunchU3.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\MSConfig.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\mvyA.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\Opera.exe: Debugger - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
O27 - HKLM IFEO\rav.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\Rmvtrjan.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\rstrui.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\Safari.exe: Debugger - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
O27 - HKLM IFEO\Startup CP.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O33 - MountPoints2\{451ab14a-8771-11de-80d7-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{451ab14a-8771-11de-80d7-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 20:02:15 | 008,517,632 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{98118b55-11b9-11df-b6bf-0001805e8b8e}\Shell - "" = AutoRun
O33 - MountPoints2\{98118b55-11b9-11df-b6bf-0001805e8b8e}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 20:02:15 | 008,517,632 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{e16eec20-8b6e-11de-b551-0001805e8b8e}\Shell - "" = AutoRun
O33 - MountPoints2\{e16eec20-8b6e-11de-b551-0001805e8b8e}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 20:02:15 | 008,517,632 | ---- | M] (Microsoft Corporation)
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"IMJPMIG8.1"=-
"PHIME2002A"=-
"PHIME2002ASync"=-
"QuickTime Task"=-
"TkBellExe"=-
"Adobe Reader 9.0"=-
"MsmqIntCert"=-
[HKEY_USERS\S-1-5-21-1123561945-1482476501-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"baseWINDOWS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify =0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Paltalk Messenger\paltalk.exe"=-
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"=-
:files
C:\WINDOWS\System32\baseWINDOWS.db
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
O27 - HKLM IFEO\AutorunRemover.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\Avira.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\chrome.exe: Debugger - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
O27 - HKLM IFEO\dotnet3.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnet3[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnet3[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx30SP1setup.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx30SP1setup[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx30SP1setup[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35setup.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35setup[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35setup[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3setup.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3setup[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3setup[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\drwtsn32.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\dwwin.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\firefox.exe: Debugger - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
O27 - HKLM IFEO\LaunchU3.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\MSConfig.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\mvyA.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\Opera.exe: Debugger - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
O27 - HKLM IFEO\rav.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\Rmvtrjan.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\rstrui.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O27 - HKLM IFEO\Safari.exe: Debugger - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
O27 - HKLM IFEO\Startup CP.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\baseWINDOWS.db (Microsoft Corporation)
O33 - MountPoints2\{451ab14a-8771-11de-80d7-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{451ab14a-8771-11de-80d7-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 20:02:15 | 008,517,632 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{98118b55-11b9-11df-b6bf-0001805e8b8e}\Shell - "" = AutoRun
O33 - MountPoints2\{98118b55-11b9-11df-b6bf-0001805e8b8e}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 20:02:15 | 008,517,632 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{e16eec20-8b6e-11de-b551-0001805e8b8e}\Shell - "" = AutoRun
O33 - MountPoints2\{e16eec20-8b6e-11de-b551-0001805e8b8e}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 20:02:15 | 008,517,632 | ---- | M] (Microsoft Corporation)
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"IMJPMIG8.1"=-
"PHIME2002A"=-
"PHIME2002ASync"=-
"QuickTime Task"=-
"TkBellExe"=-
"Adobe Reader 9.0"=-
"MsmqIntCert"=-
[HKEY_USERS\S-1-5-21-1123561945-1482476501-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"baseWINDOWS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify =0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Paltalk Messenger\paltalk.exe"=-
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"=-
:files
C:\WINDOWS\System32\baseWINDOWS.db
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader 9.0 deleted successfully.
Item C:\WINDOWS\system32\wscript.exe is whitelisted and cannot be moved.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MsmqIntCert deleted successfully.
C:\WINDOWS\system32\mqrt.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1123561945-1482476501-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Run\\baseWINDOWS deleted successfully.
Item C:\WINDOWS\system32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutorunRemover.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Avira.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe\ deleted successfully.
C:\Program Files\Internet Explorer\iexplore.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnet3.exe\ deleted successfully.
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnet3[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnet3[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3_ia64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3_ia64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3_ia64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3_x64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3_x64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3_x64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx30SP1setup.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx30SP1setup[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx30SP1setup[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx35.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx35[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx35[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx35setup.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx35setup[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx35setup[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3setup.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3setup[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3setup[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwtsn32.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwwin.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\ deleted successfully.
File C:\Program Files\Internet Explorer\IEXPLORE.EXE not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LaunchU3.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSConfig.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mvyA.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP1_ia64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP1_ia64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP1_ia64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP1_x64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP1_x64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP1_x64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP1_x86.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP1_x86[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP1_x86[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP2_ia64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP2_ia64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP2_ia64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP2_x64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP2_x64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP2_x64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP2_x86.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP2_x86[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP2_x86[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx30SP1_x64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx30SP1_x64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx30SP1_x64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx30SP1_x86.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx30SP1_x86[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx30SP1_x86[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx35_ia64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx35_ia64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx35_ia64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx35_x64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx35_x64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx35_x64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx35_x86.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx35_x86[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx35_x86[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Opera.exe\ deleted successfully.
File C:\Program Files\Internet Explorer\IEXPLORE.EXE not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rmvtrjan.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Safari.exe\ deleted successfully.
File C:\Program Files\Internet Explorer\IEXPLORE.EXE not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Startup CP.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{451ab14a-8771-11de-80d7-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{451ab14a-8771-11de-80d7-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{451ab14a-8771-11de-80d7-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{451ab14a-8771-11de-80d7-806d6172696f}\ not found.
C:\WINDOWS\system32\shell32.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98118b55-11b9-11df-b6bf-0001805e8b8e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98118b55-11b9-11df-b6bf-0001805e8b8e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98118b55-11b9-11df-b6bf-0001805e8b8e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98118b55-11b9-11df-b6bf-0001805e8b8e}\ not found.
File C:\WINDOWS\System32\shell32.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e16eec20-8b6e-11de-b551-0001805e8b8e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e16eec20-8b6e-11de-b551-0001805e8b8e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e16eec20-8b6e-11de-b551-0001805e8b8e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e16eec20-8b6e-11de-b551-0001805e8b8e}\ not found.
File C:\WINDOWS\System32\shell32.dll not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IMJPMIG8.1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PHIME2002A deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PHIME2002ASync deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusDisableNotify"|0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallDisableNotify |0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Paltalk Messenger\paltalk.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Plugin Manager\skypePM.exe deleted successfully.
========== FILES ==========
File move failed. C:\WINDOWS\System32\baseWINDOWS.db scheduled to be moved on reboot.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6606558 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Windows XP
->Temp folder emptied: 885977069 bytes
->Temporary Internet Files folder emptied: 10986861 bytes
->Java cache emptied: 39306142 bytes
->FireFox cache emptied: 60090023 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9765662 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 966,00 mb
OTL by OldTimer - Version 3.1.28.0 log created on 02062010_143725
Files\Folders moved on Reboot...
C:\WINDOWS\System32\baseWINDOWS.db moved successfully.
Registry entries deleted on Reboot...
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader 9.0 deleted successfully.
Item C:\WINDOWS\system32\wscript.exe is whitelisted and cannot be moved.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MsmqIntCert deleted successfully.
C:\WINDOWS\system32\mqrt.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1123561945-1482476501-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Run\\baseWINDOWS deleted successfully.
Item C:\WINDOWS\system32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutorunRemover.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Avira.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe\ deleted successfully.
C:\Program Files\Internet Explorer\iexplore.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnet3.exe\ deleted successfully.
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnet3[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnet3[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3_ia64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3_ia64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3_ia64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3_x64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3_x64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3_x64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx30SP1setup.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx30SP1setup[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx30SP1setup[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx35.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx35[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx35[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx35setup.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx35setup[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx35setup[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3setup.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3setup[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfx3setup[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwtsn32.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwwin.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\ deleted successfully.
File C:\Program Files\Internet Explorer\IEXPLORE.EXE not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LaunchU3.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSConfig.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mvyA.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP1_ia64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP1_ia64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP1_ia64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP1_x64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP1_x64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP1_x64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP1_x86.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP1_x86[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP1_x86[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP2_ia64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP2_ia64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP2_ia64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP2_x64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP2_x64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP2_x64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP2_x86.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP2_x86[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx20SP2_x86[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx30SP1_x64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx30SP1_x64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx30SP1_x64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx30SP1_x86.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx30SP1_x86[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx30SP1_x86[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx35_ia64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx35_ia64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx35_ia64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx35_x64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx35_x64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx35_x64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx35_x86.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx35_x86[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx35_x86[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx64.exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx64[1].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetFx64[2].exe\ deleted successfully.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Opera.exe\ deleted successfully.
File C:\Program Files\Internet Explorer\IEXPLORE.EXE not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rmvtrjan.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Safari.exe\ deleted successfully.
File C:\Program Files\Internet Explorer\IEXPLORE.EXE not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Startup CP.exe\ deleted successfully.
Item C:\WINDOWS\System32\wscript.exe is whitelisted and cannot be moved.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{451ab14a-8771-11de-80d7-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{451ab14a-8771-11de-80d7-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{451ab14a-8771-11de-80d7-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{451ab14a-8771-11de-80d7-806d6172696f}\ not found.
C:\WINDOWS\system32\shell32.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98118b55-11b9-11df-b6bf-0001805e8b8e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98118b55-11b9-11df-b6bf-0001805e8b8e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98118b55-11b9-11df-b6bf-0001805e8b8e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98118b55-11b9-11df-b6bf-0001805e8b8e}\ not found.
File C:\WINDOWS\System32\shell32.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e16eec20-8b6e-11de-b551-0001805e8b8e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e16eec20-8b6e-11de-b551-0001805e8b8e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e16eec20-8b6e-11de-b551-0001805e8b8e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e16eec20-8b6e-11de-b551-0001805e8b8e}\ not found.
File C:\WINDOWS\System32\shell32.dll not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IMJPMIG8.1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PHIME2002A deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PHIME2002ASync deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusDisableNotify"|0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallDisableNotify |0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Paltalk Messenger\paltalk.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Plugin Manager\skypePM.exe deleted successfully.
========== FILES ==========
File move failed. C:\WINDOWS\System32\baseWINDOWS.db scheduled to be moved on reboot.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6606558 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Windows XP
->Temp folder emptied: 885977069 bytes
->Temporary Internet Files folder emptied: 10986861 bytes
->Java cache emptied: 39306142 bytes
->FireFox cache emptied: 60090023 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9765662 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 966,00 mb
OTL by OldTimer - Version 3.1.28.0 log created on 02062010_143725
Files\Folders moved on Reboot...
C:\WINDOWS\System32\baseWINDOWS.db moved successfully.
Registry entries deleted on Reboot...
ok n'eteins pas ton ordi , des fichiers qui n'auraient pas du ont ete supprimés on va les remettre en place avant que tu aies des soucis
il me faut le rapport de ceci pour refaire le transfert
http://sd-1.archive-host.com/membres/up/829108531491024/folder.exe
il me faut le rapport de ceci pour refaire le transfert
http://sd-1.archive-host.com/membres/up/829108531491024/folder.exe
C:\_OTL\MovedFiles
C:\_OTL\MovedFiles\02062010_143725
C:\_OTL\MovedFiles\02062010_143725.log
C:\_OTL\MovedFiles\02062010_143725\C_Program Files
C:\_OTL\MovedFiles\02062010_143725\C_WINDOWS
C:\_OTL\MovedFiles\02062010_143725\C_Program Files\Internet Explorer
C:\_OTL\MovedFiles\02062010_143725\C_Program Files\Internet Explorer\iexplore.exe
C:\_OTL\MovedFiles\02062010_143725\C_WINDOWS\Microsoft.NET
C:\_OTL\MovedFiles\02062010_143725\C_WINDOWS\system32
C:\_OTL\MovedFiles\02062010_143725\C_WINDOWS\Microsoft.NET\Framework
C:\_OTL\MovedFiles\02062010_143725\C_WINDOWS\Microsoft.NET\Framework\v2.0.50727
C:\_OTL\MovedFiles\02062010_143725\C_WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
C:\_OTL\MovedFiles\02062010_143725\C_WINDOWS\system32\baseWINDOWS.db
C:\_OTL\MovedFiles\02062010_143725\C_WINDOWS\system32\mqrt.dll
C:\_OTL\MovedFiles\02062010_143725\C_WINDOWS\system32\shell32.dll
C:\_OTL\MovedFiles\02062010_143725
C:\_OTL\MovedFiles\02062010_143725.log
C:\_OTL\MovedFiles\02062010_143725\C_Program Files
C:\_OTL\MovedFiles\02062010_143725\C_WINDOWS
C:\_OTL\MovedFiles\02062010_143725\C_Program Files\Internet Explorer
C:\_OTL\MovedFiles\02062010_143725\C_Program Files\Internet Explorer\iexplore.exe
C:\_OTL\MovedFiles\02062010_143725\C_WINDOWS\Microsoft.NET
C:\_OTL\MovedFiles\02062010_143725\C_WINDOWS\system32
C:\_OTL\MovedFiles\02062010_143725\C_WINDOWS\Microsoft.NET\Framework
C:\_OTL\MovedFiles\02062010_143725\C_WINDOWS\Microsoft.NET\Framework\v2.0.50727
C:\_OTL\MovedFiles\02062010_143725\C_WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
C:\_OTL\MovedFiles\02062010_143725\C_WINDOWS\system32\baseWINDOWS.db
C:\_OTL\MovedFiles\02062010_143725\C_WINDOWS\system32\mqrt.dll
C:\_OTL\MovedFiles\02062010_143725\C_WINDOWS\system32\shell32.dll
ok rapport de ceci qui te remet les fichiers en place
http://www.cijoint.fr/cjlink.php?file=cj201002/cijE6GDfB1.zip
http://www.cijoint.fr/cjlink.php?file=cj201002/cijE6GDfB1.zip
c'est bon refais ceci stp
https://forums.commentcamarche.net/forum/affich-16458589-le-gestionnaire-des-taches-ne-s-execute-pas#9
https://forums.commentcamarche.net/forum/affich-16458589-le-gestionnaire-des-taches-ne-s-execute-pas#9
le gestionnaire des taches fonctionne-t-il ?
fais un scan avec antivir et poste le rapport
fais un scan avec antivir et poste le rapport
Avira AntiVir Personal
Date de création du fichier de rapport : samedi 6 février 2010 17:18
La recherche porte sur 1731055 souches de virus.
Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : WINDOWS-5F42FC9
Informations de version :
BUILD.DAT : 9.0.0.75 21698 Bytes 22/01/2010 23:14:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 20/11/2009 12:02:29
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 12:02:25
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 12:02:26
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 19:15:47
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 20:21:41
VBASE004.VDF : 7.10.3.76 2048 Bytes 26/01/2010 20:21:41
VBASE005.VDF : 7.10.3.77 2048 Bytes 26/01/2010 20:21:43
VBASE006.VDF : 7.10.3.78 2048 Bytes 26/01/2010 20:21:43
VBASE007.VDF : 7.10.3.79 2048 Bytes 26/01/2010 20:21:44
VBASE008.VDF : 7.10.3.80 2048 Bytes 26/01/2010 20:21:45
VBASE009.VDF : 7.10.3.81 2048 Bytes 26/01/2010 20:28:11
VBASE010.VDF : 7.10.3.82 2048 Bytes 26/01/2010 20:28:12
VBASE011.VDF : 7.10.3.83 2048 Bytes 26/01/2010 20:28:12
VBASE012.VDF : 7.10.3.84 2048 Bytes 26/01/2010 20:28:13
VBASE013.VDF : 7.10.3.85 2048 Bytes 26/01/2010 20:28:13
VBASE014.VDF : 7.10.3.122 172544 Bytes 29/01/2010 20:10:33
VBASE015.VDF : 7.10.3.149 79872 Bytes 01/02/2010 19:26:20
VBASE016.VDF : 7.10.3.174 68608 Bytes 03/02/2010 13:03:59
VBASE017.VDF : 7.10.3.199 76800 Bytes 04/02/2010 13:11:57
VBASE018.VDF : 7.10.3.200 2048 Bytes 04/02/2010 13:11:57
VBASE019.VDF : 7.10.3.201 2048 Bytes 04/02/2010 13:11:57
VBASE020.VDF : 7.10.3.202 2048 Bytes 04/02/2010 13:11:57
VBASE021.VDF : 7.10.3.203 2048 Bytes 04/02/2010 13:11:58
VBASE022.VDF : 7.10.3.204 2048 Bytes 04/02/2010 13:11:58
VBASE023.VDF : 7.10.3.205 2048 Bytes 04/02/2010 13:11:58
VBASE024.VDF : 7.10.3.206 2048 Bytes 04/02/2010 13:11:58
VBASE025.VDF : 7.10.3.207 2048 Bytes 04/02/2010 13:11:58
VBASE026.VDF : 7.10.3.208 2048 Bytes 04/02/2010 13:11:58
VBASE027.VDF : 7.10.3.209 2048 Bytes 04/02/2010 13:11:59
VBASE028.VDF : 7.10.3.210 2048 Bytes 04/02/2010 13:11:59
VBASE029.VDF : 7.10.3.211 2048 Bytes 04/02/2010 13:11:59
VBASE030.VDF : 7.10.3.212 2048 Bytes 04/02/2010 13:11:59
VBASE031.VDF : 7.10.3.219 64512 Bytes 05/02/2010 13:11:12
Version du moteur : 8.2.1.160
AEVDF.DLL : 8.1.1.3 106868 Bytes 26/01/2010 20:28:27
AESCRIPT.DLL : 8.1.3.13 823674 Bytes 01/02/2010 18:05:49
AESCN.DLL : 8.1.4.0 127348 Bytes 27/01/2010 20:28:40
AESBX.DLL : 8.1.1.1 246132 Bytes 20/11/2009 12:02:29
AERDL.DLL : 8.1.3.4 479605 Bytes 01/12/2009 18:19:49
AEPACK.DLL : 8.2.0.5 422262 Bytes 18/01/2010 13:10:02
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 12/08/2009 19:27:23
AEHEUR.DLL : 8.1.1.5 2326901 Bytes 06/02/2010 13:11:35
AEHELP.DLL : 8.1.10.0 237942 Bytes 18/01/2010 13:09:38
AEGEN.DLL : 8.1.1.86 369012 Bytes 01/02/2010 18:05:39
AEEMU.DLL : 8.1.1.0 393587 Bytes 07/10/2009 13:18:52
AECORE.DLL : 8.1.11.1 184694 Bytes 01/02/2010 18:05:34
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/09/2009 14:31:02
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 12:44:26
RCTEXT.DLL : 9.0.73.0 88321 Bytes 20/11/2009 12:02:15
Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:, D:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Début de la recherche : samedi 6 février 2010 17:18
La recherche d'objets cachés commence.
'28489' objets ont été contrôlés, '0' objets cachés ont été trouvés.
La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'OTL.exe' - '1' module(s) sont contrôlés
Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
Processus de recherche 'cidaemon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'cidaemon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'GoogleToolbarNotifier.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SearchProtection.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpztsb04.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mqtgsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mqsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'YahooAUService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'tlntsvr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'snmp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'inetinfo.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'cisvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msdtc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'39' processus ont été contrôlés avec '39' modules
La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !
La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'D:\'
[INFO] Aucun virus trouvé !
La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '52' fichiers).
La recherche sur les fichiers sélectionnés commence :
Recherche débutant dans 'C:\'
C:\hiberfil.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\Ad-Remover\1\List.dat
[RESULTAT] Contient le modèle de détection du virus de script HTML HTML/Malicious.ActiveX.Gen
Recherche débutant dans 'D:\'
Début de la désinfection :
C:\Ad-Remover\1\List.dat
[RESULTAT] Contient le modèle de détection du virus de script HTML HTML/Malicious.ActiveX.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4be0a311.qua' !
Fin de la recherche : samedi 6 février 2010 18:11
Temps nécessaire: 51:15 Minute(s)
La recherche a été effectuée intégralement
10367 Les répertoires ont été contrôlés
203618 Des fichiers ont été contrôlés
1 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
1 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
203615 Fichiers non infectés
3409 Les archives ont été contrôlées
2 Avertissements
3 Consignes
28489 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés
Date de création du fichier de rapport : samedi 6 février 2010 17:18
La recherche porte sur 1731055 souches de virus.
Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : WINDOWS-5F42FC9
Informations de version :
BUILD.DAT : 9.0.0.75 21698 Bytes 22/01/2010 23:14:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 20/11/2009 12:02:29
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 12:02:25
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 12:02:26
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 19:15:47
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 20:21:41
VBASE004.VDF : 7.10.3.76 2048 Bytes 26/01/2010 20:21:41
VBASE005.VDF : 7.10.3.77 2048 Bytes 26/01/2010 20:21:43
VBASE006.VDF : 7.10.3.78 2048 Bytes 26/01/2010 20:21:43
VBASE007.VDF : 7.10.3.79 2048 Bytes 26/01/2010 20:21:44
VBASE008.VDF : 7.10.3.80 2048 Bytes 26/01/2010 20:21:45
VBASE009.VDF : 7.10.3.81 2048 Bytes 26/01/2010 20:28:11
VBASE010.VDF : 7.10.3.82 2048 Bytes 26/01/2010 20:28:12
VBASE011.VDF : 7.10.3.83 2048 Bytes 26/01/2010 20:28:12
VBASE012.VDF : 7.10.3.84 2048 Bytes 26/01/2010 20:28:13
VBASE013.VDF : 7.10.3.85 2048 Bytes 26/01/2010 20:28:13
VBASE014.VDF : 7.10.3.122 172544 Bytes 29/01/2010 20:10:33
VBASE015.VDF : 7.10.3.149 79872 Bytes 01/02/2010 19:26:20
VBASE016.VDF : 7.10.3.174 68608 Bytes 03/02/2010 13:03:59
VBASE017.VDF : 7.10.3.199 76800 Bytes 04/02/2010 13:11:57
VBASE018.VDF : 7.10.3.200 2048 Bytes 04/02/2010 13:11:57
VBASE019.VDF : 7.10.3.201 2048 Bytes 04/02/2010 13:11:57
VBASE020.VDF : 7.10.3.202 2048 Bytes 04/02/2010 13:11:57
VBASE021.VDF : 7.10.3.203 2048 Bytes 04/02/2010 13:11:58
VBASE022.VDF : 7.10.3.204 2048 Bytes 04/02/2010 13:11:58
VBASE023.VDF : 7.10.3.205 2048 Bytes 04/02/2010 13:11:58
VBASE024.VDF : 7.10.3.206 2048 Bytes 04/02/2010 13:11:58
VBASE025.VDF : 7.10.3.207 2048 Bytes 04/02/2010 13:11:58
VBASE026.VDF : 7.10.3.208 2048 Bytes 04/02/2010 13:11:58
VBASE027.VDF : 7.10.3.209 2048 Bytes 04/02/2010 13:11:59
VBASE028.VDF : 7.10.3.210 2048 Bytes 04/02/2010 13:11:59
VBASE029.VDF : 7.10.3.211 2048 Bytes 04/02/2010 13:11:59
VBASE030.VDF : 7.10.3.212 2048 Bytes 04/02/2010 13:11:59
VBASE031.VDF : 7.10.3.219 64512 Bytes 05/02/2010 13:11:12
Version du moteur : 8.2.1.160
AEVDF.DLL : 8.1.1.3 106868 Bytes 26/01/2010 20:28:27
AESCRIPT.DLL : 8.1.3.13 823674 Bytes 01/02/2010 18:05:49
AESCN.DLL : 8.1.4.0 127348 Bytes 27/01/2010 20:28:40
AESBX.DLL : 8.1.1.1 246132 Bytes 20/11/2009 12:02:29
AERDL.DLL : 8.1.3.4 479605 Bytes 01/12/2009 18:19:49
AEPACK.DLL : 8.2.0.5 422262 Bytes 18/01/2010 13:10:02
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 12/08/2009 19:27:23
AEHEUR.DLL : 8.1.1.5 2326901 Bytes 06/02/2010 13:11:35
AEHELP.DLL : 8.1.10.0 237942 Bytes 18/01/2010 13:09:38
AEGEN.DLL : 8.1.1.86 369012 Bytes 01/02/2010 18:05:39
AEEMU.DLL : 8.1.1.0 393587 Bytes 07/10/2009 13:18:52
AECORE.DLL : 8.1.11.1 184694 Bytes 01/02/2010 18:05:34
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/09/2009 14:31:02
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 12:44:26
RCTEXT.DLL : 9.0.73.0 88321 Bytes 20/11/2009 12:02:15
Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:, D:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Début de la recherche : samedi 6 février 2010 17:18
La recherche d'objets cachés commence.
'28489' objets ont été contrôlés, '0' objets cachés ont été trouvés.
La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'OTL.exe' - '1' module(s) sont contrôlés
Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
Processus de recherche 'cidaemon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'cidaemon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'GoogleToolbarNotifier.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SearchProtection.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpztsb04.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mqtgsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mqsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'YahooAUService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'tlntsvr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'snmp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'inetinfo.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'cisvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msdtc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'39' processus ont été contrôlés avec '39' modules
La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !
La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'D:\'
[INFO] Aucun virus trouvé !
La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '52' fichiers).
La recherche sur les fichiers sélectionnés commence :
Recherche débutant dans 'C:\'
C:\hiberfil.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\Ad-Remover\1\List.dat
[RESULTAT] Contient le modèle de détection du virus de script HTML HTML/Malicious.ActiveX.Gen
Recherche débutant dans 'D:\'
Début de la désinfection :
C:\Ad-Remover\1\List.dat
[RESULTAT] Contient le modèle de détection du virus de script HTML HTML/Malicious.ActiveX.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4be0a311.qua' !
Fin de la recherche : samedi 6 février 2010 18:11
Temps nécessaire: 51:15 Minute(s)
La recherche a été effectuée intégralement
10367 Les répertoires ont été contrôlés
203618 Des fichiers ont été contrôlés
1 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
1 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
203615 Fichiers non infectés
3409 Les archives ont été contrôlées
2 Avertissements
3 Consignes
28489 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés
Ah si le gestionnaire des tâches marche très bien ainsi que Firefox et Explorer.
Un seul souci qui me dérange pour le moment c'est que dans la fenêtre d'Explorer et plus précisément dans la bar bleu toute en haut celle qui contient les réduire, agrandir et fermer au lieu d'avoir écrire "Internet Explorer" j'ai plutôt "(-[MyLoveFaceBook.LiuYiFei@Hotmail.CoM]-)".
Un seul souci qui me dérange pour le moment c'est que dans la fenêtre d'Explorer et plus précisément dans la bar bleu toute en haut celle qui contient les réduire, agrandir et fermer au lieu d'avoir écrire "Internet Explorer" j'ai plutôt "(-[MyLoveFaceBook.LiuYiFei@Hotmail.CoM]-)".
