|
 Posté le 12/02/2011 @ 18:50 |
Petite astucienne
| bonjour,
depuis plusieurs heures j'essaye d'eliminer antimalware doctor en vain, j'ai rechercher sur des forums comment faire. Et c'est la galere lol.
j'ai telecharger malwarebytes, fait une analyse la voici.
Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org
Version de la base de données: 5748
Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180
12/02/2011 18:38:28 mbam-log-2011-02-12 (18-37-53).txt
Type d'examen: Examen complet (C:\|) Elément(s) analysé(s): 217667 Temps écoulé: 1 heure(s), 0 minute(s), 28 seconde(s)
Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 5 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 4
Processus mémoire infecté(s): c:\documents and settings\Mélannie\application data\6c3b6d55d4152ba0abd609b053335ed8\cafbine70mps.exe (Trojan.FakeAlert) -> 2156 -> No action taken.
Module(s) mémoire infecté(s): c:\WINDOWS\win320.dll (Trojan.Hiloti.Gen) -> No action taken.
Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vsuyipidurayapev (Trojan.Hiloti.Gen) -> Value: Vsuyipidurayapev -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cafbine70mps.exe (Trojan.FakeAlert) -> Value: cafbine70mps.exe -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Value: cdoosoft -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dso32 (Spyware.OnlineGames) -> Value: dso32 -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\api32 (Spyware.OnlineGames) -> Value: api32 -> No action taken.
Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
Dossier(s) infecté(s): (Aucun élément nuisible détecté)
Fichier(s) infecté(s): c:\WINDOWS\win320.dll (Trojan.Hiloti.Gen) -> No action taken. c:\documents and settings\Mélannie\application data\6c3b6d55d4152ba0abd609b053335ed8\cafbine70mps.exe (Trojan.FakeAlert) -> No action taken. c:\documents and settings\Mélannie\local settings\Temp\rxscwaemno.tmp (Trojan.Hiloti.Gen) -> No action taken. c:\documents and settings\Mélannie\local settings\temporary internet files\Content.IE5\O1234567\typeuu700acc[2].exe (Trojan.FakeAlert) -> No action taken.
Que doit-je faire maintenant svp. je suis pas tres doué dans ce genre de chose
merci par avance
|
|
|
|
|
|
Posté le 12/02/2011 à 18:52 |
| Bonjour, et bienvenue sur pca !
- Télécharge OTL (de Old_Timer) sur ton bureau,
- Double-clique sur son icône pour le démarrer. Si tu es sous Vista ou 7, démarre par clic droit, exécuter en tant qu'administrateur. Assure toi d'avoir fermé le maximum de fenêtres ouvertes, avant ce qui suit.
- Coche la case "Tous les utilisateurs",
- Sous l'emplacement "Personnalisation", copie colle le contenu ce qui suit :
netsvcs drivers32 %SYSTEMDRIVE%\*.exe /md5start explorer.exe winlogon.exe wininit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles
- Clique ensuite sur le bouton "Analyse" puis patiente pour que l'outil analyse le pc. Cela peut durer quelques minutes, selon l'état du système.
- A la fin de l'analyse, la fenêtre du bloc-note s'ouvre. Elle s'appelle OTL.txt
- Copie-colle ce texte dans ta prochaine réponse. Si un message d'erreur apparait, c'est parce que le rapport est trop long. Il faut alors l'éditer en plusieurs messages sans rien oublier.
- Pour sélectionner le texte : CTRL+A
- Pour copier le texte sélectionné : CTRL+C,
- Pour coller le texte dans ta prochaine réponse : CRTL+V
Fill |
|
Posté le 12/02/2011 à 18:56 |
Petite astucienne
| merci
je vais faire ca et je revient |
|
Posté le 12/02/2011 à 19:15 |
Petite astucienne
| OTL logfile created on: 12/02/2011 19:03:36 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Mélannie\My Documents\Téléchargements Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1 023,00 Mb Total Physical Memory | 560,00 Mb Available Physical Memory | 55,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,25 Gb Total Space | 11,86 Gb Free Space | 31,84% Space Free | Partition Type: NTFS Computer Name: MYLÉNE | User Name: Mélannie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - File not found -- PRC - [2011/02/12 18:53:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mélannie\My Documents\Téléchargements\OTL.exe PRC - [2011/02/12 15:42:44 | 000,172,956 | ---- | M] () -- C:\WINDOWS\mc76487.exe PRC - [2011/02/05 17:21:06 | 000,745,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe PRC - [2011/01/30 16:31:18 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2011/01/30 16:31:17 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/01/13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010/10/29 13:55:50 | 000,983,552 | ---- | M] (Badoo) -- C:\Documents and Settings\All Users\Application Data\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe PRC - [2010/10/25 10:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\system32\dgdersvc.exe PRC - [2010/10/25 10:03:52 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe PRC - [2009/08/29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\Mélannie\Local Settings\Apps\F.lux\flux.exe PRC - [2009/04/16 08:41:18 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2008/08/06 20:44:26 | 000,103,936 | ---- | M] (TechCity Solutions France) -- C:\Program Files\BboxUpdate\BTLiveUpdate.exe PRC - [2002/12/31 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011/02/12 18:53:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mélannie\My Documents\Téléchargements\OTL.exe MOD - [2011/01/13 09:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll MOD - [2006/08/25 16:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (SBoxDiskSrv) SRV - [2011/02/12 15:42:44 | 000,172,956 | ---- | M] () [Auto | Running] -- C:\WINDOWS\mc76487.exe -- (MemChecker) SRV - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/10/25 10:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\dgdersvc.exe -- (dgdersvc) SRV - [2010/10/25 10:03:52 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008/06/03 10:09:51 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service) SRV - [2008/04/07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011/01/13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/01/13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/01/13 09:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011/01/13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/01/13 09:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011/01/13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010/10/25 10:03:52 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010/05/25 07:44:30 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2008/06/13 07:50:26 | 000,386,784 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU) DRV - [2007/12/06 14:01:16 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2007/12/06 14:00:54 | 000,036,096 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi) DRV - [2007/12/06 14:00:46 | 001,170,464 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007/12/06 14:00:24 | 000,182,101 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN) DRV - [2007/12/06 14:00:24 | 000,005,689 | ---- | M] (O2 Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby) DRV - [2007/12/06 14:00:06 | 000,049,407 | ---- | M] (OMNIKEY AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cxbp0wdm.sys -- (cxbp0wdm) DRV - [2007/12/06 13:59:28 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007/12/06 13:58:54 | 000,587,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007/09/17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2004/08/03 22:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2004/08/03 22:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) [color=#E56717]========== Standard Registry (All) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tinit.org/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.bouyguestelecom.fr IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT2849852 IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\..\URLSearchHook: {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_FR Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "http://www.google.fr/firefox" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}:5.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {ef79f67a-6ad7-4715-a0f8-932fca442023}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13 FF - prefs.js..network.proxy.type: 2 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/12 19:16:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/01/22 11:58:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/10 22:24:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/30 16:31:25 | 000,000,000 | ---D | M] [2009/06/17 13:57:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mélannie\Application Data\Mozilla\Extensions [2009/06/17 13:57:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mélannie\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011/02/11 23:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions [2011/02/05 17:21:15 | 000,000,000 | ---D | M] (BittorrentBar_FR Community Toolbar) -- C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023} [2011/02/05 17:21:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com [2011/02/05 17:21:15 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\searchplugins\conduit.xml [2011/02/11 23:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/01/30 16:31:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/06/03 09:54:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} [2010/04/12 19:17:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MéLANNIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LHJ2IDNS.DEFAULT\EXTENSIONS\{EF79F67A-6AD7-4715-A0F8-932FCA442023} File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MéLANNIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LHJ2IDNS.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM [2010/04/12 19:16:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/01/30 16:31:14 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2011/01/30 16:31:14 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2006/09/03 21:12:48 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll [2010/04/12 19:16:33 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2011/01/30 16:31:18 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2006/10/26 18:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL [2010/05/13 22:45:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2010/05/13 22:45:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2010/05/13 22:45:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2010/05/13 22:45:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2010/05/13 22:45:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2010/05/13 22:45:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2010/05/13 22:45:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2006/09/26 10:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010/09/29 12:18:29 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2010/09/29 12:18:29 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/09/29 12:18:29 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2010/09/29 12:18:29 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/07/27 07:50:12 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml [2010/09/29 12:18:29 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/09/29 12:18:29 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\search |
|
Posté le 12/02/2011 à 19:18 |
Petite astucienne
| O1 HOSTS File: ([2002/12/31 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (BittorrentBar_FR Toolbar) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BittorrentBar_FR Toolbar) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems) O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BboxUpdate] C:\Program Files\BboxUpdate\BTLiveUpdate.exe (TechCity Solutions France) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [api32] File not found O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [Badoo Desktop] C:\Documents and Settings\All Users\Application Data\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe (Badoo) O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [cafbine70mps.exe] File not found O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [cdoosoft] File not found O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [dso32] File not found O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [EA Core] File not found O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [F.lux] C:\Documents and Settings\Mélannie\Local Settings\Apps\F.lux\flux.exe () O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [KiesTrayAgent] File not found O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [Vsuyipidurayapev] C:\WINDOWS\win320.dll (Greatis Software) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab (Java Plug-in 1.5.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Mélannie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mélannie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/06/03 09:12:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0b747c00-857d-11de-8783-001279583fd2}\Shell\AutoRun\command - "" = E:\EmDesk.exe O33 - MountPoints2\{0b747c00-857d-11de-8783-001279583fd2}\Shell\EmDesk\command - "" = E:\EmDesk.exe O33 - MountPoints2\{522d1793-08c0-11de-8749-001279583fd2}\Shell\AutoRun\command - "" = E:\gi2ky.exe O33 - MountPoints2\{522d1793-08c0-11de-8749-001279583fd2}\Shell\open\Command - "" = E:\gi2ky.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %*
|
|
Posté le 12/02/2011 à 19:19 |
Petite astucienne
| NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/02/12 17:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Application Data\Malwarebytes [2011/02/12 17:28:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/02/12 17:28:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/02/12 17:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/02/12 17:28:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/02/12 17:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/02/12 15:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Application Data\6C3B6D55D4152BA0ABD609B053335ED8 [2011/02/05 23:18:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Application Data\Artifex Mundi [2011/02/05 19:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Green Moon [2011/02/05 19:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Green Moon [2011/02/05 18:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\Astar Games [2011/02/05 17:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Application Data\Absolutist [2011/02/05 17:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Absolutist [2011/02/05 17:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\My Documents\Downloads [2011/02/05 17:26:34 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk [2011/02/05 17:26:34 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Encore plus de jeux.lnk [2011/02/05 17:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient [2011/02/05 17:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache [2011/02/05 17:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2011/02/05 17:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\Conduit [2011/02/05 17:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\BittorrentBar_FR [2011/02/05 17:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\ConduitEngine [2011/02/05 17:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine [2011/02/05 17:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\BittorrentBar_FR [2011/02/05 17:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent [2011/02/05 17:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Application Data\BitTorrent [2011/02/03 00:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Badoo [2011/01/31 22:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Pixie [2011/01/31 22:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Pixie [2011/01/29 16:17:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome [2011/01/29 16:16:02 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2011/01/29 16:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus [2011/01/29 16:16:01 | 000,294,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2011/01/29 16:15:58 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2011/01/29 16:15:54 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2011/01/29 16:15:51 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2011/01/29 16:15:51 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2011/01/29 16:15:50 | 000,029,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2011/01/29 16:15:22 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2011/01/29 16:15:22 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2011/01/29 14:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Start Menu\Programs\Bbox - Bouygues Telecom [2011/01/29 14:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\BboxUpdate [2011/01/29 14:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bbox [2011/01/29 14:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Techcity [2011/01/22 14:02:38 | 000,926,240 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011/01/22 12:32:45 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys [2011/01/22 12:32:44 | 000,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys [2011/01/22 12:32:44 | 000,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rndismpx.sys [2011/01/22 12:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\My Documents\Samsung [2011/01/22 12:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Samsung [2011/01/22 12:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\NOBRAND [2011/01/22 12:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Samsung [2011/01/18 23:10:38 | 000,000,000 | ---D | C] -- C:\814ea64b52a9771d0513 [2011/01/18 23:06:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011/01/18 23:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Samsung [2011/01/10 14:43:50 | 241,942,355 | ---- | C] (Just For Fun Games ) -- C:\Documents and Settings\Mélannie\Application Data\Phantasmat_Collector_s_Edition.exe [2010/09/15 16:46:49 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Mélannie\Application Data\$_hpcst$.hpc [2009/07/30 07:57:36 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\keyfile3.drm [2009/02/24 16:51:34 | 000,083,392 | ---- | C] () -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/02/17 20:22:44 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/02/13 07:46:47 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Mélannie\Application Data\desktop.ini [2009/02/13 07:46:46 | 006,912,554 | -H-- | C] () -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\IconCache.db [2008/06/03 02:07:07 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Mélannie\My Documents\*.tmp files -> C:\Documents and Settings\Mélannie\My Documents\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/02/12 18:21:04 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/02/12 17:28:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/02/12 17:19:42 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/02/12 17:19:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/02/12 15:42:44 | 000,172,956 | ---- | M] () -- C:\WINDOWS\mc76487.exe [2011/02/12 12:24:30 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2011/02/06 23:16:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/02/05 17:37:12 | 000,001,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Encore plus de jeux.lnk [2011/02/05 17:26:34 | 000,001,596 | ---- | M] () -- C:\Documents and Settings\Mélannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk [2011/02/05 17:26:33 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk [2011/02/05 17:21:06 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Mélannie\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk [2011/02/05 17:21:06 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk [2011/02/04 19:11:37 | 000,010,187 | ---- | M] () -- C:\Documents and Settings\Mélannie\My Documents\achat voiture.docx [2011/02/04 12:21:31 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/02/04 12:21:31 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/01/29 18:25:28 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011/01/29 18:15:11 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/29 16:17:14 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Mélannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/01/29 16:16:02 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk [2011/01/29 14:55:26 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\Mélannie\Desktop\Bouygues Telecom - Mes services en un clic.url [2011/01/22 12:43:01 | 007,896,064 | ---- | M] () -- C:\Documents and Settings\Mélannie\My Documents\setup.msi [2011/01/22 12:08:03 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk [2011/01/22 11:52:43 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [2011/01/22 11:48:47 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME [2011/01/22 11:47:49 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Mélannie\My Documents\*.tmp files -> C:\Documents and Settings\Mélannie\My Documents\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/02/12 17:28:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/02/12 15:42:54 | 000,172,956 | ---- | C] () -- C:\WINDOWS\mc76487.exe [2011/02/07 23:21:58 | 000,010,187 | ---- | C] () -- C:\Documents and Settings\Mélannie\My Documents\achat voiture.docx [2011/02/05 17:37:12 | 000,001,194 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Encore plus de jeux.lnk [2011/02/05 17:26:34 | 000,001,596 | ---- | C] () -- C:\Documents and Settings\Mélannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk [2011/02/05 17:26:33 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk [2011/02/05 17:21:06 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Mélannie\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk [2011/02/05 17:21:06 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk [2011/01/29 18:20:24 | 005,485,104 | ---- | C] () -- C:\Documents and Settings\Mélannie\Desktop\DSC02533.JPG [2011/01/29 18:18:51 | 005,211,263 | ---- | C] () -- C:\Documents and Settings\Mélannie\Desktop\DSC02523.JPG [2011/01/29 18:17:57 | 003,768,044 | ---- | C] () -- C:\Documents and Settings\Mélannie\Desktop\DSC02480.JPG [2011/01/29 16:17:14 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2011/01/29 16:17:14 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Mélannie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/01/29 16:16:10 | 000,001,058 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/01/29 16:16:09 | 000,001,054 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/01/29 16:16:02 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk [2011/01/29 14:55:26 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\Mélannie\Desktop\Bouygues Telecom - Mes services en un clic.url [2011/01/22 12:43:01 | 007,896,064 | ---- | C] () -- C:\Documents and Settings\Mélannie\My Documents\setup.msi [2011/01/22 12:08:03 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk [2011/01/18 23:02:40 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp [2010/09/15 16:47:04 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010/09/15 16:47:04 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010/05/25 07:45:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2010/05/25 07:45:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2010/05/25 07:45:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2010/05/25 07:45:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2008/10/27 13:55:16 | 000,008,621 | ---- | C] () -- C:\WINDOWS\System32\cmdiag.ini [2008/10/27 13:55:16 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\cmabout.ini [2008/10/27 13:55:15 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\cmabout.dll [2008/10/27 13:55:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\chksvrn.dll [2008/06/03 11:56:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/06/03 11:26:50 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2008/06/03 10:27:29 | 000,000,155 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008/06/03 10:21:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/06/03 10:09:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI [2008/06/03 10:03:37 | 002,115,816 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2008/06/03 02:07:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2002/12/31 13:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2001/10/29 01:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [1997/06/25 23:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll |
|
Posté le 12/02/2011 à 19:20 |
Petite astucienne
| [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2002/12/31 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys [2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2002/12/31 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys [2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2002/12/31 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2002/12/31 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2002/12/31 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe [2002/12/31 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe [color=#A23BEC]< MD5 for: IASTOR.SYS >[/color] [2007/12/06 14:01:16 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2002/12/31 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll [2002/12/31 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2002/12/31 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll [2002/12/31 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2002/12/31 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe [2002/12/31 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A2E219 @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99C301D0 @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295 @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6425A235 @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346 @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC8E37E0 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55C54F7C @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3942462 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D186293 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2907225 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57176330 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECEF728 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17D88661 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:101708D3 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD2BFC89 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FFC2819 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F986CC21 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7920E530 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66AA0486 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55818279 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DB67071 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6444B424 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BF63E4A @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12EA4DC9 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0AB86C0 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95775248 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57CC1FDC @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29C87AB9 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46700142 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2C57161 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9026FFAC @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA99C0C @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A437AC3
< End of report > [color=#A23BEC]< MD5 for: [2002/12/31 13:00:00 | 000,055,808 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2002/12/31 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\eventlog.dll [2002/12/31 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: [2002/12/31 13:00:00 | 000,180,224 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2002/12/31 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\scecli.dll [2002/12/31 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll [color=#A23BEC]< MD5 for: [2002/12/31 13:00:00 | 000,407,040 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2002/12/31 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\netlogon.dll [2002/12/31 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netlogon.dll [color=#A23BEC]< MD5 for: [2002/12/31 13:00:00 | 000,502,272 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2002/12/31 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\winlogon.exe [2002/12/31 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< MD5 for: [2002/12/31 13:00:00 | 001,032,192 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2002/12/31 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [2002/12/31 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\explorer.exe [color=#A23BEC]< MD5 for: [2004/08/03 21:59:44 | 000,095,360 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\atapi.sys [2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: [2004/08/03 22:07:42 | 000,042,368 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\agp440.sys [2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AGP440.SYS [color=#A23BEC]< MD5 for: [2007/12/06 14:01:16 | 000,277,784 | ---- | M] (INTEL CORPORATION) >[/color] [2007/12/06 14:01:16 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2002/12/31 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2002/12/31 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
< End of report > |
|
Posté le 12/02/2011 à 19:21 |
Petite astucienne
| voici mon rapport j'ai aussi une fenetre extra.txt qui s'est ouverte |
|
Posté le 12/02/2011 à 19:48 |
| Re,
Je veux bien t'aider si tu fermes le processus bittorrent 
Je veux bien le rapport Extra.
Je regarde tout ça d'ici 1 h environ.
Fill |
|
|
|
|
|
Posté le 12/02/2011 à 19:53 |
Petite astucienne
| bittorent supprimer ok
OTL Extras logfile created on: 12/02/2011 19:03:36 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Mélannie\My Documents\Téléchargements Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1 023,00 Mb Total Physical Memory | 560,00 Mb Available Physical Memory | 55,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,25 Gb Total Space | 11,86 Gb Free Space | 31,84% Space Free | Partition Type: NTFS Computer Name: MYLÉNE | User Name: Mélannie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\BboxUpdate\BTLiveUpdate.exe" = C:\Program Files\BboxUpdate\BTLiveUpdate.exe:*:Disabled:Bbox - Bouygues Telecom - Utilitaire de mise à jour -- (TechCity Solutions France) "D:\data\eSKernel.exe" = D:\data\eSKernel.exe:*:Disabled:Bbox assistant d'installation "C:\Program Files\Bbox\eSKernel.exe" = C:\Program Files\Bbox\eSKernel.exe:*:Disabled:Bbox assistant d'installation -- (Teleperformance France) "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Disabled:KTF MUSIC AoD Server -- (PeeringPortal) "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Disabled:KTF MUSIC VoD Server -- (PeeringPortal) "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live "{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2}" = Client Windows Rights Management avec Service Pack 2 "{1E809775-B933-42E7-9E57-7C7305145C39}" = EPRGlossary-Stub-FRA "{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0150130}" = J2SE Runtime Environment 5.0 Update 13 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA "{408619AB-AF65-49A5-8F5E-8FEE9EE22884}_is1" = Green Moon "{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger "{46C55F83-0760-4728-9731-FE36281F1178}" = Iexplore6-Stub-ALL "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}" = Microsoft .NET Framework 3.5 Language Pack - fra "{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare "{7C869BA1-A1E2-4818-8B12-F22A96DC7EAA}" = Windows Media Player 10 Settings "{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12 "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007 "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{901E0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 German User Interface Pack "{901E040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 French User Interface Pack "{9052040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (Français) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81 "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9ECDF55-332A-4380-9EC0-73140E60A29A}" = Badoo Desktop "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1036-7B44-A81000000003}" = Adobe Reader 8.1.1 - Français "{AEE5C68B-F6EB-4528-A39E-8F659B96B142}" = IZArc-Stub-FRA "{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2CDE75C-CA51-4335-9C13-84C00E6093A5}" = Windows Media Player Enterprise Deployment "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{E1BFEFFA-D382-4FAA-BA3A-3859B4DB28A8}" = Anti-Virus Client Security "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "ATI Display Driver" = ATI Display Driver "avast5" = avast! Free Antivirus "BboxUpdate" = "BFGC" = Big Fish Games: Game Manager "BitTorrent" = BitTorrent "BittorrentBar_FR Toolbar" = BittorrentBar_FR Toolbar "Bouygues Telecom - désinstallation Bbox" = "conduitEngine" = Conduit Engine "Euro Truck Simulator" = Euro Truck Simulator 1.3 "Google Chrome" = Google Chrome "InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack - fra" = Module linguistique Microsoft .NET Framework 3.5 - fra "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "PhotoFiltre" = PhotoFiltre "Picasa 3" = Picasa 3 "Pixie_is1" = Pixie 1.4.1 "PROPLUS" = Microsoft Office Professional Plus 2007 "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "VLC media player" = VLC media player 1.0.2 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "WinLiveSuite_Wave3" = Installation Windows Live "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Antimalware Doctor" = Antimalware Doctor "Facebook Plug-In" = Facebook Plug-In "Flux" = F.lux [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 12/02/2011 09:53:29 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12/02/2011 09:53:29 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2303 Error - 12/02/2011 09:53:29 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2303 Error - 12/02/2011 09:53:46 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12/02/2011 09:53:46 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 18887 Error - 12/02/2011 09:53:46 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 18887 Error - 12/02/2011 11:15:23 | Computer Name = MYLÉNE | Source = Application Hang | ID = 1002 Description = Application bloquée BitTorrent.exe, version 7.1.0.22968, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 12/02/2011 11:15:26 | Computer Name = MYLÉNE | Source = Application Hang | ID = 1002 Description = Application bloquée BitTorrent.exe, version 7.1.0.22968, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 12/02/2011 11:15:31 | Computer Name = MYLÉNE | Source = Application Hang | ID = 1002 Description = Application bloquée BitTorrent.exe, version 7.1.0.22968, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 12/02/2011 12:56:34 | Computer Name = MYLÉNE | Source = Application Hang | ID = 1002 Description = Application bloquée cafbine70mps.exe, version 2.4.5600.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. [ OSession Events ] Error - 21/07/2009 09:36:36 | Computer Name = MÉLANNIE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 4143 seconds with 1560 seconds of active time. This session ended with a crash. Error - 01/09/2009 11:27:28 | Computer Name = MÉLANNIE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 12089 seconds with 1680 seconds of active time. This session ended with a crash. [ System Events ] Error - 12/02/2011 12:03:08 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 12/02/2011 12:03:17 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 12/02/2011 12:03:24 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 12/02/2011 12:03:31 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 12/02/2011 12:03:37 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 12/02/2011 12:03:45 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 12/02/2011 12:03:51 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 12/02/2011 12:03:58 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 12/02/2011 12:04:05 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 12/02/2011 13:20:47 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. < End of report > [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BboxUpdate\BTLiveUpdate.exe" = C:\Program Files\BboxUpdate\BTLiveUpdate.exe:*:Disabled:Bbox - Bouygues Telecom - Utilitaire de mise à jour -- (TechCity Solutions France) "D:\data\eSKernel.exe" = D:\data\eSKernel.exe:*:Disabled:Bbox assistant d'installation "C:\Program Files\Bbox\eSKernel.exe" = C:\Program Files\Bbox\eSKernel.exe:*:Disabled:Bbox assistant d'installation -- (Teleperformance France) "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Disabled:KTF MUSIC AoD Server -- (PeeringPortal) "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Disabled:KTF MUSIC VoD Server -- (PeeringPortal) "C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live "{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2}" = Client Windows Rights Management avec Service Pack 2 "{1E809775-B933-42E7-9E57-7C7305145C39}" = EPRGlossary-Stub-FRA "{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0150130}" = J2SE Runtime Environment 5.0 Update 13 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA "{408619AB-AF65-49A5-8F5E-8FEE9EE22884}_is1" = Green Moon "{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger "{46C55F83-0760-4728-9731-FE36281F1178}" = Iexplore6-Stub-ALL "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}" = Microsoft .NET Framework 3.5 Language Pack - fra "{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare "{7C869BA1-A1E2-4818-8B12-F22A96DC7EAA}" = Windows Media Player 10 Settings "{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12 "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007 "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{901E0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 German User Interface Pack "{901E040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 French User Interface Pack "{9052040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (Français) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81 "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9ECDF55-332A-4380-9EC0-73140E60A29A}" = Badoo Desktop "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1036-7B44-A81000000003}" = Adobe Reader 8.1.1 - Français "{AEE5C68B-F6EB-4528-A39E-8F659B96B142}" = IZArc-Stub-FRA "{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2CDE75C-CA51-4335-9C13-84C00E6093A5}" = Windows Media Player Enterprise Deployment "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{E1BFEFFA-D382-4FAA-BA3A-3859B4DB28A8}" = Anti-Virus Client Security "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "ATI Display Driver" = ATI Display Driver "avast5" = avast! Free Antivirus "BboxUpdate" = "BFGC" = Big Fish Games: Game Manager "BitTorrent" = BitTorrent "BittorrentBar_FR Toolbar" = BittorrentBar_FR Toolbar "Bouygues Telecom - désinstallation Bbox" = "conduitEngine" = Conduit Engine "Euro Truck Simulator" = Euro Truck Simulator 1.3 "Google Chrome" = Google Chrome "InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack - fra" = Module linguistique Microsoft .NET Framework 3.5 - fra "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "PhotoFiltre" = PhotoFiltre "Picasa 3" = Picasa 3 "Pixie_is1" = Pixie 1.4.1 "PROPLUS" = Microsoft Office Professional Plus 2007 "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "VLC media player" = VLC media player 1.0.2 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "WinLiveSuite_Wave3" = Installation Windows Live "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Antimalware Doctor" = Antimalware Doctor "Facebook Plug-In" = Facebook Plug-In "Flux" = F.lux [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 12/02/2011 09:53:29 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12/02/2011 09:53:29 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2303 Error - 12/02/2011 09:53:29 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2303 Error - 12/02/2011 09:53:46 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12/02/2011 09:53:46 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 18887 Error - 12/02/2011 09:53:46 | Computer Name = MYLÉNE | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 18887 Error - 12/02/2011 11:15:23 | Computer Name = MYLÉNE | Source = Application Hang | ID = 1002 Description = Application bloquée BitTorrent.exe, version 7.1.0.22968, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 12/02/2011 11:15:26 | Computer Name = MYLÉNE | Source = Application Hang | ID = 1002 Description = Application bloquée BitTorrent.exe, version 7.1.0.22968, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 12/02/2011 11:15:31 | Computer Name = MYLÉNE | Source = Application Hang | ID = 1002 Description = Application bloquée BitTorrent.exe, version 7.1.0.22968, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 12/02/2011 12:56:34 | Computer Name = MYLÉNE | Source = Application Hang | ID = 1002 Description = Application bloquée cafbine70mps.exe, version 2.4.5600.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. [ OSession Events ] Error - 21/07/2009 09:36:36 | Computer Name = MÉLANNIE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 4143 seconds with 1560 seconds of active time. This session ended with a crash. Error - 01/09/2009 11:27:28 | Computer Name = MÉLANNIE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 12089 seconds with 1680 seconds of active time. This session ended with a crash. [ System Events ] Error - 12/02/2011 12:03:08 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 12/02/2011 12:03:17 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 12/02/2011 12:03:24 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 12/02/2011 12:03:31 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 12/02/2011 12:03:37 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 12/02/2011 12:03:45 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 12/02/2011 12:03:51 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 12/02/2011 12:03:58 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 12/02/2011 12:04:05 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. Error - 12/02/2011 13:20:47 | Computer Name = MYLÉNE | Source = Disk | ID = 262151 Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux. < End of report > |
|
Posté le 12/02/2011 à 19:55 |
Petite astucienne
| |
|
Posté le 12/02/2011 à 21:11 |
| Re,
1/ Crée une sauvegarde du registre comme indiqué ici.
2/
- Relance OTL
- Copie-colle ceci dans la fenêtre personnalisation :
Instructions : :OTL PRC - [2011/02/12 15:42:44 | 000,172,956 | ---- | M] () -- C:\WINDOWS\mc76487.exe SRV - File not found [Auto | Stopped] -- -- (SBoxDiskSrv) SRV - [2011/02/12 15:42:44 | 000,172,956 | ---- | M] () [Auto | Running] -- C:\WINDOWS\mc76487.exe -- (MemChecker) IE - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009\..\URLSearchHook: {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.) FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=3&q={searchTerms}" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 [2011/02/05 17:21:15 | 000,000,000 | ---D | M] (BittorrentBar_FR Community Toolbar) -- C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023} [2011/02/05 17:21:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com [2011/02/05 17:21:15 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\searchplugins\conduit.xml File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MéLANNIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LHJ2IDNS.DEFAULT\EXTENSIONS\{EF79F67A-6AD7-4715-A0F8-932FCA442023} File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MéLANNIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LHJ2IDNS.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (BittorrentBar_FR Toolbar) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BittorrentBar_FR Toolbar) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [api32] File not found O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [cafbine70mps.exe] File not found O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [cdoosoft] File not found O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [dso32] File not found O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [EA Core] File not found O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [KiesTrayAgent] File not found O4 - HKU\S-1-5-21-2168241517-2575756971-1293286784-1009..\Run: [Vsuyipidurayapev] C:\WINDOWS\win320.dll (Greatis Software) O33 - MountPoints2\{522d1793-08c0-11de-8749-001279583fd2}\Shell\AutoRun\command - "" = E:\gi2ky.exe O33 - MountPoints2\{522d1793-08c0-11de-8749-001279583fd2}\Shell\open\Command - "" = E:\gi2ky.exe [2011/02/12 15:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Application Data\6C3B6D55D4152BA0ABD609B053335ED8 [2011/02/05 17:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2011/02/05 17:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\Conduit [2011/02/05 17:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\BittorrentBar_FR [2011/02/05 17:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mélannie\Local Settings\Application Data\ConduitEngine [2011/02/05 17:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine [2011/02/05 17:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\BittorrentBar_FR @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A2E219 @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99C301D0 @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295 @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6425A235 @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346 @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC8E37E0 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55C54F7C @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3942462 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D186293 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2907225 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57176330 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECEF728 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17D88661 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:101708D3 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD2BFC89 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FFC2819 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F986CC21 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7920E530 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66AA0486 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55818279 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DB67071 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6444B424 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BF63E4A @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12EA4DC9 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0AB86C0 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95775248 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57CC1FDC @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29C87AB9 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46700142 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2C57161 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9026FFAC @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA99C0C @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A437AC3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{E1BFEFFA-D382-4FAA-BA3A-3859B4DB28A8}"=-
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1
:commands
[EmptyTemp] [EmptyFlash]
- Clique ensuite sur Correction et laisse l'outil travailler.
- Poste le contenu du nouveau rapport (il s'agit d'un fichier "LOG" contenant les dates et heures du pc, sauvegardé dans le dossier %racine%\_OTL\MovedFiles) qui doit s'ouvrir avec le bloc-notes. Comme précédemment, tu peux utiliser les raccourcis clavier (CTRL+A, CTRL+C et CTRL+V)
3/
- Télécharge Ad Remover d'El Desaparecido , C_XX & Chimay8 sur ton Bureau. Autre lien de téléchargement possible.
- Double-clique sur l'outil pour l'exécuter (Sous Vista ou windows 7, il faut faire un clic droit et l'exécuter en tant qu'administrateur),
- Lance la recherche et édite le rapport généré par l'outil dans ta prochaine réponse.
4/
- Télécharge UsbFix de Chiquitine29 sur ton Bureau,
- L'outil peut faire réagir l'antivirus. Dans ce cas, tu ignores les alertes ou tu désactives temporairement ton antivirus.
- Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
- Double-clique sur UsbFix sur ton Bureau (Pour Vista, le programme doit être lancé via un clic droit, et il faut choisir d'exécuter en tant qu'administrateur). Choisis la langue (Français) puis l'option Recherche.
- Poste le rapport UsbFix.txt
- Tu as un tuto ici.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque. (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
5/ Télécharger MBRCheck GtG ou là: Télécharger MBRCheck BleepingComputer et sauvegarder sur le Bureau : Sous Vista->Exécuter en tant que Administrateur - Lancer l'outil par double-clic ; une fenêtre noire apparaîtra.  - Patienter une dizaine de secondes pour permettre à l'outil de compléter l'analyse. - N'exécuter aucune action qui pourrait être proposée ; appuyez alors alors sur la touche N puis Entrée deux fois. Si rien n'est détecté, pressez touche Entrée Si ce message apparait Found non-standard or infected MBR. des options s'afficheront Taper Ypour avoir plus d'options ou N pour quitter.
Cliquer sur N pour quitter.
Joindre le rapport. S'il est trop long, il est possible de l'insérer en utilisant ce lien : Insérer un rapport
Fill |
|
Posté le 12/02/2011 à 21:26 |
Petite astucienne
| re
hou j'en ai pour la nuit mdr allez au travail merci.
|
|
Posté le 12/02/2011 à 22:46 |
Petite astucienne
| re
apres la coorection mon ordi a redemarrer. mais je ne trouve pas de nouveau rapport grrrr
désoler |
|
Posté le 12/02/2011 à 23:01 |
Petite astucienne
| rapport de ad remover
======= REPORT FROM AD-REMOVER 2.0.0.2,E | ONLY XP/VISTA/7 =======
Updated by TeamXscript on 08/02/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 23:00:00 on 12/02/2011, Normal boot
Microsoft Windows XP Professionnel Service Pack 2 (X86) Mélannie@MYLÉNE ( ) ============== SEARCH ==============
Folder found: C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default\conduit Folder found: C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default\ConduitEngine Folder found: C:\Documents and Settings\All Users\Application Data\Trymedia
-- File opened: C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default\Prefs.js -- Line found: user_pref("CT2849852.SavedHomepage", "hxxp://search.conduit.com/?ctid=&SearchSource=13"); Line found: user_pref("CT2849852.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284... Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1241893/1237566/FR", "\"0\"... Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/FR", "\"0\"")... Line found: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849852", ... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local... Line found: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63432589928083... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2849852/CT2849852... Line found: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=fr", "\"634... Line found: user_pref("CommunityToolbar.EngineOwner", "CT2849852"); Line found: user_pref("CommunityToolbar.EngineOwnerGuid", "{ef79f67a-6ad7-4715-a0f8-932fca442023}"); Line found: user_pref("CommunityToolbar.EngineOwnerToolbarId", "bittorrentbar_fr"); Line found: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Line found: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2849852"); Line found: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{ef79f67a-6ad7-4715-a0f8-932fca442023}"); Line found: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bittorrentbar_fr"); Line found: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr... Line found: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2849852"); Line found: user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2849852"); Line found: user_pref("CommunityToolbar.alert.alertInfoInterval", 60); Line found: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Feb 12 2011 20:28:54 GMT+0100 (Roman... Line found: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Line found: user_pref("CommunityToolbar.alert.locale", "en"); Line found: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Line found: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Feb 12 2011 20:28:50 GMT+0100 (Romance S... Line found: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234"); Line found: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Line found: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Line found: user_pref("CommunityToolbar.alert.showTrayIcon", false); Line found: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Line found: user_pref("CommunityToolbar.alert.userId", "de4ca0cf-ab5e-4382-a977-cae648b57bd4"); Line found: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Feb 12 2011 20:28:56 GMT+0100 (Rom... Line found: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849852"); Line found: user_pref("ConduitEngine.CTID", "ConduitEngine"); Line found: user_pref("ConduitEngine.FirstServerDate", "02/12/2011 22"); Line found: user_pref("ConduitEngine.FirstTime", true); Line found: user_pref("ConduitEngine.FirstTimeFF3", true); Line found: user_pref("ConduitEngine.FixPageNotFoundErrors", false); Line found: user_pref("ConduitEngine.HasUserGlobalKeys", true); Line found: user_pref("ConduitEngine.Initialize", true); Line found: user_pref("ConduitEngine.InitializeCommonPrefs", true); Line found: user_pref("ConduitEngine.InstallationType", "UnknownIntegration"); Line found: user_pref("ConduitEngine.InstalledDate", "Sat Feb 12 2011 20:28:52 GMT+0100 (Romance Standard Time)"... Line found: user_pref("ConduitEngine.IsMulticommunity", false); Line found: user_pref("ConduitEngine.IsOpenThankYouPage", false); Line found: user_pref("ConduitEngine.IsOpenUninstallPage", false); Line found: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Feb 12 2011 20:28:52 GMT+0100 (Romance Sta... Line found: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Feb 12 2011 20:28:53 GMT+0100 (Romance Standard Ti... Line found: user_pref("ConduitEngine.PublisherContainerWidth", 0); Line found: user_pref("ConduitEngine.SavedHomepage", "hxxp://www.google.fr/firefox"); Line found: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Line found: user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C... Line found: user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Feb 12 2011 20:28:51 GMT+0100 (Romance Standar... Line found: user_pref("ConduitEngine.UserID", "UN37945552052081391"); Line found: user_pref("ConduitEngine.engineLocale", "fr"); Line found: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Feb 12 2011 20:28:52 GMT+0100 (Roman... Line found: user_pref("ConduitEngine.initDone", true); Line found: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2849852&SearchSource=13"); -- File closed --
Key found: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb} Key found: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff} Key found: HKLM\Software\Classes\Conduit.Engine Key found: HKLM\Software\Classes\Toolbar.CT2849852 Key found: HKLM\Software\Conduit Key found: HKLM\Software\Trymedia Systems Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
============== ADDITIONNAL SCAN ==============
**** Mozilla Firefox Version [3.6.13 (fr)] ****
Plugins\np32dsw.dll (Adobe Systems, Inc.) HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x) Searchplugins\MediaDICO-fr.xml (hxxp://www.dictionnaire-mediadico.com/dictionnaires.asp) Extensions\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} (Java Console)
-- C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default -- Extensions\apptabs@frankyan.com (App Tabs) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Mélannie\\My Documents\\Téléchargements Prefs.js - browser.search.defaulturl, Prefs.js - browser.search.selectedEngine, BittorrentBar_FR Customized Web Search Prefs.js - browser.startup.homepage, hxxp://search.conduit.com/?ctid=CT2849852&SearchSource=13 Prefs.js - browser.startup.homepage_override.mstone, ignore
========================================
**** Internet Explorer Version [6.0.2900.2180] ****
HKCU_Main|Default_Search_URL - hxxp://www.google.com/ie HKCU_Main|First Home Page - hxxp://www.bouyguestelecom.fr HKCU_Main|Search bar - hxxp://www.google.com/ie HKCU_Main|Search Page - hxxp://www.google.com HKCU_Main|Start Page - hxxp://search.conduit.com/?SearchSource=10&ctid=CT2849852 HKLM_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://www.tinit.org/ HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "BittorrentBar_FR Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 1 File(s)
C:\Ad-Report-SCAN[1].txt - 12/02/2011 (8059 Byte(s))
End at: 23:01:05, 12/02/2011 ============== E.O.F ============== |
|
Posté le 12/02/2011 à 23:08 |
Petite astucienne
| rapport usb fix
############################## | UsbFix 7.039 | [Research]
User: Mélannie (Administrator) # MYLÉNE [ ] Updated 09/02/2011 by El Desaparecido / C_XX Started at 23:07:08 | 12/02/2011 Website: http://www.teamxscript.org Contact: eldesaparecido@teamxscript.org
CPU: Intel(R) Pentium(R) M processor 1.60GHz Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2 Internet Explorer 6.0.2900.2180
Windows Firewall: Enabled Antivirus: avast! Antivirus 5.0.83952505 [(!) Disabled | Updated] RAM -> 1023 Mb C:\ (%systemdrive%) -> Fixed drive # 37 Gb (12 Mb free - 32%) [] # NTFS D:\ -> CD-ROM E:\ -> Removable drive # 971 Mb (665 Mb free - 68%) [CLEF MYLENE] # FAT
################## | Files # Infected Folders |
Found ! C:\DOCUME~1\MLANNI~1\LOCALS~1\Temp\VWL134.tmp
################## | Registry |
Found ! HKLM\Software\Classes\CLSID\MADOWN
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{0b747c00-857d-11de-8783-001279583fd2} Shell\AutoRun\Command = E:\EmDesk.exe Shell\EmDesk\Command = E:\EmDesk.exe
################## | Vaccin |
(!) This computer is not vaccinated!
################## | E.O.F | |
|
Posté le 12/02/2011 à 23:12 |
Petite astucienne
| rapport MBRcheck
MBRCheck, version 1.2.3 (c) 2010, AD
Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 2 (build 2600) Logical Drives Mask: 0x0000001c
Kernel Drivers (total 133): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806EC000 \WINDOWS\system32\hal.dll 0xF7D2E000 \WINDOWS\system32\KDCOM.DLL 0xF7C3E000 \WINDOWS\system32\BOOTVID.dll 0xF77DF000 ACPI.sys 0xF7D30000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF77CE000 pci.sys 0xF782E000 isapnp.sys 0xF7C42000 compbatt.sys 0xF7C46000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xF7DF6000 pciide.sys 0xF7AAE000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7D32000 intelide.sys 0xF77B0000 pcmcia.sys 0xF783E000 MountMgr.sys 0xF7791000 ftdisk.sys 0xF7D34000 dmload.sys 0xF776B000 dmio.sys 0xF7AB6000 PartMgr.sys 0xF7C4A000 ACPIEC.sys 0xF7DF7000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xF784E000 VolSnap.sys 0xF7753000 atapi.sys 0xF785E000 disk.sys 0xF786E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF7734000 fltMgr.sys 0xF7722000 sr.sys 0xF787E000 PxHelp20.sys 0xF770B000 KSecDD.sys 0xF76F8000 WudfPf.sys 0xF766B000 Ntfs.sys 0xF763E000 NDIS.sys 0xF7623000 Mup.sys 0xF788E000 agp440.sys 0xF79BE000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF7543000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xF752F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF7B76000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF750C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF7B7E000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF79CE000 \SystemRoot\system32\DRIVERS\cxbp0wdm.sys 0xF7CE6000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS 0xF74DF000 \SystemRoot\system32\drivers\o2mmb.sys 0xF74BE000 \SystemRoot\system32\DRIVERS\b57xp32.sys 0xF79DE000 \SystemRoot\system32\DRIVERS\serial.sys 0xF7CFA000 \SystemRoot\system32\DRIVERS\serenum.sys 0xF7B86000 \SystemRoot\system32\DRIVERS\fdc.sys 0xF74AA000 \SystemRoot\system32\DRIVERS\parport.sys 0xF79EE000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF7B8E000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF7B96000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF79FE000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF7A0E000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF7A1E000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF7487000 \SystemRoot\system32\DRIVERS\ks.sys 0xF73F6000 \SystemRoot\system32\drivers\smwdm.sys 0xF73D4000 \SystemRoot\system32\drivers\portcls.sys 0xF7A2E000 \SystemRoot\system32\drivers\drmk.sys 0xF73BC000 \SystemRoot\system32\drivers\aeaudio.sys 0xF729E000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0xF7B9E000 \SystemRoot\System32\Drivers\Modem.SYS 0xF7D0A000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xF7D0E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0xF7E41000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF7BA6000 \SystemRoot\system32\DRIVERS\rasirda.sys 0xF7BAE000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF7A3E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF7D16000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF725F000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF7A4E000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF7A5E000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF724E000 \SystemRoot\system32\DRIVERS\psched.sys 0xF7A6E000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF7BB6000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF7BBE000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF712D000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF7A7E000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7D50000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF70D1000 \SystemRoot\system32\DRIVERS\update.sys 0xF75FF000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF7A9E000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF78DE000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7D52000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF7D54000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xF7D56000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7EAE000 \SystemRoot\System32\Drivers\Null.SYS 0xF7D58000 \SystemRoot\System32\Drivers\Beep.SYS 0xF7BD6000 \SystemRoot\System32\drivers\vga.sys 0xF7D5A000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7D5C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7BDE000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF7BE6000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF7CD6000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xAAFCD000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xAAF75000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xF78FE000 \SystemRoot\System32\Drivers\aswTdi.SYS 0xAAF4D000 \SystemRoot\system32\DRIVERS\netbt.sys 0xF7BEE000 \SystemRoot\System32\Drivers\aswRdr.SYS 0xAAF2B000 \SystemRoot\System32\drivers\afd.sys 0xF790E000 \SystemRoot\system32\DRIVERS\netbios.sys 0xAAF00000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xAAE91000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF791E000 \SystemRoot\System32\Drivers\Fips.SYS 0xAADD0000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF792E000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xAAD61000 \SystemRoot\System32\Drivers\aswSP.SYS 0xF7C06000 \SystemRoot\System32\Drivers\Aavmker4.SYS 0xF795E000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xAAD49000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7D6C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xF7105000 \SystemRoot\System32\drivers\Dxapi.sys 0xF7C0E000 \SystemRoot\System32\watchdog.sys 0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys 0xF7E64000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF9D5000 \SystemRoot\System32\ati2dvag.dll 0xBFA23000 \SystemRoot\System32\ati3duag.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xAAD2D000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0xAAADB000 \SystemRoot\system32\DRIVERS\irda.sys 0xAAC11000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xAA9AC000 \SystemRoot\System32\Drivers\aswMon2.SYS 0xAA6EF000 \SystemRoot\system32\drivers\wdmaud.sys 0xAAC81000 \SystemRoot\system32\drivers\sysaudio.sys 0xAA57D000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xAA43B000 \SystemRoot\system32\DRIVERS\srv.sys 0xAA3DB000 \??\C:\WINDOWS\system32\FsUsbExDisk.SYS 0xAA393000 \SystemRoot\System32\drivers\dgderdrv.sys 0xA9F9A000 \SystemRoot\System32\Drivers\HTTP.sys 0xA9CC6000 \SystemRoot\system32\drivers\kmixer.sys 0xF7BF6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xA9CA3000 \SystemRoot\System32\Drivers\Fastfat.SYS 0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 39): 0 System Idle Process 4 SYSTEM 648 C:\WINDOWS\system32\smss.exe 696 csrss.exe 720 C:\WINDOWS\system32\winlogon.exe 764 C:\WINDOWS\system32\services.exe 776 C:\WINDOWS\system32\lsass.exe 936 C:\WINDOWS\system32\svchost.exe 1012 svchost.exe 1108 C:\WINDOWS\system32\svchost.exe 1144 C:\WINDOWS\system32\svchost.exe 1288 svchost.exe 1508 svchost.exe 1516 C:\WINDOWS\explorer.exe 1720 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 188 C:\WINDOWS\system32\spoolsv.exe 256 scardsvr.exe 544 C:\WINDOWS\system32\ati2evxx.exe 556 C:\Program Files\Bonjour\mDNSResponder.exe 592 C:\WINDOWS\system32\dgdersvc.exe 636 C:\WINDOWS\system32\FsUsbExService.Exe 1092 C:\Program Files\Java\jre6\bin\jqs.exe 1200 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 1416 C:\WINDOWS\system32\svchost.exe 184 alg.exe 2092 C:\WINDOWS\AGRSMMSG.exe 2108 C:\Program Files\BboxUpdate\BTLiveUpdate.exe 2116 C:\Program Files\Alwil Software\Avast5\AvastUI.exe 2124 C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2132 C:\WINDOWS\system32\ctfmon.exe 2140 C:\Documents and Settings\Mélannie\Local Settings\Apps\F.lux\flux.exe 2148 C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe 2160 C:\Documents and Settings\All Users\Application Data\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe 2932 C:\WINDOWS\system32\svchost.exe 3796 C:\Program Files\Mozilla Firefox\firefox.exe 328 C:\Program Files\Mozilla Firefox\plugin-container.exe 3884 wmiprvse.exe 1064 C:\WINDOWS\system32\notepad.exe 1300 C:\Documents and Settings\Mélannie\My Documents\Téléchargements\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: TOSHIBAMK4026GAX, Rev: PA103G
Size Device Name MBR Status -------------------------------------------- 37 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done! |
|
|
|
|
|
Posté le 13/02/2011 à 00:15 |
| Re,
1/ Le rapport OTL se trouve dans le dossier C:\_OTL. C'est un fichier texte dont le nom correspond à la date et à l'heure où il a été créé. Il me le faut.
2/
- Double-clique sur Ad Remover pour exécuter l'outil (ou clic droit>Exécuter en tant qu'administrateur sous Vista et windows 7),
- Lance le nettoyage et édite le rapport généré par l'outil dans ta prochaine réponse.
3/
- Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
- Double-clique sur le raccourci UsbFix sur ton Bureau (Pour Vista, le programme doit être lancé via un clic droit, et il faut choisir d'exécuter en tant qu'administrateur). Choisis l'option Suppression.
- Cela va lancer la procédure de nettoyage des lecteurs amovibles branchés.
- Le PC va redémarrer.
- Après redémarrage, poste le rapport UsbFix.txt
- Tu as un tuto ici.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque. (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
4/ Relance malwarebyte's. Supprime les éléments trouvés et édite le rapport.
Fill Modifié par Fill le 13/02/2011 00:15 |
|
Posté le 13/02/2011 à 00:35 |
Petite astucienne
| otl
All processes killed Error: Unable to interpret < Instructions :> in the current context! ========== OTL ========== No active process named mc76487.exe was found! Service SBoxDiskSrv stopped successfully! Service SBoxDiskSrv deleted successfully! Service MemChecker stopped successfully! Service MemChecker deleted successfully! C:\WINDOWS\mc76487.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ef79f67a-6ad7-4715-a0f8-932fca442023} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found. File C:\Program Files\BittorrentBar_FR\tbBitt.dll not found. Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\searchplugin folder moved successfully. C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\META-INF folder moved successfully. C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\lib folder moved successfully. C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\defaults folder moved successfully. C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\components folder moved successfully. C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\chrome folder moved successfully. C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023} folder moved successfully. C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com\searchplugin folder moved successfully. C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com\META-INF folder moved successfully. C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com\lib folder moved successfully. C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com\DualPackage folder moved successfully. C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com\defaults folder moved successfully. C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com\components folder moved successfully. C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com\chrome folder moved successfully. C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\extensions\engine@conduit.com folder moved successfully. C:\Documents and Settings\Mélannie\Application Data\Mozilla\Firefox\Profiles\lhj2idns.default\searchplugins\conduit.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files\ConduitEngine\ConduitEngine.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found. File C:\Program Files\BittorrentBar_FR\tbBitt.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files\ConduitEngine\ConduitEngine.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ef79f67a-6ad7-4715-a0f8-932fca442023} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found. File C:\Program Files\BittorrentBar_FR\tbBitt.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully. Registry value HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Windows\CurrentVersion\Run\\api32 deleted successfully. Registry value HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Windows\CurrentVersion\Run\\cafbine70mps.exe deleted successfully. Registry value HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft deleted successfully. Registry value HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Windows\CurrentVersion\Run\\dso32 deleted successfully. Registry value HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully. Registry value HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Windows\CurrentVersion\Run\\KiesTrayAgent deleted successfully. Registry value HKEY_USERS\S-1-5-21-2168241517-2575756971-1293286784-1009\Software\Microsoft\Windows\CurrentVersion\Run\\Vsuyipidurayapev deleted successfully. C:\WINDOWS\win320.dll moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{522d1793-08c0-11de-8749-001279583fd2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{522d1793-08c0-11de-8749-001279583fd2}\ not found. File E:\gi2ky.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{522d1793-08c0-11de-8749-001279583fd2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{522d1793-08c0-11de-8749-001279583fd2}\ not found. File E:\gi2ky.exe not found. C:\Documents and Settings\Mélannie\Application Data\6C3B6D55D4152BA0ABD609B053335ED8 folder moved successfully. Folder C:\Program Files\Conduit\ not found. Folder C:\Documents and Settings\Mélannie\Local Settings\Application Data\Conduit\ not found. C:\Documents and Settings\Mélannie\Local Settings\Application Data\BittorrentBar_FR folder moved successfully. Folder C:\Documents and Settings\Mélannie\Local Settings\Application Data\ConduitEngine\ not found. Folder C:\Program Files\ConduitEngine\ not found. Folder C:\Program Files\BittorrentBar_FR\ not found. ADS C:\Documents and Settings\All Users\Application Data\TEMP:C0A2E219 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:99C301D0 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:6425A235 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:EA701346 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:FC8E37E0 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:55C54F7C deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:059167AF deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:B3942462 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:3D186293 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:A2907225 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:57176330 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:FECEF728 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:17D88661 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:101708D3 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:FD2BFC89 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:5FFC2819 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:F986CC21 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:7920E530 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:66AA0486 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:55818279 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:9DB67071 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:6444B424 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:3BF63E4A deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:12EA4DC9 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:F0AB86C0 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:95775248 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:57CC1FDC deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:29C87AB9 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:46700142 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:D2C57161 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:9026FFAC deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:8AA99C0C deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:5A437AC3 deleted successfully. File EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] not found. Folder EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]\ not found. File ptyTemp] not found. File ptyFlash] not found. OTL by OldTimer - Version 3.2.20.6 log created on 02122011_222921
Files\Folders moved on Reboot...
Registry entries deleted on Reboot... |
|
Posté le 13/02/2011 à 00:45 |
Petite astucienne
| ======= REPORT FROM AD-REMOVER 2.0.0.2,E | ONLY XP/VISTA/7 =======
Updated by TeamXscript on 08/02/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [2]) -> Launched at 00:44:34 on 13/02/2011, Normal boot
Microsoft Windows XP Professionnel Service Pack 2 (X86) Mélannie@MYLÉNE ( ) ============== SEARCH ==============
Folder found: C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default\conduit Folder found: C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default\ConduitEngine Folder found: C:\Documents and Settings\All Users\Application Data\Trymedia
-- File opened: C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default\Prefs.js -- Line found: user_pref("CT2849852.SavedHomepage", "hxxp://search.conduit.com/?ctid=&SearchSource=13"); Line found: user_pref("CT2849852.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284... Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1241893/1237566/FR", "\"0\"... Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/FR", "\"0\"")... Line found: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849852", ... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo... Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local... Line found: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63432589928083... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63... Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2849852/CT2849852... Line found: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=fr", "\"634... Line found: user_pref("CommunityToolbar.EngineOwner", "CT2849852"); Line found: user_pref("CommunityToolbar.EngineOwnerGuid", "{ef79f67a-6ad7-4715-a0f8-932fca442023}"); Line found: user_pref("CommunityToolbar.EngineOwnerToolbarId", "bittorrentbar_fr"); Line found: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Line found: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2849852"); Line found: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{ef79f67a-6ad7-4715-a0f8-932fca442023}"); Line found: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bittorrentbar_fr"); Line found: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr... Line found: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2849852"); Line found: user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2849852"); Line found: user_pref("CommunityToolbar.alert.alertInfoInterval", 60); Line found: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Feb 12 2011 20:28:54 GMT+0100 (Roman... Line found: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Line found: user_pref("CommunityToolbar.alert.locale", "en"); Line found: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Line found: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Feb 12 2011 20:28:50 GMT+0100 (Romance S... Line found: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234"); Line found: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Line found: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Line found: user_pref("CommunityToolbar.alert.showTrayIcon", false); Line found: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Line found: user_pref("CommunityToolbar.alert.userId", "de4ca0cf-ab5e-4382-a977-cae648b57bd4"); Line found: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Feb 12 2011 20:28:56 GMT+0100 (Rom... Line found: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849852"); Line found: user_pref("ConduitEngine.CTID", "ConduitEngine"); Line found: user_pref("ConduitEngine.FirstServerDate", "02/12/2011 22"); Line found: user_pref("ConduitEngine.FirstTime", true); Line found: user_pref("ConduitEngine.FirstTimeFF3", true); Line found: user_pref("ConduitEngine.FixPageNotFoundErrors", false); Line found: user_pref("ConduitEngine.HasUserGlobalKeys", true); Line found: user_pref("ConduitEngine.Initialize", true); Line found: user_pref("ConduitEngine.InitializeCommonPrefs", true); Line found: user_pref("ConduitEngine.InstallationType", "UnknownIntegration"); Line found: user_pref("ConduitEngine.InstalledDate", "Sat Feb 12 2011 20:28:52 GMT+0100 (Romance Standard Time)"... Line found: user_pref("ConduitEngine.IsMulticommunity", false); Line found: user_pref("ConduitEngine.IsOpenThankYouPage", false); Line found: user_pref("ConduitEngine.IsOpenUninstallPage", false); Line found: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Feb 12 2011 20:28:52 GMT+0100 (Romance Sta... Line found: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Feb 12 2011 20:28:53 GMT+0100 (Romance Standard Ti... Line found: user_pref("ConduitEngine.PublisherContainerWidth", 0); Line found: user_pref("ConduitEngine.SavedHomepage", "hxxp://www.google.fr/firefox"); Line found: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Line found: user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C... Line found: user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Feb 12 2011 20:28:51 GMT+0100 (Romance Standar... Line found: user_pref("ConduitEngine.UserID", "UN37945552052081391"); Line found: user_pref("ConduitEngine.engineLocale", "fr"); Line found: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Feb 12 2011 20:28:52 GMT+0100 (Roman... Line found: user_pref("ConduitEngine.initDone", true); Line found: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2849852&SearchSource=13"); -- File closed --
Key found: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb} Key found: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff} Key found: HKLM\Software\Classes\Conduit.Engine Key found: HKLM\Software\Classes\Toolbar.CT2849852 Key found: HKLM\Software\Conduit Key found: HKLM\Software\Trymedia Systems Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
============== ADDITIONNAL SCAN ==============
**** Mozilla Firefox Version [3.6.13 (fr)] ****
Plugins\np32dsw.dll (Adobe Systems, Inc.) HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x) Searchplugins\MediaDICO-fr.xml (hxxp://www.dictionnaire-mediadico.com/dictionnaires.asp) Extensions\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} (Java Console)
-- C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default -- Extensions\apptabs@frankyan.com (App Tabs) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Mélannie\\My Documents\\Téléchargements Prefs.js - browser.search.defaulturl, Prefs.js - browser.search.selectedEngine, BittorrentBar_FR Customized Web Search Prefs.js - browser.startup.homepage, hxxp://search.conduit.com/?ctid=CT2849852&SearchSource=13 Prefs.js - browser.startup.homepage_override.mstone, ignore
========================================
**** Internet Explorer Version [6.0.2900.2180] ****
HKCU_Main|Default_Search_URL - hxxp://www.google.com/ie HKCU_Main|First Home Page - hxxp://www.bouyguestelecom.fr HKCU_Main|Search bar - hxxp://www.google.com/ie HKCU_Main|Search Page - hxxp://www.google.com HKCU_Main|Start Page - hxxp://search.conduit.com/?SearchSource=10&ctid=CT2849852 HKLM_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://www.tinit.org/ HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "BittorrentBar_FR Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 2 File(s)
C:\Ad-Report-SCAN[1].txt - 12/02/2011 (9134 Byte(s)) C:\Ad-Report-SCAN[2].txt - 13/02/2011 (7958 Byte(s))
End at: 00:45:20, 13/02/2011 ============== E.O.F ============== |
|
Posté le 13/02/2011 à 00:52 |
Petite astucienne
| ############################## | UsbFix 7.039 | [Deletion]
User: Mélannie (Administrator) # MYLÉNE [ ] Updated 09/02/2011 by El Desaparecido / C_XX Started at 00:50:13 | 13/02/2011 Website: http://www.teamxscript.org Contact: eldesaparecido@teamxscript.org
CPU: Intel(R) Pentium(R) M processor 1.60GHz Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2 Internet Explorer 6.0.2900.2180
Windows Firewall: Enabled Antivirus: avast! Antivirus 5.0.83952505 [Enabled | Updated] RAM -> 1023 Mb C:\ (%systemdrive%) -> Fixed drive # 37 Gb (12 Mb free - 32%) [] # NTFS D:\ -> CD-ROM E:\ -> Removable drive # 971 Mb (665 Mb free - 68%) [CLEF MYLENE] # FAT
################## | Files # Infected Folders |
Deleted ! C:\DOCUME~1\MLANNI~1\LOCALS~1\Temp\VWL134.tmp Deleted ! C:\Recycler\S-1-5-21-2168241517-2575756971-1293286784-1009 Deleted ! C:\Recycler\S-1-5-21-2168241517-2575756971-1293286784-500 Deleted ! C:\Recycler\S-1-5-21-842925246-789336058-1343024091-500
################## | Registry |
Deleted ! HKLM\Software\Classes\CLSID\MADOWN
################## | Mountpoints2 |
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{0b747c00-857d-11de-8783-001279583fd2}
################## | Listing |
[18/01/2011 - 23:11:45 | D ] C:\814ea64b52a9771d0513 [12/02/2011 - 23:01:05 | N | 9134] C:\Ad-Report-SCAN[1].txt [13/02/2011 - 00:45:20 | N | 9189] C:\Ad-Report-SCAN[2].txt [22/01/2011 - 11:52:43 | N | 2006] C:\aqua_bitmap.cpp [03/06/2008 - 09:12:43 | N | 0] C:\AUTOEXEC.BAT [27/10/2008 - 13:54:35 | N | 211] C:\boot.ini [03/02/2011 - 00:04:35 | D ] C:\Config.Msi [03/06/2008 - 09:12:43 | N | 0] C:\CONFIG.SYS [13/02/2009 - 07:46:44 | D ] C:\Documents and Settings [03/06/2008 - 09:12:43 | N | 0] C:\IO.SYS [03/06/2008 - 09:12:43 | N | 0] C:\MSDOS.SYS [21/07/2009 - 12:08:49 | RHD ] C:\MSOCache [31/12/2002 - 13:00:00 | N | 47564] C:\NTDETECT.COM [31/12/2002 - 13:00:00 | N | 250032] C:\ntldr [29/02/2004 - 16:44:34 | N | 52576] C:\orange.bmp [13/02/2011 - 00:09:05 | ASH | 805306368] C:\pagefile.sys [12/02/2011 - 22:59:57 | D ] C:\Program Files [15/06/2009 - 19:46:23 | D ] C:\ProgramData [13/02/2011 - 00:50:59 | SHD ] C:\RECYCLER [27/10/2008 - 13:56:31 | SHD ] C:\System Volume Information [13/02/2011 - 00:50:59 | D ] C:\UsbFix [13/02/2011 - 00:51:05 | A | 1088] C:\UsbFix.txt [12/02/2011 - 22:29:27 | D ] C:\WINDOWS [12/02/2011 - 22:29:21 | D ] C:\_OTL [05/03/2009 - 17:24:04 | D ] E:\CACF DIRECT
################## | Vaccin |
C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX) E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_MYLÉNE.zip http://www.teamxscript.org/Upload.php Thank you for your contribution.
################## | E.O.F | |
|
Posté le 13/02/2011 à 01:53 |
Petite astucienne
| re
voila je crois que tu as tous.
Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org
Version de la base de données: 5748
Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180
13/02/2011 01:50:14 mbam-log-2011-02-13 (01-50-14).txt
Type d'examen: Examen complet (C:\|) Elément(s) analysé(s): 215671 Temps écoulé: 43 minute(s), 41 seconde(s)
Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3
Processus mémoire infecté(s): (Aucun élément nuisible détecté)
Module(s) mémoire infecté(s): (Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté)
Dossier(s) infecté(s): (Aucun élément nuisible détecté)
Fichier(s) infecté(s): c:\documents and settings\Mélannie\local settings\Temp\rxscwaemno.tmp (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully. c:\system volume information\_restore{3166be0b-499b-4573-974c-2ffdad6f29e0}\rp221\a0058344.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\02122011_222921\c_windows\win320.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
|
|
Posté le 13/02/2011 à 09:36 |
| Bonjour,
1/ Adremover a été mal utilisé. Il faut le relance et choisir "Suppression". Edite le rapport.
2/
- Télécharge TFC par Old_Timer sur ton Bureau,
- Fais un double clic sur TFC.exe pour le lancer. (Note: Si tu es sous Vista, fais un clic droit sur le fichier et choisis Exécuter en tant qu'Administrateur).
- L'outil va fermer tous les programmes lors de son exécution, donc vérifie que tu as sauvegardé tout ton travail en cours avant de commencer.
- Clique sur le bouton Start pour lancer le processus. Selon la fréquence à laquelle tu supprimes tes fichiers temporaires, cela peut durer de quelques secondes à une minute ou deux. Laisse le programme s'exécuter sans l'interrompre.
- Lorsqu'il a terminé, l'outil devrait faire redémarrer votre système. S'il ne le fait pas, fais-le redémarrer manuellement le PC toi-même pour parachever le nettoyage.
3/ Fais une analyse en ligne en suivant ce lien et édite le rapport.
4/ Comment se comporte le pc ?
Fill Modifié par Fill le 13/02/2011 09:37 |
|
Posté le 13/02/2011 à 12:41 |
Petite astucienne
| Bonjour Fill,
hé bien il faut en faire des choses moi qui suis pas tres doué en informatique, ca me prend du temps lol.
ad me demande juste scan,clean,unistal. donc j'ai fait clean voila le rapport
======= REPORT FROM AD-REMOVER 2.0.0.2,E | ONLY XP/VISTA/7 =======
Updated by TeamXscript on 08/02/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 12:20:24 on 13/02/2011, Normal boot
Microsoft Windows XP Professionnel Service Pack 2 (X86) Mélannie@MYLÉNE ( ) ============== ACTION(S) ==============
Folder deleted: C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default\conduit Folder deleted: C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default\ConduitEngine Folder deleted: C:\Documents and Settings\All Users\Application Data\Trymedia
(!) -- Temporary files deleted.
-- File opened: C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default\Prefs.js -- /!\ Unable to open the file, cleaning interrupted /!\ -- File closed --
Key deleted: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb} Key deleted: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff} Key deleted: HKLM\Software\Classes\Conduit.Engine Key deleted: HKLM\Software\Classes\Toolbar.CT2849852 Key deleted: HKLM\Software\Conduit Key deleted: HKLM\Software\Trymedia Systems Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
============== ADDITIONNAL SCAN ==============
**** Mozilla Firefox Version [3.6.13 (fr)] ****
Plugins\np32dsw.dll (Adobe Systems, Inc.) HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x) Searchplugins\MediaDICO-fr.xml (hxxp://www.dictionnaire-mediadico.com/dictionnaires.asp) Extensions\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} (Java Console)
-- C:\Documents and Settings\Mélannie\Application Data\Mozilla\FireFox\Profiles\lhj2idns.default -- Extensions\apptabs@frankyan.com (App Tabs) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Mélannie\\My Documents\\Téléchargements Prefs.js - browser.search.defaulturl, Prefs.js - browser.search.selectedEngine, BittorrentBar_FR Customized Web Search Prefs.js - browser.startup.homepage, hxxp://search.conduit.com/?ctid=CT2849852&SearchSource=13 Prefs.js - browser.startup.homepage_override.mstone, ignore
========================================
**** Internet Explorer Version [6.0.2900.2180] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/
========================================
C:\Program Files\Ad-Remover\Quarantine: 13 File(s) C:\Program Files\Ad-Remover\Backup: 16 File(s)
C:\Ad-Report-CLEAN[1].txt - 13/02/2011 (987 Byte(s)) C:\Ad-Report-SCAN[1].txt - 12/02/2011 (9134 Byte(s)) C:\Ad-Report-SCAN[2].txt - 13/02/2011 (9189 Byte(s))
End at: 12:21:29, 13/02/2011 ============== E.O.F ==============
tfc (pas trouvé le rapport) l'ordi a bien redemaré;
|
|
Posté le 13/02/2011 à 14:20 |
Petite astucienne
| eset txt
C:\_OTL\MovedFiles\02122011_222921\C_Documents and Settings\Mélannie\Application Data\6C3B6D55D4152BA0ABD609B053335ED8\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application nettoyé par suppression - mis en quarantaine C:\_OTL\MovedFiles\02122011_222921\C_Documents and Settings\Mélannie\Application Data\6C3B6D55D4152BA0ABD609B053335ED8\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application nettoyé par suppression - mis en quarantaine
Alors mon pc n'a plus l'icone du virus dans la barre des taches, quand je le rallume il y a un ecran noir qui s'affiche en mettant menace imminent. alors il me dit de taper sur F1 pour l'ingorer ce que j'ai fait. voila
|
|
Posté le 13/02/2011 à 15:28 |
| myléne30 a écrit :
eset txt
C:\_OTL\MovedFiles\02122011_222921\C_Documents and Settings\Mélannie\Application Data\6C3B6D55D4152BA0ABD609B053335ED8\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application nettoyé par suppression - mis en quarantaine C:\_OTL\MovedFiles\02122011_222921\C_Documents and Settings\Mélannie\Application Data\6C3B6D55D4152BA0ABD609B053335ED8\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application nettoyé par suppression - mis en quarantaine
Alors mon pc n'a plus l'icone du virus dans la barre des taches, quand je le rallume il y a un ecran noir qui s'affiche en mettant menace imminent. alors il me dit de taper sur F1 pour l'ingorer ce que j'ai fait. voila
Re,
1/ Peux-tu éditer l'intégralité du rapport Eset qui se trouve là :
C:\Program Files\ESET Online Scanner\log.txt ou C:\Program Files (x86) \ESET Online Scanner\log.txt
2/ Je ne comprends pas la suite : tu parles d'icône de virus ou d'antivirus ?
Et je ne comprends pas l'histoire de l'écran noir. Peux-tu être plus explicite et faire éventuellement une capture d'écran ?
Fill
|
|
|
|
|
|