SALUT
SVP aidez moi j'ai UN bleme avec mon pc et je suis nulle en informatique
j'ai un vIrus sur l'ordi (( thayet myo hacking day )) et j4arrive pas a m'en debarasser avec mon anti verus normal "AVG"
je faIs quoi
svp c'eST urgent
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
Webmaster a écrit:3- L'objet (titre et corps) de votre message doit être clair et explicite
1. Faites en sorte que le sujet reflète le contenu de votre message. Evitez les titres du type "Regardez cela..." ou "Urgent !!!".
OTL logfile created on: 01/11/2010 17:47:06 - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\maison\Mes documents\Téléchargements
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
958,00 Mb Total Physical Memory | 442,00 Mb Available Physical Memory | 46,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,39 Gb Total Space | 42,89 Gb Free Space | 62,71% Space Free | Partition Type: NTFS
Drive D: | 84,99 Gb Total Space | 84,22 Gb Free Space | 99,09% Space Free | Partition Type: NTFS
Computer Name: EP-49C1B43AE09B | User Name: maison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - C:\Documents and Settings\maison\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Documents and Settings\maison\Local Settings\Application Data\Google\Chrome\Application\5.0.375.127\Installer\setup.exe (Google Inc.)
PRC - C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgscanx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Windows Searchqu Toolbar\DataMngr\DataMngrUI.exe (iMesh, Inc)
PRC - C:\Documents and Settings\maison\Bureau\demarage de Logiciel\quaran\Quranflash Warsh.exe ()
PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE ()
PRC - C:\Documents and Settings\maison\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ()
PRC - C:\WINDOWS\system32\logoneui.exe ()
PRC - C:\WINDOWS\system32\S3Trayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - C:\Documents and Settings\maison\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - (HidServ) -- C:\windows\System32\hidserv.dll File not found
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (Akamai) -- c:\Program Files\Fichiers communs\Akamai\netsession_win_062a651.dll ()
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - (VcommMgr) -- C:\windows\System32\Drivers\VcommMgr.sys File not found
DRV - (VComm) -- C:\windows\System32\DRIVERS\VComm.sys File not found
DRV - (BTHidMgr) -- C:\windows\System32\Drivers\BTHidMgr.sys File not found
DRV - (BTHidEnum) -- C:\windows\System32\DRIVERS\vbtenum.sys File not found
DRV - (Btcsrusb) -- C:\windows\System32\Drivers\btcusb.sys File not found
DRV - (BT) -- C:\windows\System32\DRIVERS\btnetdrv.sys File not found
DRV - (BlueletSCOAudio) -- C:\windows\System32\DRIVERS\BlueletSCOAudio.sys File not found
DRV - (BlueletAudio) -- C:\windows\System32\DRIVERS\blueletaudio.sys File not found
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (S3GIGP) -- C:\WINDOWS\system32\drivers\S3gIGPm.sys (S3 Graphics Co., Ltd.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (viaagp1) -- C:\windows\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.searchqu.com/sidebar.html?src=ssb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://famous2.topcities.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://famous2.topcities.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: offerboxffx@offerbox.com:2.2.3132.70
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.2.0
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: faceplus@face-plus.com:1.24
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.8.107
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: optout@google.com:1.2
FF - prefs.js..extensions.enabledItems: {2458abc0-f443-11dd-87af-0800200c9a66}:3.6.3.1.03.04.10
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/27 18:40:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\offerboxffx@offerbox.com: C:\Program Files\OfferBox\offerboxffx@offerbox.com [2010/10/19 17:23:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/26 15:23:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 20:44:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 20:44:19 | 000,000,000 | ---D | M]
[2010/09/14 12:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\maison\Application Data\Mozilla\Extensions
[2010/06/17 11:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\maison\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/01 17:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\maison\Application Data\Mozilla\Firefox\Profiles\08sxibst.default\extensions
[2010/09/26 05:36:16 | 000,000,000 | ---D | M] (4shared.com Toolbar) -- C:\Documents and Settings\maison\Application Data\Mozilla\Firefox\Profiles\08sxibst.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}
[2010/10/24 22:38:14 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\maison\Application Data\Mozilla\Firefox\Profiles\08sxibst.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/09/14 12:48:11 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Documents and Settings\maison\Application Data\Mozilla\Firefox\Profiles\08sxibst.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2010/10/31 17:36:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\maison\Application Data\Mozilla\Firefox\Profiles\08sxibst.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/30 16:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\maison\Application Data\Mozilla\Firefox\Profiles\08sxibst.default\extensions\faceplus@face-plus.com
[2010/10/31 20:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\maison\Application Data\Mozilla\Firefox\Profiles\08sxibst.default\extensions\optout@google.com
[2010/10/31 14:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\maison\Application Data\Mozilla\Firefox\Profiles\08sxibst.default\extensions\toolbar@ask.com
[2010/10/31 17:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\maison\Application Data\Mozilla\Firefox\Profiles\08sxibst.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010/10/29 13:50:55 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\maison\Application Data\Mozilla\Firefox\Profiles\08sxibst.default\searchplugins\ask.uk.xml
[2010/11/01 17:32:40 | 000,002,253 | ---- | M] () -- C:\Documents and Settings\maison\Application Data\Mozilla\Firefox\Profiles\08sxibst.default\searchplugins\askcom.xml
[2010/08/19 21:29:56 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\maison\Application Data\Mozilla\Firefox\Profiles\08sxibst.default\searchplugins\conduit.xml
[2010/10/31 17:42:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/10 00:01:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/13 19:18:26 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/10/13 19:18:26 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/10/13 19:18:26 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/10/13 19:18:26 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/10/13 19:18:26 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2001/10/02 19:18:02 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (OfferBox) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files\OfferBox\OfferBoxBHO.dll (Secure Digital Services Limited)
O3 - HKLM\..\Toolbar: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DataMngr] C:\Program Files\Windows Searchqu Toolbar\DataMngr\DataMngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [explorer] C:\WINDOWS\BackUp\explorer.exe ()
O4 - HKLM..\Run: [First Windows Start] C:\WINDOWS\system32\0ussamaWeb.exe (MidoZik)
O4 - HKLM..\Run: [S3Trayp] C:\windows\System32\S3Trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKLM..\Run: [VTTimer] C:\windows\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [Windows Start] C:\WINDOWS\system32\0ussamaWeb.exe (MidoZik)
O4 - HKCU..\Run: [firewall 2008] C:\WINDOWS\system32\logoneui.exe ()
O4 - HKCU..\Run: [fsm] File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\maison\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk = C:\Documents and Settings\maison\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\wi9130~1\datamngr\datamngr.dll) - c:\Program Files\Windows Searchqu Toolbar\DataMngr\datamngr.dll (iMesh, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (logoneui.exe) - C:\windows\System32\logoneui.exe ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\maison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\maison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/14 12:03:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/06/16 17:52:35 | 000,000,103 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/05/02 21:21:37 | 000,000,023 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{3b85a474-9ccb-11df-b25a-001e9090e104}\Shell - "" = Autorun
O33 - MountPoints2\{3b85a474-9ccb-11df-b25a-001e9090e104}\Shell\AutoRun\command - "" = G:\logoneui.exe -- File not found
O33 - MountPoints2\{3b85a474-9ccb-11df-b25a-001e9090e104}\Shell\Open\command - "" = G:\logoneui.exe -- File not found
O33 - MountPoints2\{457571b2-cd4c-11df-b314-001e9090e104}\Shell - "" = Autorun
O33 - MountPoints2\{457571b2-cd4c-11df-b314-001e9090e104}\Shell\AutoRun\command - "" = G:\logoneui.exe -- File not found
O33 - MountPoints2\{457571b2-cd4c-11df-b314-001e9090e104}\Shell\Open\command - "" = G:\logoneui.exe -- File not found
O33 - MountPoints2\{4db014f7-81fc-11df-b1f2-001e9090e104}\Shell\AutoRun\command - "" = G:\metdgv.bat -- File not found
O33 - MountPoints2\{4db014f7-81fc-11df-b1f2-001e9090e104}\Shell\open\Command - "" = G:\metdgv.bat -- File not found
O33 - MountPoints2\{579ba606-df95-11df-b340-aabbcc563412}\Shell - "" = Autorun
O33 - MountPoints2\{579ba606-df95-11df-b340-aabbcc563412}\Shell\AutoRun\command - "" = G:\logoneui.exe -- File not found
O33 - MountPoints2\{579ba606-df95-11df-b340-aabbcc563412}\Shell\Open\command - "" = G:\logoneui.exe -- File not found
O33 - MountPoints2\{d01a7a86-e4ff-11df-b34e-aabbcc563412}\Shell - "" = Autorun
O33 - MountPoints2\{d01a7a86-e4ff-11df-b34e-aabbcc563412}\Shell\AutoRun\command - "" = H:\logoneui.exe -- File not found
O33 - MountPoints2\{d01a7a86-e4ff-11df-b34e-aabbcc563412}\Shell\Open\command - "" = H:\logoneui.exe -- File not found
O33 - MountPoints2\{d63a5d2e-8765-11df-b208-001e9090e104}\Shell\AutoRun\command - "" = G:\logoneui.exe -- File not found
O33 - MountPoints2\{d63a5d2e-8765-11df-b208-001e9090e104}\Shell\Open\command - "" = G:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\windows\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010/11/01 17:37:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2010/11/01 17:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010/11/01 17:25:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/31 20:27:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\maison\Recent
[2010/10/31 19:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\UnH Solutions
[2010/10/31 19:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/10/31 19:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\FairUse Wizard 2
[2010/10/31 19:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maison\Mes documents\RECYCLER
[2010/10/31 18:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2010/10/31 18:56:15 | 000,042,496 | ---- | C] (MidoZik) -- C:\windows\System32\0ussamaWeb.exe
[2010/10/31 18:35:30 | 000,597,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\comctl32.ocx
[2010/10/31 18:35:30 | 000,195,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RICHTX32.OCX
[2010/10/31 18:35:30 | 000,154,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\COMCT232.OCX
[2010/10/31 18:35:25 | 000,000,000 | ---D | C] -- C:\windows\speech
[2010/10/31 18:35:08 | 000,000,000 | ---D | C] -- C:\Sound
[2010/10/31 18:35:08 | 000,000,000 | ---D | C] -- C:\Image
[2010/10/31 18:35:08 | 000,000,000 | ---D | C] -- C:\Data
[2010/10/31 18:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Borland
[2010/10/31 18:35:08 | 000,000,000 | ---D | C] -- C:\Bin
[2010/10/31 18:35:08 | 000,000,000 | ---D | C] -- C:\Avi
[2010/10/31 18:11:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\maison\Bureau\mes logiciels
[2010/10/31 16:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maison\Application Data\TeraCopy
[2010/10/31 16:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2010/10/31 15:56:00 | 000,000,000 | ---D | C] -- C:\windows\Ela-Salaty
[2010/10/31 15:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Ela-Salaty
[2010/10/31 15:17:55 | 005,601,264 | ---- | C] (hedjazi) -- C:\Documents and Settings\maison\Bureau\la revu de la presse.exe
[2010/10/31 15:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2010/10/31 15:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\USB Disk Security
[2010/10/31 14:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maison\Application Data\AskToolbar
[2010/10/30 17:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maison\Local Settings\Application Data\TVU Networks
[2010/10/30 17:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2010/10/30 17:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maison\LocalLow
[2010/10/30 17:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\TVUPlayer
[2010/10/30 11:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/10/29 15:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maison\Local Settings\Application Data\AskToolbar
[2010/10/29 13:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maison\Application Data\Eltima Software
[2010/10/29 13:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maison\Application Data\Media Player Classic
[2010/10/26 15:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maison\Local Settings\Application Data\AVG Security Toolbar
[2010/10/24 22:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\ABC Amber ePub Converter
[2010/10/24 22:29:38 | 000,000,000 | ---D | C] -- C:\windows\Applian FLV Player
[2010/10/24 19:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maison\Application Data\vlc
[2010/10/24 18:58:08 | 000,000,000 | ---D | C] -- C:\Temp
[2010/10/24 18:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\4D
[2010/10/23 14:31:58 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2010/10/23 13:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maison\Local Settings\Application Data\OpenCandy
[2010/10/23 13:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\OpenCandyDemoInstaller
[2010/10/23 13:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maison\Mes documents\Freecorder 4
[2010/10/23 13:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maison\Local Settings\Application Data\FLVService
[2010/10/23 13:49:30 | 000,000,000 | ---D | C] -- C:\windows\Freecorder
[2010/10/22 17:42:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\maison\Bureau\my selection
[2010/10/19 18:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\DCoder Image Source
[2010/10/19 18:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\FFMPEG Core Files
[2010/10/19 18:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\SHOUTcast Source
[2010/10/19 18:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\MONOGRAM AMR SplitterDecoder
[2010/10/19 18:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\CD Audio Reader Filter
[2010/10/19 18:46:28 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource AVI Splitter
[2010/10/19 18:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest MPEG Splitter
[2010/10/19 18:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource DTSAC3DD+ Source Filter
[2010/10/19 18:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\RealMedia
[2010/10/19 18:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\DScaler5
[2010/10/19 18:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2010/10/19 18:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\DirectVobSub
[2010/10/19 18:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2010/10/19 18:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bass Audio Decoder
[2010/10/19 18:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/10/19 18:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maison\Application Data\PriceGong
[2010/10/19 17:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maison\Local Settings\Application Data\freetvradio Air
[2010/10/19 17:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maison\Application Data\freeTVRadio
[2010/10/19 17:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\OfferBox
[2010/10/19 17:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maison\Application Data\OfferBox
[2010/10/19 17:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/10/19 16:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\freeTVRadio
[2010/10/16 14:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2010/10/16 14:57:55 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\LMRTREND.dll
[2010/10/16 14:57:54 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\windows\System32\tm20dec.ax
[2010/10/16 14:57:53 | 000,182,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft3.dll
[2010/10/16 14:57:50 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unam4ie.exe
[2010/10/16 14:57:46 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciqtz.drv
[2010/10/16 14:57:45 | 000,194,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qcut.dll
[2010/10/16 14:57:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\w95inf32.dll
[2010/10/16 14:57:44 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\w95inf16.dll
[2010/10/16 14:54:13 | 000,000,000 | ---D | C] -- C:\Sierra
[2010/10/16 11:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maison\Mes documents\hayat
[2010/10/15 21:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maison\Mes documents\Bluetooth
[2010/10/15 21:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2010/10/15 18:08:54 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NSS
[2010/10/15 18:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/10/15 18:08:54 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NSS\0207030.022
[2010/10/15 18:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/10/13 22:08:55 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ndisip.sys
[2010/10/13 22:08:53 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\streamip.sys
[2010/10/13 22:08:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ipsink.ax
[2010/10/13 22:08:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ipsink.ax
[2010/10/13 22:08:48 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\slip.sys
[2010/10/13 22:08:42 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mstee.sys
[2010/10/13 22:08:37 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wstcodec.sys
[2010/10/13 22:08:33 | 000,085,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\nabtsfec.sys
[2010/10/13 22:08:30 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ccdecode.sys
[2010/10/13 22:08:18 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\kswdmcap.ax
[2010/10/13 22:08:18 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\vidcap.ax
[2010/10/13 22:08:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\kstvtune.ax
[2010/10/13 22:08:14 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\vfwwdm32.dll
[2010/10/13 22:08:12 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ksxbar.ax
[2010/10/13 22:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\IVT Corporation
[2010/10/13 20:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/10/11 21:40:43 | 000,000,000 | -HSD | C] -- C:\windows\BackUp
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2010/11/01 18:01:07 | 000,000,236 | ---- | M] () -- C:\windows\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/01 17:46:38 | 000,000,280 | ---- | M] () -- C:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-606747145-1647877149-839522115-1003.job
[2010/11/01 17:46:37 | 000,000,288 | ---- | M] () -- C:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-1647877149-839522115-1003.job
[2010/11/01 17:34:23 | 000,001,054 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/01 17:00:39 | 000,002,575 | ---- | M] () -- C:\Documents and Settings\maison\Bureau\Microsoft Office Word 2007.lnk
[2010/11/01 16:47:30 | 000,090,241 | ---- | M] () -- C:\info.bat
[2010/11/01 16:47:21 | 000,001,050 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/01 16:47:20 | 000,000,280 | ---- | M] () -- C:\windows\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2010/11/01 16:47:18 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010/11/01 10:44:43 | 067,048,664 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2010/10/31 20:44:00 | 000,001,261 | ---- | M] () -- C:\Documents and Settings\maison\Bureau\Photoshop CS5.lnk
[2010/10/31 20:43:55 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\maison\Bureau\كتاب القرآن الكريم.lnk
[2010/10/31 20:26:21 | 000,010,563 | ---- | M] () -- C:\Documents and Settings\maison\Mes documents\encyclopèdie français.docx
[2010/10/31 20:14:04 | 000,015,089 | ---- | M] () -- C:\Documents and Settings\maison\Mes documents\CAU5HNT1
[2010/10/31 19:14:32 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\maison\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/31 18:58:46 | 000,042,496 | ---- | M] (MidoZik) -- C:\windows\System32\0ussamaWeb.exe
[2010/10/31 18:56:38 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Recuva.lnk
[2010/10/31 18:40:10 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/10/31 16:00:00 | 000,339,440 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/10/31 15:10:33 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\USB Disk Security.lnk
[2010/10/28 20:07:21 | 000,139,017 | ---- | M] () -- C:\Documents and Settings\maison\Mes documents\58187_149205501768768_100000379577620_313274_2714873_n.jpg
[2010/10/27 19:16:55 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010/10/26 19:48:14 | 000,011,982 | ---- | M] () -- C:\Documents and Settings\maison\Mes documents\وسائل إعادة التوازن.docx
[2010/10/26 19:47:30 | 000,000,173 | ---- | M] () -- C:\Documents and Settings\maison\Mes documents\Document.rtf
[2010/10/26 18:52:05 | 000,018,387 | ---- | M] () -- C:\Documents and Settings\maison\Mes documents\Calendrier 2010.docx
[2010/10/26 17:49:14 | 000,000,476 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for maison.job
[2010/10/26 16:29:55 | 000,028,986 | ---- | M] () -- C:\Documents and Settings\maison\Mes documents\مضمون لفظ الفقر.docx
[2010/10/26 13:38:00 | 000,000,288 | ---- | M] () -- C:\windows\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2010/10/22 20:21:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\maison\Mes documents\vlc-1.1.4-win32.exe
[2010/10/19 17:08:35 | 000,528,794 | ---- | M] () -- C:\windows\System32\perfh00C.dat
[2010/10/19 17:08:35 | 000,457,976 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/10/19 17:08:35 | 000,091,980 | ---- | M] () -- C:\windows\System32\perfc00C.dat
[2010/10/19 17:08:35 | 000,075,994 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/10/16 20:00:15 | 000,002,529 | ---- | M] () -- C:\Documents and Settings\maison\Bureau\Microsoft Office Excel 2007.lnk
[2010/10/16 14:57:43 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\w95inf32.dll
[2010/10/16 14:57:43 | 000,002,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\w95inf16.dll
[2010/10/16 14:57:28 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\MOD SWAT3.lnk
[2010/10/16 14:57:28 | 000,000,032 | ---- | M] () -- C:\windows\sierra.ini
[2010/10/16 14:57:27 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\SWAT3.lnk
[2010/10/15 18:08:54 | 000,000,172 | ---- | M] () -- C:\windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010/10/13 20:49:49 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/10/11 21:23:28 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\maison\Application Data\Microsoft\Internet Explorer\Quick Launch\Lecteur Windows Media.lnk
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010/11/01 16:33:19 | 000,316,607 | --S- | C] () -- C:\windows\System32\dllcache\iexplore.exe
[2010/10/31 20:14:03 | 000,015,089 | ---- | C] () -- C:\Documents and Settings\maison\Mes documents\CAU5HNT1
[2010/10/31 18:56:37 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Recuva.lnk
[2010/10/31 18:38:24 | 000,013,030 | ---- | C] () -- C:\PDOXUSRS.NET
[2010/10/31 17:58:55 | 000,010,563 | ---- | C] () -- C:\Documents and Settings\maison\Mes documents\encyclopèdie français.docx
[2010/10/31 15:10:33 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\USB Disk Security.lnk
[2010/10/31 14:14:18 | 000,000,236 | ---- | C] () -- C:\windows\tasks\Scheduled Update for Ask Toolbar.job
[2010/10/30 12:42:04 | 000,000,309 | ---- | C] () -- C:\Documents and Settings\maison\Mes documents\magnify_search.png
[2010/10/28 20:07:19 | 000,139,017 | ---- | C] () -- C:\Documents and Settings\maison\Mes documents\58187_149205501768768_100000379577620_313274_2714873_n.jpg
[2010/10/26 19:48:13 | 000,011,982 | ---- | C] () -- C:\Documents and Settings\maison\Mes documents\وسائل إعادة التوازن.docx
[2010/10/26 19:47:29 | 000,000,173 | ---- | C] () -- C:\Documents and Settings\maison\Mes documents\Document.rtf
[2010/10/26 18:52:04 | 000,018,387 | ---- | C] () -- C:\Documents and Settings\maison\Mes documents\Calendrier 2010.docx
[2010/10/26 16:29:55 | 000,028,986 | ---- | C] () -- C:\Documents and Settings\maison\Mes documents\مضمون لفظ الفقر.docx
[2010/10/24 22:37:14 | 001,692,139 | ---- | C] () -- C:\Documents and Settings\maison\Mes documents\abcepub_setup.exe
[2010/10/22 20:21:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\maison\Mes documents\vlc-1.1.4-win32.exe
[2010/10/19 18:42:36 | 000,497,664 | ---- | C] () -- C:\windows\System32\ac3filter.acm
[2010/10/19 18:39:33 | 000,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010/10/16 14:57:46 | 000,010,240 | ---- | C] () -- C:\windows\System32\vidx16.dll
[2010/10/16 14:57:46 | 000,005,672 | ---- | C] () -- C:\windows\System32\quartz.vxd
[2010/10/16 14:57:28 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\MOD SWAT3.lnk
[2010/10/16 14:57:28 | 000,000,032 | ---- | C] () -- C:\windows\sierra.ini
[2010/10/16 14:57:27 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\SWAT3.lnk
[2010/10/15 18:09:09 | 000,000,476 | -H-- | C] () -- C:\windows\tasks\Norton Security Scan for maison.job
[2010/10/15 18:08:54 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010/10/13 20:49:49 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/10/11 21:40:45 | 000,316,607 | R--- | C] () -- C:\Program Files\explorer.exe
[2010/10/11 21:40:45 | 000,316,607 | R--- | C] () -- C:\explorer.exe
[2010/10/11 21:40:45 | 000,316,607 | R--- | C] () -- C:\Program Files\{17350501621331}.exe
[2010/10/11 21:23:28 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\maison\Application Data\Microsoft\Internet Explorer\Quick Launch\Lecteur Windows Media.lnk
[2010/06/16 17:52:35 | 000,000,103 | RHS- | C] () -- C:\windows\System32\autorun.ini
[2010/06/14 20:59:56 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\maison\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/14 13:56:51 | 000,004,205 | ---- | C] () -- C:\windows\ODBCINST.INI
[2009/02/04 10:50:32 | 000,024,576 | ---- | C] () -- C:\windows\System32\nsis_loader.dll
[2004/08/19 15:09:28 | 000,081,920 | ---- | C] () -- C:\windows\System32\ieencode.dll
[2004/07/17 10:36:38 | 000,027,440 | ---- | C] () -- C:\windows\System32\drivers\secdrv.sys
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2010/01/24 13:12:32 | 000,316,607 | R--- | M] () -- C:\explorer.exe
[2008/11/03 06:16:36 | 000,285,048 | ---- | M] () -- C:\Jojo.exe
[2008/11/03 06:16:36 | 000,285,048 | RHS- | M] () -- C:\logoneui.exe
[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2004/08/19 15:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2004/08/19 15:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/19 15:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\system32\eventlog.dll
[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2004/08/19 15:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/19 15:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\system32\netlogon.dll
[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2004/08/19 15:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/19 15:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\system32\scecli.dll
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E0A12A9
< End of report >
OTL Extras logfile created on: 01/11/2010 17:47:06 - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\maison\Mes documents\Téléchargements
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
958,00 Mb Total Physical Memory | 442,00 Mb Available Physical Memory | 46,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,39 Gb Total Space | 42,89 Gb Free Space | 62,71% Space Free | Partition Type: NTFS
Drive D: | 84,99 Gb Total Space | 84,22 Gb Free Space | 99,09% Space Free | Partition Type: NTFS
Computer Name: EP-49C1B43AE09B | User Name: maison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe ()
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome ()
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 ()
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome ()
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 ()
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" ()
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1048:TCP" = 1048:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- File not found
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{043F86B7-EE12-3399-B2CA-D0B603D87963}" = Microsoft .NET Framework 4 Extended FRA Language Pack
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2C8574B5-6935-4FCE-860E-F4E8602378FF}" = OfferBox
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E414048-A9DD-4F60-AA1D-018E716C88C9}" = Internet Explorer
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.0 - Français
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"4shared.com Toolbar" = 4shared.com Toolbar
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"ALUpdate_is1" = ALTools Update
"AVG9Uninstall" = AVG Free 9.0
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"DCoder Image Source" = DCoder Image Source (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"HaaliMkx" = Haali Media Splitter
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Extended FRA
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MPlayer2" = Windows Media Player 5.2
"MSNINST" = MSN
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NSS" = Norton Security Scan
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"Photoshine_is1" = Photoshine 3.45
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealMedia" = RealMedia (remove only)
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"Searchqu MediaBar" = Windows Searchqu Toolbar
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Software Informer_is1" = Software Informer 1.0 BETA
"ST5UNST #1" = Microsoft Speech SDK 4.0 ActiveX Components
"SWAT3 Elite Edition" = SWAT3 Elite Edition
"TeraCopy_is1" = TeraCopy 2.12
"USB Disk Security_is1" = USB Disk Security
"VIA Chrome9 HC IGP Family Display" = VIA Chrome9 HC IGP Family Display
"VLC media player" = VLC media player 1.1.4
"WIC" = Windows Imaging Component
"WinRAR archiver" = Logiciel d'archivage WinRAR
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Notification de cadeaux MSN" = Notification de cadeaux MSN
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 14/09/2010 13:56:10 | Computer Name = EP-49C1B43AE09B | Source = Application Hang | ID = 1002
Description = Application bloquée IEXPLORE.EXE, version 6.0.2900.2180, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 17/09/2010 15:05:19 | Computer Name = EP-49C1B43AE09B | Source = Application Hang | ID = 1002
Description = Application bloquée wmplayer.exe, version 9.0.0.3250, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 17/09/2010 15:39:03 | Computer Name = EP-49C1B43AE09B | Source = Application Hang | ID = 1002
Description = Application bloquée IEXPLORE.EXE, version 6.0.2900.2180, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 18/09/2010 23:33:49 | Computer Name = EP-49C1B43AE09B | Source = Application Hang | ID = 1002
Description = Application bloquée explorer.exe, version 6.0.2900.2180, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 22/09/2010 16:52:29 | Computer Name = EP-49C1B43AE09B | Source = Application Hang | ID = 1002
Description = Application bloquée Athan.exe, version 3.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.
Error - 25/09/2010 11:21:13 | Computer Name = EP-49C1B43AE09B | Source = Application Hang | ID = 1002
Description = Application bloquée ALShow.exe, version 9.1.20.1, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.
Error - 26/09/2010 16:31:30 | Computer Name = EP-49C1B43AE09B | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 6.0.2900.2180, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x6000e3e9.
Error - 27/09/2010 15:03:24 | Computer Name = EP-49C1B43AE09B | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.2900.2180, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x61f3a360.
Error - 28/09/2010 11:27:27 | Computer Name = EP-49C1B43AE09B | Source = Google Update | ID = 20
Description =
Error - 01/10/2010 11:01:37 | Computer Name = EP-49C1B43AE09B | Source = Application Hang | ID = 1002
Description = Application bloquée IEXPLORE.EXE, version 6.0.2900.2180, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
[ System Events ]
Error - 23/10/2010 06:39:05 | Computer Name = EP-49C1B43AE09B | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse
réseau est 001E9090E104 a été refusé par le serveur DHCP 0.0.0.0 (celui-ci a envoyé
un message DHCPNACK).
Error - 25/10/2010 13:10:00 | Computer Name = EP-49C1B43AE09B | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse
réseau est 001E9090E104 a été refusé par le serveur DHCP 0.0.0.0 (celui-ci a envoyé
un message DHCPNACK).
Error - 26/10/2010 08:07:24 | Computer Name = EP-49C1B43AE09B | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse
réseau est 001E9090E104 a été refusé par le serveur DHCP 0.0.0.0 (celui-ci a envoyé
un message DHCPNACK).
Error - 28/10/2010 13:23:58 | Computer Name = EP-49C1B43AE09B | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse
réseau est 001E9090E104 a été refusé par le serveur DHCP 0.0.0.0 (celui-ci a envoyé
un message DHCPNACK).
Error - 29/10/2010 05:41:03 | Computer Name = EP-49C1B43AE09B | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse
réseau est 001E9090E104 a été refusé par le serveur DHCP 0.0.0.0 (celui-ci a envoyé
un message DHCPNACK).
Error - 29/10/2010 07:03:59 | Computer Name = EP-49C1B43AE09B | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse
réseau est 001E9090E104 a été refusé par le serveur DHCP 0.0.0.0 (celui-ci a envoyé
un message DHCPNACK).
Error - 30/10/2010 06:02:49 | Computer Name = EP-49C1B43AE09B | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse
réseau est 001E9090E104 a été refusé par le serveur DHCP 0.0.0.0 (celui-ci a envoyé
un message DHCPNACK).
Error - 31/10/2010 05:13:28 | Computer Name = EP-49C1B43AE09B | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse
réseau est 001E9090E104 a été refusé par le serveur DHCP 0.0.0.0 (celui-ci a envoyé
un message DHCPNACK).
Error - 01/11/2010 05:37:16 | Computer Name = EP-49C1B43AE09B | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse
réseau est 001E9090E104 a été refusé par le serveur DHCP 0.0.0.0 (celui-ci a envoyé
un message DHCPNACK).
Error - 01/11/2010 11:20:15 | Computer Name = EP-49C1B43AE09B | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse
réseau est 001E9090E104 a été refusé par le serveur DHCP 0.0.0.0 (celui-ci a envoyé
un message DHCPNACK).
< End of report >
" Process.exe ",est une composante de l'outil,et peut être détecté par certains antivirus comme une infection , ne pas en tenir compte : il s'agit d'un faux positif
======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 25/10/10 à 11:40
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 10:17:36 le 02/11/2010, Mode normal
Microsoft Windows XP Professionnel Service Pack 2 (X86)
maison@EP-49C1B43AE09B ( )
============== RECHERCHE ==============
Dossier trouvé: C:\Program Files\Windows Searchqu Toolbar
Fichier trouvé: C:\Documents and Settings\maison\Application Data\Mozilla\FireFox\Profiles\08sxibst.default\prefs.js.ask.bak
Fichier trouvé: C:\Documents and Settings\maison\Application Data\Mozilla\FireFox\Profiles\08sxibst.default\searchplugins\ask.uk.xml
Fichier trouvé: C:\Documents and Settings\maison\Application Data\Mozilla\FireFox\Profiles\08sxibst.default\searchplugins\askcom.xml
Fichier trouvé: C:\Documents and Settings\maison\Application Data\Mozilla\FireFox\Profiles\08sxibst.default\searchplugins\conduit.xml
Dossier trouvé: C:\Program Files\Ask.com
Dossier trouvé: C:\Documents and Settings\maison\Local Settings\Application Data\Conduit
Dossier trouvé: C:\Program Files\Conduit
Dossier trouvé: C:\Documents and Settings\maison\Application Data\freeTVRadio
Dossier trouvé: C:\Program Files\freeTVRadio
Dossier trouvé: C:\Documents and Settings\maison\Application Data\PriceGong
Dossier trouvé: C:\Documents and Settings\maison\Application Data\SearchquTB
Dossier trouvé: C:\Documents and Settings\maison\Application Data\OfferBox
-- Fichier ouvert: C:\Documents and Settings\maison\Application Data\Mozilla\FireFox\Profiles\08sxibst.default\Prefs.js --
Ligne trouvée: user_pref("CT1060933.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Ligne trouvée: user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106...
Ligne trouvée: user_pref("CT2233703.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Ligne trouvée: user_pref("CT2233703.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT223...
Ligne trouvée: user_pref("browser.search.defaultengine", "Ask.com");
Ligne trouvée: user_pref("browser.search.defaultenginename", "Ask.com");
Ligne trouvée: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&Sea...
Ligne trouvée: user_pref("browser.search.order.1", "Ask.com");
Ligne trouvée: user_pref("browser.search.selectedEngine", "Ask.com");
-- Fichier Fermé --
Clé trouvée: HKLM\Software\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Clé trouvée: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Clé trouvée: HKLM\Software\Classes\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}
Clé trouvée: HKLM\Software\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}
Clé trouvée: HKLM\Software\Classes\CLSID\{9461b922-3c5a-11d2-bf8b-00c04fb93661}
Clé trouvée: HKLM\Software\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Clé trouvée: HKLM\Software\Classes\CLSID\{B791A095-A4AC-4312-8894-5B7E8FF5B3CD}
Clé trouvée: HKLM\Software\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Clé trouvée: HKLM\Software\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Clé trouvée: HKLM\Software\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Clé trouvée: HKLM\Software\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Clé trouvée: HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Clé trouvée: HKLM\Software\Classes\TypeLib\{ECA4E801-17AE-4863-9F5C-AF4047AABEE0}
Clé trouvée: HKLM\Software\Classes\BandooCore.BandooCore
Clé trouvée: HKLM\Software\Classes\BandooCore.BandooCore.1
Clé trouvée: HKLM\Software\Classes\BandooCore.ResourcesMngr
Clé trouvée: HKLM\Software\Classes\BandooCore.ResourcesMngr.1
Clé trouvée: HKLM\Software\Classes\BandooCore.SettingsMngr
Clé trouvée: HKLM\Software\Classes\BandooCore.SettingsMngr.1
Clé trouvée: HKLM\Software\Classes\BandooCore.StatisticMngr
Clé trouvée: HKLM\Software\Classes\BandooCore.StatisticMngr.1
Clé trouvée: HKLM\Software\Classes\Toolbar.CT1060933
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2233703
Clé trouvée: HKLM\Software\Classes\AppID\BandooCore.EXE
Clé trouvée: HKLM\Software\bandoo
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\DataMngr
Clé trouvée: HKCU\Software\OfferBox
Clé trouvée: HKCU\Software\freeTVRadio
Clé trouvée: HKCU\Software\Conduit
Clé trouvée: HKCU\Software\DataMngr
Clé trouvée: HKCU\Software\PriceGong
Clé trouvée: HKCU\Software\Zugo
Clé trouvée: HKCU\Software\AppDataLow\HavingFunOnline
Clé trouvée: HKU\.DEFAULT\Software\AskToolbar
Clé trouvée: HKU\S-1-5-18\Software\AskToolbar
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Ask Search Assistant
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu MediaBar
Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DataMngr
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{7FF99715-3016-4381-84CE-E4E4C9673020}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.6.12 (fr)] **
-- C:\Documents and Settings\maison\Application Data\Mozilla\FireFox\Profiles\08sxibst.default\Prefs.js --
browser.download.lastDir, C:\\Documents and Settings\\maison\\Mes documents\\hayat
browser.search.defaultenginename, Ask.com
browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
browser.search.selectedEngine, Ask.com
browser.startup.homepage, google.com
browser.startup.homepage_override.mstone, rv:1.9.2.12
========================================
** Internet Explorer Version [6.0.2900.2180] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Show_ToolBar: yes
Start Page: hxxp://famous2.topcities.com
Start Page Restore: hxxp://famous2.topcities.com
Use Custom Search URL: 1
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com
Default_Search_URL: hxxp://www.google.com/ie
Delete_Temp_Files_On_Exit: yes
Local Page: C:\windows\system32\blank.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)
C:\Ad-Report-SCAN[1].txt - 02/11/2010 (6379 Octet(s))
Fin à: 10:19:46, 02/11/2010
============== E.O.F ==============
############################## | UsbFix 7.034 | [Recherche]
Utilisateur: maison (Administrateur) # EP-49C1B43AE09B [ ]
Mis à jour le 25/10/10 par El Desaparecido / C_XX
Lancé à 10:29:00 | 02/11/2010
Site Web: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org
CPU: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
CPU 2: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Pare-feu Windows: Désactivé /!\
Antivirus: AVG Anti-Virus Free 9.0 [Enabled | Updated]
Firewall: COMODO Firewall 3.9 [Enabled]
RAM -> 958 Mo
C:\ (%systemdrive%) -> Disque fixe # 68 Go (43 Go libre(s) - 63%) [] # NTFS
D:\ -> Disque fixe # 85 Go (84 Go libre(s) - 99%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
################## | Eléments infectieux |
Présent! C:\Program Files\{17350501621331}.exe
Présent! C:\Program Files\explorer.exe
Présent! C:\windows\system32\autorun.ini
Présent! C:\windows\BackUp\autorun.inf
Présent! C:\windows\BackUp\explorer.exe
Présent! C:\logoneui.exe
Présent! C:\Autorun.inf
Présent! D:\Autorun.inf
Présent! C:\explorer.exe
Présent! C:\info.bat
Présent! C:\Jojo.exe
Présent! C:\RECYCLER\explorer.exe
Présent! D:\logoneui.exe
Présent! D:\sys
Présent! C:\Documents and Settings\maison\Bureau\demarage de Logiciel\Photooshop CS5\ASD_Adobe.Photoshop.CS5.x32.Pre-Release.Portable_t.e.k.o\Photoshop.exe
Présent! C:\Documents and Settings\maison\Bureau\demarage de Logiciel\quaran\Quranflash Warsh.exe
Présent! C:\Documents and Settings\maison\Bureau\Imene\Photos\tof de famille\amel photos.exe
Présent! C:\Documents and Settings\maison\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Présent! C:\Documents and Settings\maison\Mes documents\Téléchargements\UsbFix.exe
Présent! C:\Program Files\CCleaner\CCleaner.exe
Présent! C:\Program Files\CDBurnerXP\cdbxpp.exe
Présent! C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
Présent! C:\Program Files\Internet Explorer\IEXPLORE.EXE
Présent! C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
Présent! C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
Présent! C:\WINDOWS\system32\dllcache\iexplore.exe
################## | Registre |
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFolderOptions
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Explorer
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|firewall 2008
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{3b85a474-9ccb-11df-b25a-001e9090e104}
Shell\AutoRun\Command = G:\logoneui.exe
Shell\Open\Command = G:\logoneui.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{457571b2-cd4c-11df-b314-001e9090e104}
Shell\AutoRun\Command = G:\logoneui.exe
Shell\Open\Command = G:\logoneui.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{4db014f7-81fc-11df-b1f2-001e9090e104}
Shell\AutoRun\Command = G:\metdgv.bat
Shell\open\Command = G:\metdgv.bat
HKCU\.\.\.\.\Explorer\MountPoints2\{579ba606-df95-11df-b340-aabbcc563412}
Shell\AutoRun\Command = G:\logoneui.exe
Shell\Open\Command = G:\logoneui.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{d63a5d2e-8765-11df-b208-001e9090e104}
Shell\AutoRun\Command = G:\logoneui.exe
Shell\Open\Command = G:\
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | E.O.F |
############################## | UsbFix 7.034 | [Suppression]
Utilisateur: maison (Administrateur) # EP-49C1B43AE09B [ ]
Mis à jour le 25/10/10 par El Desaparecido / C_XX
Lancé à 13:18:52 | 02/11/2010
Site Web: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org
CPU: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
CPU 2: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Pare-feu Windows: Désactivé /!\
Antivirus: AVG Anti-Virus Free 9.0 [Enabled | Updated]
Firewall: COMODO Firewall 3.9 [Enabled]
RAM -> 958 Mo
C:\ (%systemdrive%) -> Disque fixe # 68 Go (43 Go libre(s) - 63%) [] # NTFS
D:\ -> Disque fixe # 85 Go (84 Go libre(s) - 99%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
################## | Eléments infectieux |
Supprimé! C:\Program Files\{17350501621331}.exe
Supprimé! C:\Program Files\explorer.exe
Supprimé! C:\windows\system32\autorun.ini
Supprimé! C:\DOCUME~1\maison\LOCALS~1\Temp\IXP000.TMP
Supprimé! C:\windows\BackUp\autorun.inf
Supprimé! C:\windows\BackUp\explorer.exe
Supprimé! C:\logoneui.exe
Supprimé! C:\Autorun.inf
Supprimé! D:\Autorun.inf
Supprimé! C:\Recycler\S-1-5-21-606747145-1647877149-839522115-1003
Supprimé! D:\Recycler\S-1-5-21-1482476501-57989841-839522115-1003
Supprimé! D:\Recycler\S-1-5-21-1708537768-1454471165-1417001333-500
Supprimé! D:\Recycler\S-1-5-21-606747145-1645522239-839522115-500
Supprimé! D:\Recycler\S-1-5-21-606747145-1647877149-839522115-1003
Supprimé! D:\Recycler\S-1-5-21-682003330-583907252-2146964071-1003
Supprimé! C:\explorer.exe
Supprimé! C:\info.bat
Supprimé! C:\Jojo.exe
Supprimé! C:\RECYCLER\explorer.exe
Supprimé! D:\logoneui.exe
Supprimé! D:\sys
Supprimé! C:\Documents and Settings\maison\Bureau\demarage de Logiciel\Photooshop CS5\ASD_Adobe.Photoshop.CS5.x32.Pre-Release.Portable_t.e.k.o\Photoshop.exe
Supprimé! C:\Documents and Settings\maison\Bureau\demarage de Logiciel\quaran\Quranflash Warsh.exe
Supprimé! C:\Documents and Settings\maison\Bureau\Imene\Photos\tof de famille\amel photos.exe
Supprimé! C:\Documents and Settings\maison\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Supprimé! C:\Documents and Settings\maison\Mes documents\Téléchargements\UsbFix.exe
Supprimé! C:\Program Files\CDBurnerXP\cdbxpp.exe
Supprimé! C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
Supprimé! C:\Program Files\Internet Explorer\IEXPLORE.EXE
Supprimé! C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
Supprimé! C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
Supprimé! C:\WINDOWS\system32\dllcache\iexplore.exe
################## | Registre |
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFolderOptions
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Explorer
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|firewall 2008
################## | Mountpoints2 |
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{3b85a474-9ccb-11df-b25a-001e9090e104}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{4db014f7-81fc-11df-b1f2-001e9090e104}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{579ba606-df95-11df-b340-aabbcc563412}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{d63a5d2e-8765-11df-b208-001e9090e104}
################## | Listing |
[02/07/2010 - 17:23:47 | D ] C:\$AVG
[02/11/2010 - 13:11:21 | N | 8435] C:\Ad-Report-CLEAN[1].txt
[02/11/2010 - 10:19:46 | N | 8192] C:\Ad-Report-SCAN[1].txt
[14/06/2010 - 12:03:29 | N | 0] C:\AUTOEXEC.BAT
[31/10/2010 - 18:35:08 | D ] C:\Avi
[31/10/2010 - 18:35:08 | D ] C:\Bin
[02/10/2001 - 19:17:20 | N | 4952] C:\Bootfont.bin
[14/06/2010 - 12:03:29 | N | 0] C:\CONFIG.SYS
[31/10/2010 - 18:35:08 | D ] C:\Data
[14/06/2010 - 15:23:32 | D ] C:\Documents and Settings
[01/11/2010 - 16:21:53 | D ] C:\Downloads
[31/10/2010 - 18:35:08 | D ] C:\Image
[14/06/2010 - 12:03:29 | N | 0] C:\IO.SYS
[14/06/2010 - 12:03:29 | N | 0] C:\MSDOS.SYS
[16/06/2010 - 07:10:50 | RHD ] C:\MSOCache
[03/08/2004 - 21:38:34 | N | 47564] C:\NTDETECT.COM
[03/08/2004 - 21:59:44 | N | 251712] C:\ntldr
[02/11/2010 - 13:12:28 | ASH | 1509949440] C:\pagefile.sys
[02/11/2010 - 11:24:30 | N | 13030] C:\PDOXUSRS.NET
[02/11/2010 - 13:20:11 | D ] C:\Program Files
[02/11/2010 - 13:20:16 | SHD ] C:\RECYCLER
[16/10/2010 - 14:54:13 | D ] C:\Sierra
[31/10/2010 - 18:35:08 | D ] C:\Sound
[14/06/2010 - 12:09:52 | SHD ] C:\System Volume Information
[24/10/2010 - 19:33:31 | D ] C:\Temp
[12/09/2010 - 20:19:27 | D ] C:\tempocapt
[02/11/2010 - 13:20:16 | D ] C:\UsbFix
[02/11/2010 - 13:20:21 | A | 3087] C:\UsbFix.txt
[01/11/2010 - 19:44:56 | D ] C:\VritualRoot
[02/11/2010 - 11:34:14 | D ] C:\WINDOWS
[17/03/2010 - 13:33:05 | D ] D:\$AVG
[09/05/2010 - 18:35:50 | D ] D:\0a0e0a3b89d0208d42721c
[25/11/2009 - 16:00:55 | D ] D:\24f35326cc65747821f978c3a5
[26/11/2009 - 16:45:57 | D ] D:\2753cff7c7314299a18f62128d560567
[15/05/2010 - 13:41:46 | D ] D:\314d4a5d495190272e61
[15/05/2010 - 13:40:26 | D ] D:\621bfda0e2ffd82ddb951c
[02/04/2010 - 15:56:12 | D ] D:\89d6836fed9d83699dcf
[01/11/2010 - 10:37:59 | D ] D:\ccf9907b29e0e885eaf06fc37f
[15/05/2010 - 13:41:08 | D ] D:\cea5a7f965e46176a4ee4b249b031e
[01/11/2010 - 10:37:59 | D ] D:\downloads
[01/11/2010 - 10:37:59 | D ] D:\EDUCDATA
[05/06/2010 - 13:38:38 | D ] D:\Malwarebytes' Anti-Malware
[24/10/2009 - 10:08:36 | RHD ] D:\MSOCache
[22/11/2009 - 15:33:57 | D ] D:\Program Files
[02/11/2010 - 13:20:16 | SHD ] D:\RECYCLER
[01/11/2010 - 10:38:00 | D ] D:\SMRTNTKY
[14/06/2010 - 12:10:58 | SHD ] D:\System Volume Information
################## | Vaccin |
C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
################## | Upload |
Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_EP-49C1B43AE09B.zip
http://www.teamxscript.org/Sample/Upload.php
Merci de votre contribution.
################## | E.O.F |
Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 21 invités
.: Nous contacter :: Flux RSS :: Données personnelles :. |