> Tous les forums > Forum Les mains dans le cambouis
 Problème disque dur Toshiba MK4026GAXSujet résolu
Ajouter un message à la discussion
Pages : [1] 2 ... Fin
Page 1 sur 2 [Fin]
myléne30
  Posté le 12/02/2011 @ 18:50 
Aller en bas de la page 
Petite astucienne

bonjour,

depuis plusieurs heures j'essaye d'eliminer antimalware doctor en vain, j'ai rechercher sur des forums comment faire. Et c'est la galere lol.

j'ai telecharger malwarebytes, fait une analyse la voici.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5748

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/02/2011 18:38:28
mbam-log-2011-02-12 (18-37-53).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 217667
Temps écoulé: 1 heure(s), 0 minute(s), 28 seconde(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
c:\documents and settings\Mélannie\application data\6c3b6d55d4152ba0abd609b053335ed8\cafbine70mps.exe (Trojan.FakeAlert) -> 2156 -> No action taken.

Module(s) mémoire infecté(s):
c:\WINDOWS\win320.dll (Trojan.Hiloti.Gen) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vsuyipidurayapev (Trojan.Hiloti.Gen) -> Value: Vsuyipidurayapev -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cafbine70mps.exe (Trojan.FakeAlert) -> Value: cafbine70mps.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Value: cdoosoft -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dso32 (Spyware.OnlineGames) -> Value: dso32 -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\api32 (Spyware.OnlineGames) -> Value: api32 -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\win320.dll (Trojan.Hiloti.Gen) -> No action taken.
c:\documents and settings\Mélannie\application data\6c3b6d55d4152ba0abd609b053335ed8\cafbine70mps.exe (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\Mélannie\local settings\Temp\rxscwaemno.tmp (Trojan.Hiloti.Gen) -> No action taken.
c:\documents and settings\Mélannie\local settings\temporary internet files\Content.IE5\O1234567\typeuu700acc[2].exe (Trojan.FakeAlert) -> No action taken.

Que doit-je faire maintenant svp. je suis pas tres doué dans ce genre de chose

merci par avance
Publicité
Fill
 Posté le 12/02/2011 à 18:52 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Bonjour, et bienvenue sur pca !

  • Télécharge OTL (de Old_Timer) sur ton bureau,
  • Double-clique sur son icône pour le démarrer. Si tu es sous Vista ou 7, démarre par clic droit, exécuter en tant qu'administrateur. Assure toi d'avoir fermé le maximum de fenêtres ouvertes, avant ce qui suit.
  • Coche la case "Tous les utilisateurs",
  • Sous l'emplacement "Personnalisation", copie colle le contenu ce qui suit :

netsvcs
drivers32
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
wininit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

  • Clique ensuite sur le bouton "Analyse" puis patiente pour que l'outil analyse le pc. Cela peut durer quelques minutes, selon l'état du système.
  • A la fin de l'analyse, la fenêtre du bloc-note s'ouvre. Elle s'appelle OTL.txt
  • Copie-colle ce texte dans ta prochaine réponse. Si un message d'erreur apparait, c'est parce que le rapport est trop long. Il faut alors l'éditer en plusieurs messages sans rien oublier.
  • Pour sélectionner le texte : CTRL+A
  • Pour copier le texte sélectionné : CTRL+C,
  • Pour coller le texte dans ta prochaine réponse : CRTL+V

Fill

myléne30
 Posté le 12/02/2011 à 18:56 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

merci

je vais faire ca et je revient

myléne30
 Posté le 12/02/2011 à 19:15 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

OTL logfile created on: 12/02/2011 19:03:36 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Mélannie\My Documents\Téléchargements
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 560,00 Mb Available Physical Memory | 55,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,25 Gb Total Space | 11,86 Gb Free Space | 31,84% Space Free | Partition Type: NTFS

Computer Name: MYLÉNE | User Name: Mélannie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - File not found --
PRC - [2011/02/12 18:53:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mélannie\My Documents\Téléchargements\OTL.exe
PRC - [2011/02/12 15:42:44 | 000,172,956 | ---- | M] () -- C:\WINDOWS\mc76487.exe
PRC - [2011/02/05 17:21:06 | 000,745,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2011/01/30 16:31:18 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2011/01/30 16:31:17 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/10/29 13:55:50 | 000,983,552 | ---- | M] (Badoo) -- C:\Documents and Settings\All Users\Application Data\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe
PRC - [2010/10/25 10:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\system32\dgdersvc.exe
PRC - [2010/10/25 10:03:52 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009/08/29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\Mélannie\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/04/16 08:41:18 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2008/08/06 20:44:26 | 000,103,936 | ---- | M] (TechCity Solutions France) -- C:\Program Files\BboxUpdate\BTLiveUpdate.exe
PRC - [2002/12/31 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011/02/12 18:53:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mélannie\My Documents\Téléchargements\OTL.exe
MOD - [2011/01/13 09:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2006/08/25 16:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (SBoxDiskSrv)
SRV - [2011/02/12 15:42:44 | 000,172,956 | ---- | M] () [Auto | Running] -- C:\WINDOWS\mc76487.exe -- (MemChecker)
SRV - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/10/25 10:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\dgdersvc.exe -- (dgdersvc)
SRV - [2010/10/25 10:03:52 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/06/03 10:09:51 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/04/07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/01/13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 09:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 09:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/10/25 10:03:52 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/05/25 07:44:30 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2008/06/13 07:50:26 | 000,386,784 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2007/12/06 14:01:16 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/12/06 14:00:54 | 000,036,096 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2007/12/06 14:00:46 | 001,170,464 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/12/06 14:00:24 | 000,182,101 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2007/12/06 14:00:24 | 000,005,689 | ---- | M] (O2 Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)
DRV - [2007/12/06 14:00:06 | 000,049,407 | ---- | M] (OMNIKEY AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cxbp0wdm.sys -- (cxbp0wdm)
DRV - [2007/12/06 13:59:28 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/12/06 13:58:54 | 000,587,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/09/17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 22:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 22:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tinit.org/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.bouyguestelecom.fr
IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT2849852
IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\..\URLSearchHook: {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_FR Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/firefox"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}:5.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ef79f67a-6ad7-4715-a0f8-932fca442023}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/12 19:16:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/01/22 11:58:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/10 22:24:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/30 16:31:25 | 000,000,000 | ---D | M]

[2009/06/17 13:57:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mélannie\Application Data\Mozilla\Extensions
[2009/06/17 13:57:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mélannie\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/02/11 23:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions
[2011/02/05 17:21:15 | 000,000,000 | ---D | M] (BittorrentBar_FR Community Toolbar) -- C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}
[2011/02/05 17:21:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com
[2011/02/05 17:21:15 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\searchplugins\conduit.xml
[2011/02/11 23:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/30 16:31:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/03 09:54:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
[2010/04/12 19:17:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MéLANNIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LHJ2IDNS.DEFAULT\EXTENSIONS\{EF79F67A-6AD7-4715-A0F8-932FCA442023}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MéLANNIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LHJ2IDNS.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2010/04/12 19:16:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/30 16:31:14 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011/01/30 16:31:14 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2006/09/03 21:12:48 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2010/04/12 19:16:33 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2011/01/30 16:31:18 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 18:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2010/05/13 22:45:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/05/13 22:45:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/05/13 22:45:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/05/13 22:45:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/05/13 22:45:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/05/13 22:45:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/05/13 22:45:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2006/09/26 10:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010/09/29 12:18:29 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/09/29 12:18:29 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/09/29 12:18:29 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/09/29 12:18:29 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/27 07:50:12 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/09/29 12:18:29 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/09/29 12:18:29 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\search

myléne30
 Posté le 12/02/2011 à 19:18 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne


O1 HOSTS File: ([2002/12/31 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (BittorrentBar_FR Toolbar) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BittorrentBar_FR Toolbar) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BboxUpdate] C:\Program Files\BboxUpdate\BTLiveUpdate.exe (TechCity Solutions France)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [api32] File not found
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [Badoo Desktop] C:\Documents and Settings\All Users\Application Data\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe (Badoo)
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [cafbine70mps.exe] File not found
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [cdoosoft] File not found
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [dso32] File not found
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [EA Core] File not found
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [F.lux] C:\Documents and Settings\Mélannie\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [KiesTrayAgent] File not found
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [Vsuyipidurayapev] C:\WINDOWS\win320.dll (Greatis Software)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab (Java Plug-in 1.5.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Mélannie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mélannie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/03 09:12:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0b747c00-857d-11de-8783-001279583fd2}\Shell\AutoRun\command - "" = E:\EmDesk.exe
O33 - MountPoints2\{0b747c00-857d-11de-8783-001279583fd2}\Shell\EmDesk\command - "" = E:\EmDesk.exe
O33 - MountPoints2\{522d1793-08c0-11de-8749-001279583fd2}\Shell\AutoRun\command - "" = E:\gi2ky.exe
O33 - MountPoints2\{522d1793-08c0-11de-8749-001279583fd2}\Shell\open\Command - "" = E:\gi2ky.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

myléne30
 Posté le 12/02/2011 à 19:19 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/02/12 17:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Application Data\Malwarebytes
[2011/02/12 17:28:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/12 17:28:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/12 17:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/12 17:28:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/12 17:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/12 15:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Application Data\6C3B6D55D4152BA0ABD609B053335ED8
[2011/02/05 23:18:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Application Data\Artifex Mundi
[2011/02/05 19:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Green Moon
[2011/02/05 19:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Green Moon
[2011/02/05 18:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\Astar Games
[2011/02/05 17:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Application Data\Absolutist
[2011/02/05 17:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Absolutist
[2011/02/05 17:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\My Documents\Downloads
[2011/02/05 17:26:34 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2011/02/05 17:26:34 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Encore plus de jeux.lnk
[2011/02/05 17:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2011/02/05 17:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2011/02/05 17:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/02/05 17:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\Conduit
[2011/02/05 17:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\BittorrentBar_FR
[2011/02/05 17:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\ConduitEngine
[2011/02/05 17:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/02/05 17:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\BittorrentBar_FR
[2011/02/05 17:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2011/02/05 17:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Application Data\BitTorrent
[2011/02/03 00:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Badoo
[2011/01/31 22:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Pixie
[2011/01/31 22:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Pixie
[2011/01/29 16:17:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/01/29 16:16:02 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/29 16:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/01/29 16:16:01 | 000,294,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/29 16:15:58 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/29 16:15:54 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/29 16:15:51 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/29 16:15:51 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/29 16:15:50 | 000,029,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/29 16:15:22 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/29 16:15:22 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/29 14:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Start Menu\Programs\Bbox - Bouygues Telecom
[2011/01/29 14:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\BboxUpdate
[2011/01/29 14:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bbox
[2011/01/29 14:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Techcity
[2011/01/22 14:02:38 | 000,926,240 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/22 12:32:45 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2011/01/22 12:32:44 | 000,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2011/01/22 12:32:44 | 000,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rndismpx.sys
[2011/01/22 12:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\My Documents\Samsung
[2011/01/22 12:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Samsung
[2011/01/22 12:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\NOBRAND
[2011/01/22 12:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/01/18 23:10:38 | 000,000,000 | ---D | C] -- C:\814ea64b52a9771d0513
[2011/01/18 23:06:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/01/18 23:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Samsung
[2011/01/10 14:43:50 | 241,942,355 | ---- | C] (Just For Fun Games ) -- C:\Documents and Settings\Mélannie\Application Data\Phantasmat_Collector_s_Edition.exe
[2010/09/15 16:46:49 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Mélannie\Application Data\$_hpcst$.hpc
[2009/07/30 07:57:36 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\keyfile3.drm
[2009/02/24 16:51:34 | 000,083,392 | ---- | C] () -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/02/17 20:22:44 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/13 07:46:47 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Mélannie\Application Data\desktop.ini
[2009/02/13 07:46:46 | 006,912,554 | -H-- | C] () -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\IconCache.db
[2008/06/03 02:07:07 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Mélannie\My Documents\*.tmp files -> C:\Documents and Settings\Mélannie\My Documents\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/02/12 18:21:04 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/12 17:28:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/12 17:19:42 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/12 17:19:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/12 15:42:44 | 000,172,956 | ---- | M] () -- C:\WINDOWS\mc76487.exe
[2011/02/12 12:24:30 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/02/06 23:16:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/05 17:37:12 | 000,001,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Encore plus de jeux.lnk
[2011/02/05 17:26:34 | 000,001,596 | ---- | M] () -- C:\Documents and Settings\Mélannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2011/02/05 17:26:33 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2011/02/05 17:21:06 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Mélannie\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/02/05 17:21:06 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2011/02/04 19:11:37 | 000,010,187 | ---- | M] () -- C:\Documents and Settings\Mélannie\My Documents\achat voiture.docx
[2011/02/04 12:21:31 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/04 12:21:31 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/29 18:25:28 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/29 18:15:11 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/29 16:17:14 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Mélannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/29 16:16:02 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/01/29 14:55:26 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\Mélannie\Desktop\Bouygues Telecom - Mes services en un clic.url
[2011/01/22 12:43:01 | 007,896,064 | ---- | M] () -- C:\Documents and Settings\Mélannie\My Documents\setup.msi
[2011/01/22 12:08:03 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
[2011/01/22 11:52:43 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2011/01/22 11:48:47 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2011/01/22 11:47:49 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Mélannie\My Documents\*.tmp files -> C:\Documents and Settings\Mélannie\My Documents\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/02/12 17:28:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/12 15:42:54 | 000,172,956 | ---- | C] () -- C:\WINDOWS\mc76487.exe
[2011/02/07 23:21:58 | 000,010,187 | ---- | C] () -- C:\Documents and Settings\Mélannie\My Documents\achat voiture.docx
[2011/02/05 17:37:12 | 000,001,194 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Encore plus de jeux.lnk
[2011/02/05 17:26:34 | 000,001,596 | ---- | C] () -- C:\Documents and Settings\Mélannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2011/02/05 17:26:33 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2011/02/05 17:21:06 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Mélannie\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/02/05 17:21:06 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2011/01/29 18:20:24 | 005,485,104 | ---- | C] () -- C:\Documents and Settings\Mélannie\Desktop\DSC02533.JPG
[2011/01/29 18:18:51 | 005,211,263 | ---- | C] () -- C:\Documents and Settings\Mélannie\Desktop\DSC02523.JPG
[2011/01/29 18:17:57 | 003,768,044 | ---- | C] () -- C:\Documents and Settings\Mélannie\Desktop\DSC02480.JPG
[2011/01/29 16:17:14 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/01/29 16:17:14 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Mélannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/29 16:16:10 | 000,001,058 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/29 16:16:09 | 000,001,054 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/29 16:16:02 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/01/29 14:55:26 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\Mélannie\Desktop\Bouygues Telecom - Mes services en un clic.url
[2011/01/22 12:43:01 | 007,896,064 | ---- | C] () -- C:\Documents and Settings\Mélannie\My Documents\setup.msi
[2011/01/22 12:08:03 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
[2011/01/18 23:02:40 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp
[2010/09/15 16:47:04 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/09/15 16:47:04 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/05/25 07:45:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2010/05/25 07:45:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2010/05/25 07:45:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2010/05/25 07:45:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2008/10/27 13:55:16 | 000,008,621 | ---- | C] () -- C:\WINDOWS\System32\cmdiag.ini
[2008/10/27 13:55:16 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\cmabout.ini
[2008/10/27 13:55:15 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\cmabout.dll
[2008/10/27 13:55:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\chksvrn.dll
[2008/06/03 11:56:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/03 11:26:50 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2008/06/03 10:27:29 | 000,000,155 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/06/03 10:21:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/03 10:09:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/06/03 10:03:37 | 002,115,816 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/06/03 02:07:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2002/12/31 13:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2001/10/29 01:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[1997/06/25 23:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll

myléne30
 Posté le 12/02/2011 à 19:20 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2002/12/31 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2002/12/31 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2002/12/31 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2002/12/31 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2002/12/31 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2002/12/31 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe

[color=#A23BEC]< MD5 for: IASTOR.SYS >[/color]
[2007/12/06 14:01:16 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2002/12/31 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2002/12/31 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2002/12/31 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2002/12/31 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2002/12/31 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2002/12/31 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A2E219
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99C301D0
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6425A235
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC8E37E0
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55C54F7C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3942462
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D186293
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2907225
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57176330
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECEF728
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17D88661
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:101708D3
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD2BFC89
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FFC2819
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F986CC21
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7920E530
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66AA0486
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55818279
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DB67071
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6444B424
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BF63E4A
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12EA4DC9
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0AB86C0
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95775248
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57CC1FDC
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29C87AB9
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46700142
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2C57161
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9026FFAC
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA99C0C
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A437AC3

< End of report >

[color=#A23BEC]< MD5 for: [2002/12/31 13:00:00 | 000,055,808 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2002/12/31 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2002/12/31 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: [2002/12/31 13:00:00 | 000,180,224 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2002/12/31 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\scecli.dll
[2002/12/31 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

[color=#A23BEC]< MD5 for: [2002/12/31 13:00:00 | 000,407,040 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2002/12/31 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2002/12/31 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netlogon.dll

[color=#A23BEC]< MD5 for: [2002/12/31 13:00:00 | 000,502,272 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2002/12/31 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2002/12/31 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< MD5 for: [2002/12/31 13:00:00 | 001,032,192 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2002/12/31 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2002/12/31 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\explorer.exe

[color=#A23BEC]< MD5 for: [2004/08/03 21:59:44 | 000,095,360 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: [2004/08/03 22:07:42 | 000,042,368 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AGP440.SYS

[color=#A23BEC]< MD5 for: [2007/12/06 14:01:16 | 000,277,784 | ---- | M] (INTEL CORPORATION) >[/color]
[2007/12/06 14:01:16 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2002/12/31 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2002/12/31 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

< End of report >

myléne30
 Posté le 12/02/2011 à 19:21 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

voici mon rapport j'ai aussi une fenetre extra.txt qui s'est ouverte

Fill
 Posté le 12/02/2011 à 19:48 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re,

Je veux bien t'aider si tu fermes le processus bittorrent

Je veux bien le rapport Extra.

Je regarde tout ça d'ici 1 h environ.

Fill

Publicité
myléne30
 Posté le 12/02/2011 à 19:53 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

bittorent supprimer ok

OTL Extras logfile created on: 12/02/2011 19:03:36 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Mélannie\My Documents\Téléchargements
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 560,00 Mb Available Physical Memory | 55,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,25 Gb Total Space | 11,86 Gb Free Space | 31,84% Space Free | Partition Type: NTFS

Computer Name: MYLÉNE | User Name: Mélannie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\BboxUpdate\BTLiveUpdate.exe" = C:\Program Files\BboxUpdate\BTLiveUpdate.exe:*:Disabled:Bbox - Bouygues Telecom - Utilitaire de mise à jour -- (TechCity Solutions France)
"D:\data\eSKernel.exe" = D:\data\eSKernel.exe:*:Disabled:Bbox assistant d'installation
"C:\Program Files\Bbox\eSKernel.exe" = C:\Program Files\Bbox\eSKernel.exe:*:Disabled:Bbox assistant d'installation -- (Teleperformance France)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Disabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Disabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2}" = Client Windows Rights Management avec Service Pack 2
"{1E809775-B933-42E7-9E57-7C7305145C39}" = EPRGlossary-Stub-FRA
"{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150130}" = J2SE Runtime Environment 5.0 Update 13
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
"{408619AB-AF65-49A5-8F5E-8FEE9EE22884}_is1" = Green Moon
"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
"{46C55F83-0760-4728-9731-FE36281F1178}" = Iexplore6-Stub-ALL
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}" = Microsoft .NET Framework 3.5 Language Pack - fra
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
"{7C869BA1-A1E2-4818-8B12-F22A96DC7EAA}" = Windows Media Player 10 Settings
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{901E0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 German User Interface Pack
"{901E040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 French User Interface Pack
"{9052040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (Français)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9ECDF55-332A-4380-9EC0-73140E60A29A}" = Badoo Desktop
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1036-7B44-A81000000003}" = Adobe Reader 8.1.1 - Français
"{AEE5C68B-F6EB-4528-A39E-8F659B96B142}" = IZArc-Stub-FRA
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2CDE75C-CA51-4335-9C13-84C00E6093A5}" = Windows Media Player Enterprise Deployment
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E1BFEFFA-D382-4FAA-BA3A-3859B4DB28A8}" = Anti-Virus Client Security
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"BboxUpdate" =
"BFGC" = Big Fish Games: Game Manager
"BitTorrent" = BitTorrent
"BittorrentBar_FR Toolbar" = BittorrentBar_FR Toolbar
"Bouygues Telecom - désinstallation Bbox" =
"conduitEngine" = Conduit Engine
"Euro Truck Simulator" = Euro Truck Simulator 1.3
"Google Chrome" = Google Chrome
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - fra" = Module linguistique Microsoft .NET Framework 3.5 - fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PhotoFiltre" = PhotoFiltre
"Picasa 3" = Picasa 3
"Pixie_is1" = Pixie 1.4.1
"PROPLUS" = Microsoft Office Professional Plus 2007
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"VLC media player" = VLC media player 1.0.2
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antimalware Doctor" = Antimalware Doctor
"Facebook Plug-In" = Facebook Plug-In
"Flux" = F.lux

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 12/02/2011 09:53:29 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/02/2011 09:53:29 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2303

Error - 12/02/2011 09:53:29 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2303

Error - 12/02/2011 09:53:46 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/02/2011 09:53:46 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18887

Error - 12/02/2011 09:53:46 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18887

Error - 12/02/2011 11:15:23 | Computer Name = MYLÉNE | Source = Application Hang | ID = 1002
Description = Application bloquée BitTorrent.exe, version 7.1.0.22968, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 12/02/2011 11:15:26 | Computer Name = MYLÉNE | Source = Application Hang | ID = 1002
Description = Application bloquée BitTorrent.exe, version 7.1.0.22968, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 12/02/2011 11:15:31 | Computer Name = MYLÉNE | Source = Application Hang | ID = 1002
Description = Application bloquée BitTorrent.exe, version 7.1.0.22968, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 12/02/2011 12:56:34 | Computer Name = MYLÉNE | Source = Application Hang | ID = 1002
Description = Application bloquée cafbine70mps.exe, version 2.4.5600.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ OSession Events ]
Error - 21/07/2009 09:36:36 | Computer Name = MÉLANNIE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 4143
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 01/09/2009 11:27:28 | Computer Name = MÉLANNIE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session
lasted 12089 seconds with 1680 seconds of active time. This session ended with
a crash.

[ System Events ]
Error - 12/02/2011 12:03:08 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 12/02/2011 12:03:17 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 12/02/2011 12:03:24 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 12/02/2011 12:03:31 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 12/02/2011 12:03:37 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 12/02/2011 12:03:45 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 12/02/2011 12:03:51 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 12/02/2011 12:03:58 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 12/02/2011 12:04:05 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 12/02/2011 13:20:47 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.


< End of report >

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BboxUpdate\BTLiveUpdate.exe" = C:\Program Files\BboxUpdate\BTLiveUpdate.exe:*:Disabled:Bbox - Bouygues Telecom - Utilitaire de mise à jour -- (TechCity Solutions France)
"D:\data\eSKernel.exe" = D:\data\eSKernel.exe:*:Disabled:Bbox assistant d'installation
"C:\Program Files\Bbox\eSKernel.exe" = C:\Program Files\Bbox\eSKernel.exe:*:Disabled:Bbox assistant d'installation -- (Teleperformance France)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Disabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Disabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2}" = Client Windows Rights Management avec Service Pack 2
"{1E809775-B933-42E7-9E57-7C7305145C39}" = EPRGlossary-Stub-FRA
"{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150130}" = J2SE Runtime Environment 5.0 Update 13
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
"{408619AB-AF65-49A5-8F5E-8FEE9EE22884}_is1" = Green Moon
"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
"{46C55F83-0760-4728-9731-FE36281F1178}" = Iexplore6-Stub-ALL
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}" = Microsoft .NET Framework 3.5 Language Pack - fra
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
"{7C869BA1-A1E2-4818-8B12-F22A96DC7EAA}" = Windows Media Player 10 Settings
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{901E0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 German User Interface Pack
"{901E040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 French User Interface Pack
"{9052040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (Français)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9ECDF55-332A-4380-9EC0-73140E60A29A}" = Badoo Desktop
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1036-7B44-A81000000003}" = Adobe Reader 8.1.1 - Français
"{AEE5C68B-F6EB-4528-A39E-8F659B96B142}" = IZArc-Stub-FRA
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2CDE75C-CA51-4335-9C13-84C00E6093A5}" = Windows Media Player Enterprise Deployment
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E1BFEFFA-D382-4FAA-BA3A-3859B4DB28A8}" = Anti-Virus Client Security
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"BboxUpdate" =
"BFGC" = Big Fish Games: Game Manager
"BitTorrent" = BitTorrent
"BittorrentBar_FR Toolbar" = BittorrentBar_FR Toolbar
"Bouygues Telecom - désinstallation Bbox" =
"conduitEngine" = Conduit Engine
"Euro Truck Simulator" = Euro Truck Simulator 1.3
"Google Chrome" = Google Chrome
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - fra" = Module linguistique Microsoft .NET Framework 3.5 - fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PhotoFiltre" = PhotoFiltre
"Picasa 3" = Picasa 3
"Pixie_is1" = Pixie 1.4.1
"PROPLUS" = Microsoft Office Professional Plus 2007
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"VLC media player" = VLC media player 1.0.2
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antimalware Doctor" = Antimalware Doctor
"Facebook Plug-In" = Facebook Plug-In
"Flux" = F.lux

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 12/02/2011 09:53:29 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/02/2011 09:53:29 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2303

Error - 12/02/2011 09:53:29 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2303

Error - 12/02/2011 09:53:46 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/02/2011 09:53:46 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18887

Error - 12/02/2011 09:53:46 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18887

Error - 12/02/2011 11:15:23 | Computer Name = MYLÉNE | Source = Application Hang | ID = 1002
Description = Application bloquée BitTorrent.exe, version 7.1.0.22968, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 12/02/2011 11:15:26 | Computer Name = MYLÉNE | Source = Application Hang | ID = 1002
Description = Application bloquée BitTorrent.exe, version 7.1.0.22968, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 12/02/2011 11:15:31 | Computer Name = MYLÉNE | Source = Application Hang | ID = 1002
Description = Application bloquée BitTorrent.exe, version 7.1.0.22968, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 12/02/2011 12:56:34 | Computer Name = MYLÉNE | Source = Application Hang | ID = 1002
Description = Application bloquée cafbine70mps.exe, version 2.4.5600.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ OSession Events ]
Error - 21/07/2009 09:36:36 | Computer Name = MÉLANNIE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 4143
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 01/09/2009 11:27:28 | Computer Name = MÉLANNIE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session
lasted 12089 seconds with 1680 seconds of active time. This session ended with
a crash.

[ System Events ]
Error - 12/02/2011 12:03:08 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 12/02/2011 12:03:17 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 12/02/2011 12:03:24 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 12/02/2011 12:03:31 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 12/02/2011 12:03:37 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 12/02/2011 12:03:45 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 12/02/2011 12:03:51 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 12/02/2011 12:03:58 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 12/02/2011 12:04:05 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 12/02/2011 13:20:47 | Computer Name = MYLÉNE | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.


< End of report >

myléne30
 Posté le 12/02/2011 à 19:55 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

merci Fill

Fill
 Posté le 12/02/2011 à 21:11 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re,

1/ Crée une sauvegarde du registre comme indiqué ici.

2/

  • Relance OTL
  • Copie-colle ceci dans la fenêtre personnalisation :

Instructions :
:OTL
PRC - [2011/02/12 15:42:44 | 000,172,956 | ---- | M] () -- C:\WINDOWS\mc76487.exe
SRV - File not found [Auto | Stopped] -- -- (SBoxDiskSrv)
SRV - [2011/02/12 15:42:44 | 000,172,956 | ---- | M] () [Auto | Running] -- C:\WINDOWS\mc76487.exe -- (MemChecker)
IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\..\URLSearchHook: {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
[2011/02/05 17:21:15 | 000,000,000 | ---D | M] (BittorrentBar_FR Community Toolbar) -- C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}
[2011/02/05 17:21:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com
[2011/02/05 17:21:15 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\searchplugins\conduit.xml
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MéLANNIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LHJ2IDNS.DEFAULT\EXTENSIONS\{EF79F67A-6AD7-4715-A0F8-932FCA442023}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MéLANNIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LHJ2IDNS.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BittorrentBar_FR Toolbar) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BittorrentBar_FR Toolbar) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [api32] File not found
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [cafbine70mps.exe] File not found
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [cdoosoft] File not found
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [dso32] File not found
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [EA Core] File not found
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [KiesTrayAgent] File not found
O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [Vsuyipidurayapev] C:\WINDOWS\win320.dll (Greatis Software)
O33 - MountPoints2\{522d1793-08c0-11de-8749-001279583fd2}\Shell\AutoRun\command - "" = E:\gi2ky.exe
O33 - MountPoints2\{522d1793-08c0-11de-8749-001279583fd2}\Shell\open\Command - "" = E:\gi2ky.exe
[2011/02/12 15:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Application Data\6C3B6D55D4152BA0ABD609B053335ED8
[2011/02/05 17:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/02/05 17:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\Conduit
[2011/02/05 17:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\BittorrentBar_FR
[2011/02/05 17:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\ConduitEngine
[2011/02/05 17:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/02/05 17:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\BittorrentBar_FR
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A2E219
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99C301D0
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6425A235
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC8E37E0
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55C54F7C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3942462
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D186293
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2907225
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57176330
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECEF728
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17D88661
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:101708D3
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD2BFC89
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FFC2819
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F986CC21
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7920E530
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66AA0486
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55818279
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DB67071
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6444B424
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BF63E4A
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12EA4DC9
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0AB86C0
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95775248
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57CC1FDC
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29C87AB9
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46700142
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2C57161
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9026FFAC
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA99C0C
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A437AC3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{E1BFEFFA-D382-4FAA-BA3A-3859B4DB28A8}"=-

:reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

:commands

[EmptyTemp]
[EmptyFlash]

  • Clique ensuite sur Correction et laisse l'outil travailler.
  • Poste le contenu du nouveau rapport (il s'agit d'un fichier "LOG" contenant les dates et heures du pc, sauvegardé dans le dossier %racine%\_OTL\MovedFiles) qui doit s'ouvrir avec le bloc-notes. Comme précédemment, tu peux utiliser les raccourcis clavier (CTRL+A, CTRL+C et CTRL+V)

3/

  • Télécharge Ad Remover d'El Desaparecido , C_XX & Chimay8 sur ton Bureau. Autre lien de téléchargement possible.
  • Double-clique sur l'outil pour l'exécuter (Sous Vista ou windows 7, il faut faire un clic droit et l'exécuter en tant qu'administrateur),
  • Lance la recherche et édite le rapport généré par l'outil dans ta prochaine réponse.

4/

  • Télécharge UsbFix de Chiquitine29 sur ton Bureau,
  • L'outil peut faire réagir l'antivirus. Dans ce cas, tu ignores les alertes ou tu désactives temporairement ton antivirus.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
  • Double-clique sur UsbFix sur ton Bureau (Pour Vista, le programme doit être lancé via un clic droit, et il faut choisir d'exécuter en tant qu'administrateur). Choisis la langue (Français) puis l'option Recherche.
  • Poste le rapport UsbFix.txt
  • Tu as un tuto ici.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.
(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

5/ Télécharger MBRCheck GtG
ou là:
Télécharger MBRCheck BleepingComputer
et sauvegarder sur le Bureau :
Sous Vista->Exécuter en tant que Administrateur
- Lancer l'outil par double-clic ; une fenêtre noire apparaîtra.
image
- Patienter une dizaine de secondes pour permettre à l'outil de compléter l'analyse.
- N'exécuter aucune action qui pourrait être proposée ;
appuyez alors alors sur la touche N puis Entrée deux fois.
Si rien n'est détecté, pressez touche Entrée

Si ce message apparait

Found non-standard or infected MBR.
des options s'afficheront
Taper Ypour avoir plus d'options ou N pour quitter.

Cliquer sur N pour quitter.

Joindre le rapport. S'il est trop long, il est possible de l'insérer en utilisant ce lien : Insérer un rapport

Fill

myléne30
 Posté le 12/02/2011 à 21:26 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

re

hou j'en ai pour la nuit mdr allez au travail merci.

myléne30
 Posté le 12/02/2011 à 22:46 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

re

apres la coorection mon ordi a redemarrer. mais je ne trouve pas de nouveau rapport grrrr

désoler

myléne30
 Posté le 12/02/2011 à 23:01 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

rapport de ad remover

======= REPORT FROM AD-REMOVER 2.0.0.2,E | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 08/02/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 23:00:00 on 12/02/2011, Normal boot

Microsoft Windows XP Professionnel Service Pack 2 (X86)
Mélannie@MYLÉNE ( )

============== SEARCH ==============


Folder found: C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default\conduit
Folder found: C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default\ConduitEngine
Folder found: C:\Documents and Settings\All Users\Application Data\Trymedia

-- File opened: C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default\Prefs.js --
Line found: user_pref("CT2849852.SavedHomepage", "hxxp://search.conduit.com/?ctid=&SearchSource=13");
Line found: user_pref("CT2849852.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284...
Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1241893/1237566/FR", "\"0\"...
Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/FR", "\"0\"")...
Line found: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849852", ...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
Line found: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63432589928083...
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2849852/CT2849852...
Line found: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=fr", "\"634...
Line found: user_pref("CommunityToolbar.EngineOwner", "CT2849852");
Line found: user_pref("CommunityToolbar.EngineOwnerGuid", "{ef79f67a-6ad7-4715-a0f8-932fca442023}");
Line found: user_pref("CommunityToolbar.EngineOwnerToolbarId", "bittorrentbar_fr");
Line found: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line found: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2849852");
Line found: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{ef79f67a-6ad7-4715-a0f8-932fca442023}");
Line found: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bittorrentbar_fr");
Line found: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...
Line found: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2849852");
Line found: user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2849852");
Line found: user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Line found: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Feb 12 2011 20:28:54 GMT+0100 (Roman...
Line found: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line found: user_pref("CommunityToolbar.alert.locale", "en");
Line found: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line found: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Feb 12 2011 20:28:50 GMT+0100 (Romance S...
Line found: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Line found: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line found: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line found: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line found: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line found: user_pref("CommunityToolbar.alert.userId", "de4ca0cf-ab5e-4382-a977-cae648b57bd4");
Line found: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Feb 12 2011 20:28:56 GMT+0100 (Rom...
Line found: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849852");
Line found: user_pref("ConduitEngine.CTID", "ConduitEngine");
Line found: user_pref("ConduitEngine.FirstServerDate", "02/12/2011 22");
Line found: user_pref("ConduitEngine.FirstTime", true);
Line found: user_pref("ConduitEngine.FirstTimeFF3", true);
Line found: user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Line found: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line found: user_pref("ConduitEngine.Initialize", true);
Line found: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line found: user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Line found: user_pref("ConduitEngine.InstalledDate", "Sat Feb 12 2011 20:28:52 GMT+0100 (Romance Standard Time)"...
Line found: user_pref("ConduitEngine.IsMulticommunity", false);
Line found: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line found: user_pref("ConduitEngine.IsOpenUninstallPage", false);
Line found: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Feb 12 2011 20:28:52 GMT+0100 (Romance Sta...
Line found: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Feb 12 2011 20:28:53 GMT+0100 (Romance Standard Ti...
Line found: user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line found: user_pref("ConduitEngine.SavedHomepage", "hxxp://www.google.fr/firefox");
Line found: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line found: user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C...
Line found: user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Feb 12 2011 20:28:51 GMT+0100 (Romance Standar...
Line found: user_pref("ConduitEngine.UserID", "UN37945552052081391");
Line found: user_pref("ConduitEngine.engineLocale", "fr");
Line found: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Feb 12 2011 20:28:52 GMT+0100 (Roman...
Line found: user_pref("ConduitEngine.initDone", true);
Line found: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2849852&SearchSource=13");
-- File closed --


Key found: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}
Key found: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}
Key found: HKLM\Software\Classes\Conduit.Engine
Key found: HKLM\Software\Classes\Toolbar.CT2849852
Key found: HKLM\Software\Conduit
Key found: HKLM\Software\Trymedia Systems
Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [3.6.13 (fr)] ****

Plugins\np32dsw.dll (Adobe Systems, Inc.)
HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x)
Searchplugins\MediaDICO-fr.xml (hxxp://www.dictionnaire-mediadico.com/dictionnaires.asp)
Extensions\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} (Java Console)

-- C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default --
Extensions\apptabs@frankyan.com (App Tabs)
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Mélannie\\My Documents\\Téléchargements
Prefs.js - browser.search.defaulturl,
Prefs.js - browser.search.selectedEngine, BittorrentBar_FR Customized Web Search
Prefs.js - browser.startup.homepage, hxxp://search.conduit.com/?ctid=CT2849852&SearchSource=13
Prefs.js - browser.startup.homepage_override.mstone, ignore

========================================

**** Internet Explorer Version [6.0.2900.2180] ****

HKCU_Main|Default_Search_URL - hxxp://www.google.com/ie
HKCU_Main|First Home Page - hxxp://www.bouyguestelecom.fr
HKCU_Main|Search bar - hxxp://www.google.com/ie
HKCU_Main|Search Page - hxxp://www.google.com
HKCU_Main|Start Page - hxxp://search.conduit.com/?SearchSource=10&ctid=CT2849852
HKLM_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://www.tinit.org/
HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "BittorrentBar_FR Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 1 File(s)

C:\Ad-Report-SCAN[1].txt - 12/02/2011 (8059 Byte(s))

End at: 23:01:05, 12/02/2011

============== E.O.F ==============

myléne30
 Posté le 12/02/2011 à 23:08 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

rapport usb fix

############################## | UsbFix 7.039 | [Research]

User: Mélannie (Administrator) # MYLÉNE [ ]
Updated 09/02/2011 by El Desaparecido / C_XX
Started at 23:07:08 | 12/02/2011
Website: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org

CPU: Intel(R) Pentium(R) M processor 1.60GHz
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 6.0.2900.2180

Windows Firewall: Enabled
Antivirus: avast! Antivirus 5.0.83952505 [(!) Disabled | Updated]
RAM -> 1023 Mb
C:\ (%systemdrive%) -> Fixed drive # 37 Gb (12 Mb free - 32%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 971 Mb (665 Mb free - 68%) [CLEF MYLENE] # FAT

################## | Files # Infected Folders |


Found ! C:\DOCUME~1\MLANNI~1\LOCALS~1\Temp\VWL134.tmp

################## | Registry |

Found ! HKLM\Software\Classes\CLSID\MADOWN

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{0b747c00-857d-11de-8783-001279583fd2}
Shell\AutoRun\Command = E:\EmDesk.exe
Shell\EmDesk\Command = E:\EmDesk.exe


################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |

myléne30
 Posté le 12/02/2011 à 23:12 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

rapport MBRcheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF7D2E000 \WINDOWS\system32\KDCOM.DLL
0xF7C3E000 \WINDOWS\system32\BOOTVID.dll
0xF77DF000 ACPI.sys
0xF7D30000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF77CE000 pci.sys
0xF782E000 isapnp.sys
0xF7C42000 compbatt.sys
0xF7C46000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7DF6000 pciide.sys
0xF7AAE000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7D32000 intelide.sys
0xF77B0000 pcmcia.sys
0xF783E000 MountMgr.sys
0xF7791000 ftdisk.sys
0xF7D34000 dmload.sys
0xF776B000 dmio.sys
0xF7AB6000 PartMgr.sys
0xF7C4A000 ACPIEC.sys
0xF7DF7000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF784E000 VolSnap.sys
0xF7753000 atapi.sys
0xF785E000 disk.sys
0xF786E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7734000 fltMgr.sys
0xF7722000 sr.sys
0xF787E000 PxHelp20.sys
0xF770B000 KSecDD.sys
0xF76F8000 WudfPf.sys
0xF766B000 Ntfs.sys
0xF763E000 NDIS.sys
0xF7623000 Mup.sys
0xF788E000 agp440.sys
0xF79BE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7543000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF752F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7B76000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF750C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7B7E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF79CE000 \SystemRoot\system32\DRIVERS\cxbp0wdm.sys
0xF7CE6000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0xF74DF000 \SystemRoot\system32\drivers\o2mmb.sys
0xF74BE000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF79DE000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7CFA000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7B86000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF74AA000 \SystemRoot\system32\DRIVERS\parport.sys
0xF79EE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7B8E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7B96000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79FE000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7A0E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7A1E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7487000 \SystemRoot\system32\DRIVERS\ks.sys
0xF73F6000 \SystemRoot\system32\drivers\smwdm.sys
0xF73D4000 \SystemRoot\system32\drivers\portcls.sys
0xF7A2E000 \SystemRoot\system32\drivers\drmk.sys
0xF73BC000 \SystemRoot\system32\drivers\aeaudio.sys
0xF729E000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7B9E000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7D0A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7D0E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7E41000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7BA6000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF7BAE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7A3E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7D16000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF725F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7A4E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7A5E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF724E000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7A6E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7BB6000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7BBE000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF712D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7A7E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7D50000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF70D1000 \SystemRoot\system32\DRIVERS\update.sys
0xF75FF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7A9E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF78DE000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7D52000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7D54000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7D56000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7EAE000 \SystemRoot\System32\Drivers\Null.SYS
0xF7D58000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7BD6000 \SystemRoot\System32\drivers\vga.sys
0xF7D5A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7D5C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7BDE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7BE6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7CD6000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAAFCD000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAAF75000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF78FE000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAAF4D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7BEE000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xAAF2B000 \SystemRoot\System32\drivers\afd.sys
0xF790E000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAAF00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAAE91000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF791E000 \SystemRoot\System32\Drivers\Fips.SYS
0xAADD0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF792E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAAD61000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7C06000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF795E000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAAD49000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7D6C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7105000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7C0E000 \SystemRoot\System32\watchdog.sys
0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys
0xF7E64000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D5000 \SystemRoot\System32\ati2dvag.dll
0xBFA23000 \SystemRoot\System32\ati3duag.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAAD2D000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xAAADB000 \SystemRoot\system32\DRIVERS\irda.sys
0xAAC11000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA9AC000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xAA6EF000 \SystemRoot\system32\drivers\wdmaud.sys
0xAAC81000 \SystemRoot\system32\drivers\sysaudio.sys
0xAA57D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAA43B000 \SystemRoot\system32\DRIVERS\srv.sys
0xAA3DB000 \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
0xAA393000 \SystemRoot\System32\drivers\dgderdrv.sys
0xA9F9A000 \SystemRoot\System32\Drivers\HTTP.sys
0xA9CC6000 \SystemRoot\system32\drivers\kmixer.sys
0xF7BF6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA9CA3000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 39):
0 System Idle Process
4 SYSTEM
648 C:\WINDOWS\system32\smss.exe
696 csrss.exe
720 C:\WINDOWS\system32\winlogon.exe
764 C:\WINDOWS\system32\services.exe
776 C:\WINDOWS\system32\lsass.exe
936 C:\WINDOWS\system32\svchost.exe
1012 svchost.exe
1108 C:\WINDOWS\system32\svchost.exe
1144 C:\WINDOWS\system32\svchost.exe
1288 svchost.exe
1508 svchost.exe
1516 C:\WINDOWS\explorer.exe
1720 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
188 C:\WINDOWS\system32\spoolsv.exe
256 scardsvr.exe
544 C:\WINDOWS\system32\ati2evxx.exe
556 C:\Program Files\Bonjour\mDNSResponder.exe
592 C:\WINDOWS\system32\dgdersvc.exe
636 C:\WINDOWS\system32\FsUsbExService.Exe
1092 C:\Program Files\Java\jre6\bin\jqs.exe
1200 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1416 C:\WINDOWS\system32\svchost.exe
184 alg.exe
2092 C:\WINDOWS\AGRSMMSG.exe
2108 C:\Program Files\BboxUpdate\BTLiveUpdate.exe
2116 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2124 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2132 C:\WINDOWS\system32\ctfmon.exe
2140 C:\Documents and Settings\Mélannie\Local Settings\Apps\F.lux\flux.exe
2148 C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
2160 C:\Documents and Settings\All Users\Application Data\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe
2932 C:\WINDOWS\system32\svchost.exe
3796 C:\Program Files\Mozilla Firefox\firefox.exe
328 C:\Program Files\Mozilla Firefox\plugin-container.exe
3884 wmiprvse.exe
1064 C:\WINDOWS\system32\notepad.exe
1300 C:\Documents and Settings\Mélannie\My Documents\Téléchargements\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK4026GAX, Rev: PA103G

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Publicité
Fill
 Posté le 13/02/2011 à 00:15 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re,

1/ Le rapport OTL se trouve dans le dossier C:\_OTL. C'est un fichier texte dont le nom correspond à la date et à l'heure où il a été créé. Il me le faut.

2/

  • Double-clique sur Ad Remover pour exécuter l'outil (ou clic droit>Exécuter en tant qu'administrateur sous Vista et windows 7),
  • Lance le nettoyage et édite le rapport généré par l'outil dans ta prochaine réponse.

3/

  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
  • Double-clique sur le raccourci UsbFix sur ton Bureau (Pour Vista, le programme doit être lancé via un clic droit, et il faut choisir d'exécuter en tant qu'administrateur). Choisis l'option Suppression.
  • Cela va lancer la procédure de nettoyage des lecteurs amovibles branchés.
  • Le PC va redémarrer.
  • Après redémarrage, poste le rapport UsbFix.txt
  • Tu as un tuto ici.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.
(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

4/ Relance malwarebyte's. Supprime les éléments trouvés et édite le rapport.

Fill



Modifié par Fill le 13/02/2011 00:15
myléne30
 Posté le 13/02/2011 à 00:35 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

otl

All processes killed
Error: Unable to interpret < Instructions :> in the current context!
========== OTL ==========
No active process named mc76487.exe was found!
Service SBoxDiskSrv stopped successfully!
Service SBoxDiskSrv deleted successfully!
Service MemChecker stopped successfully!
Service MemChecker deleted successfully!
C:\WINDOWS\mc76487.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ef79f67a-6ad7-4715-a0f8-932fca442023} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found.
File C:\Program Files\BittorrentBar_FR\tbBitt.dll not found.
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\searchplugin folder moved successfully.
C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\META-INF folder moved successfully.
C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\lib folder moved successfully.
C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\defaults folder moved successfully.
C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\components folder moved successfully.
C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\chrome folder moved successfully.
C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023} folder moved successfully.
C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com folder moved successfully.
C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found.
File C:\Program Files\BittorrentBar_FR\tbBitt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ef79f67a-6ad7-4715-a0f8-932fca442023} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found.
File C:\Program Files\BittorrentBar_FR\tbBitt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Windows\CurrentVersion\Run\\api32 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Windows\CurrentVersion\Run\\cafbine70mps.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Windows\CurrentVersion\Run\\dso32 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Windows\CurrentVersion\Run\\KiesTrayAgent deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Windows\CurrentVersion\Run\\Vsuyipidurayapev deleted successfully.
C:\WINDOWS\win320.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{522d1793-08c0-11de-8749-001279583fd2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{522d1793-08c0-11de-8749-001279583fd2}\ not found.
File E:\gi2ky.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{522d1793-08c0-11de-8749-001279583fd2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{522d1793-08c0-11de-8749-001279583fd2}\ not found.
File E:\gi2ky.exe not found.
C:\Documents and Settings\Mélannie\Application Data\6C3B6D55D4152BA0ABD609B053335ED8 folder moved successfully.
Folder C:\Program Files\Conduit\ not found.
Folder C:\Documents and Settings\Mélannie\Local Settings\Application Data\Conduit\ not found.
C:\Documents and Settings\Mélannie\Local Settings\Application Data\BittorrentBar_FR folder moved successfully.
Folder C:\Documents and Settings\Mélannie\Local Settings\Application Data\ConduitEngine\ not found.
Folder C:\Program Files\ConduitEngine\ not found.
Folder C:\Program Files\BittorrentBar_FR\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C0A2E219 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:99C301D0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6425A235 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EA701346 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FC8E37E0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:55C54F7C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:059167AF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B3942462 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3D186293 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A2907225 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:57176330 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FECEF728 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:17D88661 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:101708D3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FD2BFC89 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5FFC2819 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F986CC21 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7920E530 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:66AA0486 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:55818279 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9DB67071 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6444B424 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3BF63E4A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:12EA4DC9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F0AB86C0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:95775248 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:57CC1FDC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:29C87AB9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:46700142 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D2C57161 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9026FFAC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8AA99C0C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5A437AC3 deleted successfully.
File EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] not found.
Folder EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]\ not found.
File ptyTemp] not found.
File ptyFlash] not found.

OTL by OldTimer - Version 3.2.20.6 log created on 02122011_222921

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

myléne30
 Posté le 13/02/2011 à 00:45 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

======= REPORT FROM AD-REMOVER 2.0.0.2,E | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 08/02/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [2]) -> Launched at 00:44:34 on 13/02/2011, Normal boot

Microsoft Windows XP Professionnel Service Pack 2 (X86)
Mélannie@MYLÉNE ( )

============== SEARCH ==============


Folder found: C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default\conduit
Folder found: C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default\ConduitEngine
Folder found: C:\Documents and Settings\All Users\Application Data\Trymedia

-- File opened: C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default\Prefs.js --
Line found: user_pref("CT2849852.SavedHomepage", "hxxp://search.conduit.com/?ctid=&SearchSource=13");
Line found: user_pref("CT2849852.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284...
Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1241893/1237566/FR", "\"0\"...
Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/FR", "\"0\"")...
Line found: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849852", ...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
Line found: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63432589928083...
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2849852/CT2849852...
Line found: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=fr", "\"634...
Line found: user_pref("CommunityToolbar.EngineOwner", "CT2849852");
Line found: user_pref("CommunityToolbar.EngineOwnerGuid", "{ef79f67a-6ad7-4715-a0f8-932fca442023}");
Line found: user_pref("CommunityToolbar.EngineOwnerToolbarId", "bittorrentbar_fr");
Line found: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line found: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2849852");
Line found: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{ef79f67a-6ad7-4715-a0f8-932fca442023}");
Line found: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bittorrentbar_fr");
Line found: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...
Line found: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2849852");
Line found: user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2849852");
Line found: user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Line found: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Feb 12 2011 20:28:54 GMT+0100 (Roman...
Line found: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line found: user_pref("CommunityToolbar.alert.locale", "en");
Line found: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line found: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Feb 12 2011 20:28:50 GMT+0100 (Romance S...
Line found: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Line found: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line found: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line found: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line found: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line found: user_pref("CommunityToolbar.alert.userId", "de4ca0cf-ab5e-4382-a977-cae648b57bd4");
Line found: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Feb 12 2011 20:28:56 GMT+0100 (Rom...
Line found: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849852");
Line found: user_pref("ConduitEngine.CTID", "ConduitEngine");
Line found: user_pref("ConduitEngine.FirstServerDate", "02/12/2011 22");
Line found: user_pref("ConduitEngine.FirstTime", true);
Line found: user_pref("ConduitEngine.FirstTimeFF3", true);
Line found: user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Line found: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line found: user_pref("ConduitEngine.Initialize", true);
Line found: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line found: user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Line found: user_pref("ConduitEngine.InstalledDate", "Sat Feb 12 2011 20:28:52 GMT+0100 (Romance Standard Time)"...
Line found: user_pref("ConduitEngine.IsMulticommunity", false);
Line found: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line found: user_pref("ConduitEngine.IsOpenUninstallPage", false);
Line found: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Feb 12 2011 20:28:52 GMT+0100 (Romance Sta...
Line found: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Feb 12 2011 20:28:53 GMT+0100 (Romance Standard Ti...
Line found: user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line found: user_pref("ConduitEngine.SavedHomepage", "hxxp://www.google.fr/firefox");
Line found: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line found: user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C...
Line found: user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Feb 12 2011 20:28:51 GMT+0100 (Romance Standar...
Line found: user_pref("ConduitEngine.UserID", "UN37945552052081391");
Line found: user_pref("ConduitEngine.engineLocale", "fr");
Line found: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Feb 12 2011 20:28:52 GMT+0100 (Roman...
Line found: user_pref("ConduitEngine.initDone", true);
Line found: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2849852&SearchSource=13");
-- File closed --


Key found: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}
Key found: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}
Key found: HKLM\Software\Classes\Conduit.Engine
Key found: HKLM\Software\Classes\Toolbar.CT2849852
Key found: HKLM\Software\Conduit
Key found: HKLM\Software\Trymedia Systems
Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [3.6.13 (fr)] ****

Plugins\np32dsw.dll (Adobe Systems, Inc.)
HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x)
Searchplugins\MediaDICO-fr.xml (hxxp://www.dictionnaire-mediadico.com/dictionnaires.asp)
Extensions\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} (Java Console)

-- C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default --
Extensions\apptabs@frankyan.com (App Tabs)
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Mélannie\\My Documents\\Téléchargements
Prefs.js - browser.search.defaulturl,
Prefs.js - browser.search.selectedEngine, BittorrentBar_FR Customized Web Search
Prefs.js - browser.startup.homepage, hxxp://search.conduit.com/?ctid=CT2849852&SearchSource=13
Prefs.js - browser.startup.homepage_override.mstone, ignore

========================================

**** Internet Explorer Version [6.0.2900.2180] ****

HKCU_Main|Default_Search_URL - hxxp://www.google.com/ie
HKCU_Main|First Home Page - hxxp://www.bouyguestelecom.fr
HKCU_Main|Search bar - hxxp://www.google.com/ie
HKCU_Main|Search Page - hxxp://www.google.com
HKCU_Main|Start Page - hxxp://search.conduit.com/?SearchSource=10&ctid=CT2849852
HKLM_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://www.tinit.org/
HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "BittorrentBar_FR Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 2 File(s)

C:\Ad-Report-SCAN[1].txt - 12/02/2011 (9134 Byte(s))
C:\Ad-Report-SCAN[2].txt - 13/02/2011 (7958 Byte(s))

End at: 00:45:20, 13/02/2011

============== E.O.F ==============

myléne30
 Posté le 13/02/2011 à 00:52 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

############################## | UsbFix 7.039 | [Deletion]

User: Mélannie (Administrator) # MYLÉNE [ ]
Updated 09/02/2011 by El Desaparecido / C_XX
Started at 00:50:13 | 13/02/2011
Website: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org

CPU: Intel(R) Pentium(R) M processor 1.60GHz
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 6.0.2900.2180

Windows Firewall: Enabled
Antivirus: avast! Antivirus 5.0.83952505 [Enabled | Updated]
RAM -> 1023 Mb
C:\ (%systemdrive%) -> Fixed drive # 37 Gb (12 Mb free - 32%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 971 Mb (665 Mb free - 68%) [CLEF MYLENE] # FAT

################## | Files # Infected Folders |


Deleted ! C:\DOCUME~1\MLANNI~1\LOCALS~1\Temp\VWL134.tmp
Deleted ! C:\Recycler\S-1-5-21-2168241517-2575756971-1293286784-1009
Deleted ! C:\Recycler\S-1-5-21-2168241517-2575756971-1293286784-500
Deleted ! C:\Recycler\S-1-5-21-842925246-789336058-1343024091-500

################## | Registry |

Deleted ! HKLM\Software\Classes\CLSID\MADOWN

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{0b747c00-857d-11de-8783-001279583fd2}

################## | Listing |

[18/01/2011 - 23:11:45 | D ] C:\814ea64b52a9771d0513
[12/02/2011 - 23:01:05 | N | 9134] C:\Ad-Report-SCAN[1].txt
[13/02/2011 - 00:45:20 | N | 9189] C:\Ad-Report-SCAN[2].txt
[22/01/2011 - 11:52:43 | N | 2006] C:\aqua_bitmap.cpp
[03/06/2008 - 09:12:43 | N | 0] C:\AUTOEXEC.BAT
[27/10/2008 - 13:54:35 | N | 211] C:\boot.ini
[03/02/2011 - 00:04:35 | D ] C:\Config.Msi
[03/06/2008 - 09:12:43 | N | 0] C:\CONFIG.SYS
[13/02/2009 - 07:46:44 | D ] C:\Documents and Settings
[03/06/2008 - 09:12:43 | N | 0] C:\IO.SYS
[03/06/2008 - 09:12:43 | N | 0] C:\MSDOS.SYS
[21/07/2009 - 12:08:49 | RHD ] C:\MSOCache
[31/12/2002 - 13:00:00 | N | 47564] C:\NTDETECT.COM
[31/12/2002 - 13:00:00 | N | 250032] C:\ntldr
[29/02/2004 - 16:44:34 | N | 52576] C:\orange.bmp
[13/02/2011 - 00:09:05 | ASH | 805306368] C:\pagefile.sys
[12/02/2011 - 22:59:57 | D ] C:\Program Files
[15/06/2009 - 19:46:23 | D ] C:\ProgramData
[13/02/2011 - 00:50:59 | SHD ] C:\RECYCLER
[27/10/2008 - 13:56:31 | SHD ] C:\System Volume Information
[13/02/2011 - 00:50:59 | D ] C:\UsbFix
[13/02/2011 - 00:51:05 | A | 1088] C:\UsbFix.txt
[12/02/2011 - 22:29:27 | D ] C:\WINDOWS
[12/02/2011 - 22:29:21 | D ] C:\_OTL
[05/03/2009 - 17:24:04 | D ] E:\CACF DIRECT

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_MYLÉNE.zip
http://www.teamxscript.org/Upload.php
Thank you for your contribution.

################## | E.O.F |

myléne30
 Posté le 13/02/2011 à 01:53 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

re

voila je crois que tu as tous.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5748

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

13/02/2011 01:50:14
mbam-log-2011-02-13 (01-50-14).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 215671
Temps écoulé: 43 minute(s), 41 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\Mélannie\local settings\Temp\rxscwaemno.tmp (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3166be0b-499b-4573-974c-2ffdad6f29e0}\rp221\a0058344.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\02122011_222921\c_windows\win320.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.

Fill
 Posté le 13/02/2011 à 09:36 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Bonjour,

1/ Adremover a été mal utilisé. Il faut le relance et choisir "Suppression". Edite le rapport.

2/

  • Télécharge TFC par Old_Timer sur ton Bureau,
  • Fais un double clic sur TFC.exe pour le lancer. (Note: Si tu es sous Vista, fais un clic droit sur le fichier et choisis Exécuter en tant qu'Administrateur).
  • L'outil va fermer tous les programmes lors de son exécution, donc vérifie que tu as sauvegardé tout ton travail en cours avant de commencer.
  • Clique sur le bouton Start pour lancer le processus. Selon la fréquence à laquelle tu supprimes tes fichiers temporaires, cela peut durer de quelques secondes à une minute ou deux. Laisse le programme s'exécuter sans l'interrompre.
  • Lorsqu'il a terminé, l'outil devrait faire redémarrer votre système. S'il ne le fait pas, fais-le redémarrer manuellement le PC toi-même pour parachever le nettoyage.

3/ Fais une analyse en ligne en suivant ce lien et édite le rapport.

4/ Comment se comporte le pc ?

Fill



Modifié par Fill le 13/02/2011 09:37
myléne30
 Posté le 13/02/2011 à 12:41 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Bonjour Fill,

hé bien il faut en faire des choses moi qui suis pas tres doué en informatique, ca me prend du temps lol.

ad me demande juste scan,clean,unistal. donc j'ai fait clean voila le rapport

======= REPORT FROM AD-REMOVER 2.0.0.2,E | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 08/02/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 12:20:24 on 13/02/2011, Normal boot

Microsoft Windows XP Professionnel Service Pack 2 (X86)
Mélannie@MYLÉNE ( )

============== ACTION(S) ==============


Folder deleted: C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default\conduit
Folder deleted: C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default\ConduitEngine
Folder deleted: C:\Documents and Settings\All Users\Application Data\Trymedia

(!) -- Temporary files deleted.


-- File opened: C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default\Prefs.js --
/!\ Unable to open the file, cleaning interrupted /!\
-- File closed --


Key deleted: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}
Key deleted: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}
Key deleted: HKLM\Software\Classes\Conduit.Engine
Key deleted: HKLM\Software\Classes\Toolbar.CT2849852
Key deleted: HKLM\Software\Conduit
Key deleted: HKLM\Software\Trymedia Systems
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [3.6.13 (fr)] ****

Plugins\np32dsw.dll (Adobe Systems, Inc.)
HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x)
Searchplugins\MediaDICO-fr.xml (hxxp://www.dictionnaire-mediadico.com/dictionnaires.asp)
Extensions\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} (Java Console)

-- C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default --
Extensions\apptabs@frankyan.com (App Tabs)
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Mélannie\\My Documents\\Téléchargements
Prefs.js - browser.search.defaulturl,
Prefs.js - browser.search.selectedEngine, BittorrentBar_FR Customized Web Search
Prefs.js - browser.startup.homepage, hxxp://search.conduit.com/?ctid=CT2849852&SearchSource=13
Prefs.js - browser.startup.homepage_override.mstone, ignore

========================================

**** Internet Explorer Version [6.0.2900.2180] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/

========================================

C:\Program Files\Ad-Remover\Quarantine: 13 File(s)
C:\Program Files\Ad-Remover\Backup: 16 File(s)

C:\Ad-Report-CLEAN[1].txt - 13/02/2011 (987 Byte(s))
C:\Ad-Report-SCAN[1].txt - 12/02/2011 (9134 Byte(s))
C:\Ad-Report-SCAN[2].txt - 13/02/2011 (9189 Byte(s))

End at: 12:21:29, 13/02/2011

============== E.O.F ==============

tfc (pas trouvé le rapport) l'ordi a bien redemaré;

myléne30
 Posté le 13/02/2011 à 14:20 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

eset txt

C:\_OTL\MovedFiles\02122011_222921\C_Documents and Settings\Mélannie\Application Data\6C3B6D55D4152BA0ABD609B053335ED8\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application nettoyé par suppression - mis en quarantaine
C:\_OTL\MovedFiles\02122011_222921\C_Documents and Settings\Mélannie\Application Data\6C3B6D55D4152BA0ABD609B053335ED8\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application nettoyé par suppression - mis en quarantaine

Alors mon pc n'a plus l'icone du virus dans la barre des taches, quand je le rallume il y a un ecran noir qui s'affiche en mettant menace imminent. alors il me dit de taper sur F1 pour l'ingorer ce que j'ai fait. voila

Fill
 Posté le 13/02/2011 à 15:28 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

myléne30 a écrit :

eset txt

C:\_OTL\MovedFiles\02122011_222921\C_Documents and Settings\Mélannie\Application Data\6C3B6D55D4152BA0ABD609B053335ED8\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application nettoyé par suppression - mis en quarantaine
C:\_OTL\MovedFiles\02122011_222921\C_Documents and Settings\Mélannie\Application Data\6C3B6D55D4152BA0ABD609B053335ED8\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application nettoyé par suppression - mis en quarantaine

Alors mon pc n'a plus l'icone du virus dans la barre des taches, quand je le rallume il y a un ecran noir qui s'affiche en mettant menace imminent. alors il me dit de taper sur F1 pour l'ingorer ce que j'ai fait. voila

Re,

1/ Peux-tu éditer l'intégralité du rapport Eset qui se trouve là :

C:\Program Files\ESET Online Scanner\log.txt ou C:\Program Files (x86) \ESET Online Scanner\log.txt

2/ Je ne comprends pas la suite : tu parles d'icône de virus ou d'antivirus ?

Et je ne comprends pas l'histoire de l'écran noir. Peux-tu être plus explicite et faire éventuellement une capture d'écran ?

Fill

Publicité
Pages : [1] 2 ... Fin
Page 1 sur 2 [Fin]

Vous devez être connecté pour participer à la discussion.
Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !
Recevoir PC Astuces par e-mail


La Lettre quotidienne +226 000 inscrits
Avec l'actu, des logiciels, des applis, des astuces, des bons plans, ...

Les bonnes affaires
Une fois par semaine, un récap des meilleurs offres.

Les fonds d'écran
De jolies photos pour personnaliser votre bureau. Une fois par semaine.

Les nouveaux Bons Plans
Des notifications pour ne pas rater les bons plans publiés sur le site.

Les bons plans du moment PC Astuces

Tous les Bons Plans
48,50 €SSD Crucial BX500 480 Go à 48,50 €
Valable jusqu'au 03 Mars

Amazon propose actuellement le SSD Crucial BX500 480 Go à 48,50 € livré gratuitement alors qu'on le trouve ailleurs à plus de 60 €. Ce SSD offre des débits de 540 Mo/s en lecture et 500 Mo/s en écriture. Le SSD est accompagné du logiciel Acronis true image qui vous permettra de transférer tout le contenu de votre ancien disque dur sur le SSD. Il est garanti 3 ans. 

> Voir l'offre
17,45 €SSD PNY CS900 120 Go à 17,45 €
Valable jusqu'au 03 Mars

Cdiscount fait une promotion sur le SSD PNY CS900 120 Go qui passe à 17,45 €. Ce SSD offre des vitesses d'écriture de 515 Mo/s et de lecture à 550 Mo/s. Il est garanti 3 ans. De quoi donner une seconde jeunesse à un ordinateur un peu ancien.

> Voir l'offre
138,49 €Alimentation modulaire Seasonic Focus Plus Gold 850W (garantie 10 ans) à 138,49 €
Valable jusqu'au 03 Mars

Amazon fait une promotion sur l'alimentation Seasonic Focus Plus Gold 850W qui passe à 138,49 € livrée gratuitement alors qu'on la trouve ailleurs à partir de 169 €. Le niveau frise la perfection avec une magnifique certification 80+ OR et un câblage full modulaire, le tout dans un silence de cathédrale. L'alimentation est garantie 10 ans.

> Voir l'offre

Sujets relatifs
Problème détection disque dur pour RAID 0
Problème de disque...
"Windows a détecté un problème de disque dur"
probleme de disque dur formaté par canal plus
problème avec disque dur segeate
Problème installation de Windows suite a un changement de disque dur
problème installation nouveau DD toshiba L670D
probleme de disque dur
Probleme disque dur externe WD
Problème Reboot Toshiba L50: Help
Plus de sujets relatifs à Problème disque dur Toshiba MK4026GAX
 > Tous les forums > Forum Les mains dans le cambouis