mon pc est infecté et je ne sais pas koi faire:((

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

mon pc est infecté et je ne sais pas koi faire:((

Messagede fatma » 20 Déc 2008, 19:12

salut,
j'ai un probleme dans mon pc et je ne sais pas ce quoi exatement: quand je le demarre, il se ferme brusquement avec affichage d'un ecran tout bleu.
j'ai tous mes etudes et mon travail dans le pc et je ne veux pas le perdre. SVP aidez moi pour resoudre ce probleme sans formatage
voila le rapport de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57:10, on 20-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\FixCamera.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Salaat Time\SalaatTime.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ycomp/ ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.onspeed.com/pac/?id=08410bbf ... 6097b4b4f4
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8580
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {90B86904-52C7-463F-9C72-2CEAB3D1F130} - (no file)
O2 - BHO: (no name) - {F2235248-B468-4DA9-99D0-359F96946DC9} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang FR
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [mmva] C:\WINDOWS\system32\mmvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm022YYTN
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byXNhGXq - byXNhGXq.dll (file missing)
O20 - Winlogon Notify: cbXRLeFw - cbXRLeFw.dll (file missing)
O20 - Winlogon Notify: jkkiGXpn - jkkiGXpn.dll (file missing)
O20 - Winlogon Notify: pmnmjKdb - pmnmjKdb.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MyWebSearch\bar\1.bin\mwssvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 11219 bytes
aider moi a le comprendre car sincerement je n'arrive a comprendre rien et merci d'avance:)
fatma
 
Messages: 20
Inscription: 08 Mar 2008, 18:26

Messagede nickW » 20 Déc 2008, 23:14

Bonsoir,


Dois-je te remercier de ne jamais avoir répondu dans ton précédent sujet?



Recherche ciblée, premiers nettoyages, création de logs détaillés:


Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec)
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser en mode sans échec.




Étape 1: OTListIt2 (de OldTimer), téléchargement
Télécharger OTListIt2.exe depuis http://oldtimer.geekstogo.com/OTListIt2.exe
Enregistrer ce fichier sur le Bureau.


Étape 2: OTMoveIt3 (de OldTimer)
Télécharger OTMoveIt3 via un clic droit sur le lien ci-dessous:
http://oldtimer.geekstogo.com/OTMoveIt3.exe
Enregistrer le fichier sur le Bureau.

Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien
:Processes
explorer.exe

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXNhGXq]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXRLeFw]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkiGXpn]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmjKdb]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mmva"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B86904-52C7-463F-9C72-2CEAB3D1F130}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2235248-B468-4DA9-99D0-359F96946DC9}]

:Files
C:\WINDOWS\system32\mmvo.exe
c:\autorun.inf
c:\c.cmd
C:\WINDOWS\system32\mmvo0.dll
C:\WINDOWS\system32\mmvo1.dll

:Commands
[start explorer]
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom OTMI-1.txt
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: fatma.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 3: Toolbar-S&D (de la Team IDN), téléchargement
Télécharger Toolbar-S&D via un clic droit sur le lien: http://eric.71.mespages.googlepages.com/ToolBarSD.exe
Enregistrer le fichier sur le Bureau.


Étape 4: Désactivation des programmes de sécurité résidents
Désactiver les programmes de protection résidents (Antivirus).
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "AntiVir Guard enable"


Étape 5: Toolbar-S&D (de la Team IDN), option 1: Recherche
Faire un double clic sur ToolBarSD.exe situé sur le Bureau pour lancer l'exécution de l'outil.

Choisir la langue en tapant F puis en appuyant sur Entrée.
Lire l'avertissement, puis cliquer sur OK.

Après l'affichage du menu, taper 1 puis faire Entrée pour rechercher les fichiers responsables de l'infection.
Lorsque la recherche est terminée, une fenêtre du Bloc-notes s'ouvre et affiche le rapport (alias log).

Fermer le Bloc-notes, ce qui termine l'exécution de l'outil.

Note:
Si le Bureau ne réapparaît pas, ouvrir le Gestionnaire des tâches en utilisant simultanément les touches CTRL+ALT+SUPP.
Cliquer en haut sur le Menu Fichier et choisir Nouvelle tâche (Exécuter...).
Dans la nouvelle fenêtre Créer une nouvelle tâche qui s'est ouverte, dans la zone Ouvrir, taper exactement explorer puis cliquer sur le bouton OK. Le Bureau va réapparaître.


Étape 6: OTMoveIt3 (de OldTimer)
Faire un double clic sur OTMoveIt3.exe pour lancer l'outil.
Ouvrir le fichier OTMI-1.txt dans le Bloc-notes.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Sélectionner tout.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Copier.

Retourner dans la fenêtre de OTMoveIt3, faire un clic droit dans la fenêtre située sur la gauche nommée "Paste Instructions for Items to be Moved" Image et choisir Coller.

Cliquer sur le bouton MoveIt!: Image
Attendre la fin du travail de l'outil puis fermer OTMoveIt3.
Note: Un redémarrage est parfois nécessaire. S'il est demandé, cliquer sur Oui/Yes


Étape 7: Réactivation des programmes de sécurité résidents
Réactiver les programmes de protection résidents (Antivirus).


Étape 8: OTListIt2 (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTListIt2.exe pour lancer l'outil.

L'écran principal de OTListIt2 s'affiche:
Image

Si ce n'est déjà fait, dans le paragraphe Extra Registry, cocher le bouton-radio Use SafeList

Cocher (en haut) la case située devant Scan All Users: Image

Puis cliquer sur le bouton Run Scan: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTListIt2.


Étape 9: Résultats
Envoyer en réponse:
*- le rapport de ToolBar S&D (contenu du fichier SystemDrive\TB.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de OTMoveIt3 (contenu du fichier Lecteur\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[Lecteur représente la partition depuis laquelle OTMoveIt3 a été lancé, généralement C:]

Envoyer ensuite en réponse dans deux messages distincts (à cause de la longueur des logs):
*- les deux rapports de OTListIt2 (contenu des fichiers OTListIt.txt et Extras.txt situés sur le Bureau).
Les rapports envoyés sur le forum doivent se terminer par une ligne contenant <End>. Si ce n'est pas le cas, ils sont incomplets, et doivent alors être découpés en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede fatma » 21 Déc 2008, 12:57

salut,
merci pour avoir me répondre c'est très gentil:)), et désolée pour l'autre fois :oops:
je veux commencer par le rapport le rapport de ToolBar S&D:

-----------\\ ToolBar S&D 1.2.7 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2060 @ 1.60GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : Administrateur ( Administrator )
BOOT : Fail-safe with network boot
Antivirus : Avira AntiVir PersonalEdition 7.0.0.2
(Activated)
C:\ (Local Disk) - NTFS - Total:73 Go (Free:6 Go)
D:\ (CD or DVD)
E:\ (USB) - FAT32 - Total:984 Mo (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 19-12-2008|22:30 )
Option : [1] ( 21/12/2008|12:32 )

-----------\\ Recherche de Fichiers / Dossiers ...

[Service] MyWebSearchService
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver
C:\Program Files\FunWebProducts\Shared
C:\Program Files\FunWebProducts\ScreenSaver\Images
C:\Program Files\FunWebProducts\Shared\Cache
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn-new.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch\SrchAstt
C:\Program Files\MyWebSearch\bar\1.bin
C:\Program Files\MyWebSearch\bar\Avatar
C:\Program Files\MyWebSearch\bar\Cache
C:\Program Files\MyWebSearch\bar\Game
C:\Program Files\MyWebSearch\bar\History
C:\Program Files\MyWebSearch\bar\icons
C:\Program Files\MyWebSearch\bar\Message
C:\Program Files\MyWebSearch\bar\Notifier
C:\Program Files\MyWebSearch\bar\Settings
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\000F4F30.bin
C:\Program Files\MyWebSearch\bar\Cache\000F5C11.bin
C:\Program Files\MyWebSearch\bar\Cache\000F63F1.bin
C:\Program Files\MyWebSearch\bar\Cache\000F678A.bin
C:\Program Files\MyWebSearch\bar\Cache\000F862E
C:\Program Files\MyWebSearch\bar\Cache\001CBE27.bin
C:\Program Files\MyWebSearch\bar\Cache\001CC348.bin
C:\Program Files\MyWebSearch\bar\Cache\001CC849.bin
C:\Program Files\MyWebSearch\bar\Cache\001CD086.bin
C:\Program Files\MyWebSearch\bar\Cache\001CD73D.bin
C:\Program Files\MyWebSearch\bar\Cache\00A5BF36
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\WINDOWS\System32\f3PSSavr.scr
C:\Program Files\Internet Explorer\msimg32.dll
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Program Files\MSN Messenger\riched20.dll

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com"
"Search Bar"="http://fr.rd.yahoo.com/customize/ycomp/defaults/sb/*http://fr.yahoo.com/search/ie.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\PAKRstwa.ini
C:\WINDOWS\system32\PAKRstwa.ini2
C:\WINDOWS\system32\SsCbHRqr.ini
C:\WINDOWS\system32\SsCbHRqr.ini2
==> VUNDO <==




1 - "C:\ToolBar SD\TB_1.txt" - 21/12/2008|12:32 - Option : [1]

-----------\\ Fin du rapport a 12:32:57,62

a suivre..... ;)
fatma
 
Messages: 20
Inscription: 08 Mar 2008, 18:26

Messagede fatma » 21 Déc 2008, 13:00

et puis le rapport de OTMoveIt3:
Error: Unable to interpret <rien> in the current context!
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXNhGXq\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXRLeFw\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkiGXpn\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmjKdb\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mmva deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B86904-52C7-463F-9C72-2CEAB3D1F130}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2235248-B468-4DA9-99D0-359F96946DC9}\\ deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\mmvo.exe moved successfully.
c:\autorun.inf moved successfully.
File/Folder c:\c.cmd not found.
File/Folder C:\WINDOWS\system32\mmvo0.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mmvo1.dll
C:\WINDOWS\system32\mmvo1.dll NOT unregistered.
C:\WINDOWS\system32\mmvo1.dll moved successfully.
========== COMMANDS ==========
Explorer started successfully
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_W7OGxU6jezT4S2bBFnlt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\h9yvt1b5.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\h9yvt1b5.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\h9yvt1b5.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\h9yvt1b5.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\h9yvt1b5.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12212008_123550

Files moved on Reboot...
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_W7OGxU6jezT4S2bBFnlt not found!
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\h9yvt1b5.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\h9yvt1b5.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\h9yvt1b5.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\h9yvt1b5.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\h9yvt1b5.default\urlclassifier3.sqlite moved successfully.
a suivre ....;)
fatma
 
Messages: 20
Inscription: 08 Mar 2008, 18:26

Messagede fatma » 21 Déc 2008, 13:04

le rapport de OTListIt2 (OTListIt.txt):
OTListIt logfile created on: 21-12-2008 12:43:03 - Run
OTListIt2 by OldTimer - Version 1.0.1.0 Folder = C:\Documents and Settings\Fatma Hadj Ammar\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001C01 | Country: Tunisie | Language: ART | Date Format: dd-MM-yyyy

894.04 Mb Total Physical Memory | 417.58 Mb Available Physical Memory | 46.71% Memory free
1.80 Gb Paging File | 1.37 Gb Available in Paging File | 75.67% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 6.49 Gb Free Space | 8.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 984.91 Mb Total Space | 33.31 Mb Free Space | 3.38% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAHADJAMMAR
Current User Name: Fatma Hadj Ammar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2005-12-12 00:33:46 | 00,393,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2007-09-11 09:40:32 | 00,214,056 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2005-12-12 00:33:46 | 00,393,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2007-08-28 13:16:22 | 00,063,016 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2005-01-17 15:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
[2004-08-28 00:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
[2008-04-14 03:34:28 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2005-12-11 20:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2006-03-16 12:58:00 | 00,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
[2008-04-14 03:34:20 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2006-08-01 10:57:00 | 01,773,568 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
[2006-05-19 11:13:00 | 00,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
[2005-08-03 15:09:12 | 00,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
[2007-07-11 15:09:48 | 00,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
[2008-06-28 12:28:01 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[2007-08-31 12:25:18 | 00,249,896 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2006-07-07 17:45:00 | 01,052,672 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
[2005-04-11 15:08:00 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
[2008-04-11 06:58:58 | 02,577,840 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
[2005-09-09 10:01:09 | 09,818,112 | ---- | M] (Salaat Time - www.salaattime.com) -- C:\Program Files\Salaat Time\SalaatTime.exe
[2007-01-19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
[2008-11-15 12:11:38 | 02,235,920 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008-04-23 02:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2004-08-28 00:37:00 | 00,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
[2005-08-03 15:08:58 | 00,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
[2007-02-19 15:53:52 | 00,251,576 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008-12-18 18:25:15 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008-12-21 11:59:57 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

[2007-08-28 13:16:22 | 00,063,016 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2007-09-11 09:40:32 | 00,214,056 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2005-12-12 00:33:46 | 00,393,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008-01-21 22:44:15 | 00,069,120 | ---- | M] (BOONTY) -- C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe -- (Boonty Games [Disabled | Stopped])
[2005-01-17 15:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
[2004-08-28 00:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
[2005-04-03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008-12-13 18:35:56 | 00,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService [Auto | Stopped])
[2007-06-29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2007-06-27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2007-08-24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007-01-19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007-05-16 13:48:56 | 00,228,208 | ---- | M] () -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

[2006-03-18 07:36:00 | 01,155,584 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2006-04-01 16:46:28 | 00,471,264 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211 [On_Demand | Running])
[2005-12-12 00:40:44 | 01,414,656 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007-02-27 15:25:10 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2007-09-17 11:25:03 | 00,048,448 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2007-09-07 12:05:19 | 00,062,016 | ---- | M] (AVIRA GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2005-06-10 21:42:00 | 00,005,504 | ---- | M] (Quanta Computer Corp) -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup [On_Demand | Running])
[2008-04-13 19:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])
[2008-04-13 19:46:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys -- (BTHMODEM [On_Demand | Stopped])
[2008-04-13 19:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2008-06-14 18:33:37 | 00,272,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2008-04-13 19:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB [On_Demand | Stopped])
[2008-04-13 17:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006-06-28 17:25:24 | 04,304,384 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])
[2005-06-02 03:33:00 | 00,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf [System | Running])
[2003-01-29 13:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio [Auto | Running])
[2007-12-17 11:11:56 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2001-10-02 19:18:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007-02-23 05:29:52 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2006-01-12 15:21:18 | 00,031,872 | ---- | M] (Quanta Computer, Inc.) -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr [On_Demand | Running])
[2005-05-05 13:27:38 | 00,007,936 | ---- | M] (Quanta Computer, Inc.) -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr [On_Demand | Running])
[2008-04-13 19:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2006-02-27 07:46:20 | 00,081,408 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004-08-03 21:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007-11-13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005-08-10 13:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2005-05-16 14:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005-11-03 15:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
[2008-01-11 13:52:18 | 10,398,208 | ---- | M] (Sonix Co. Ltd.) -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3 [On_Demand | Stopped])
[2007-03-01 10:34:36 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2008-01-23 22:25:30 | 00,027,136 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn [On_Demand | Stopped])
[2008-04-13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (usb_rndis [On_Demand | Stopped])
[2001-10-02 19:19:36 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
HKU\S-1-5-21-1547161642-287218729-839522115-1003\S-1-5-21-1547161642-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKU\S-1-5-21-1547161642-287218729-839522115-1003\S-1-5-21-1547161642-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

O1 HOSTS File: (246783 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 dle-news.ru
O1 - Hosts: 127.0.0.1 www.dle-news.ru
O1 - Hosts: 127.0.0.1 pc-soft.ru
O1 - Hosts: 127.0.0.1 www.pc-soft.ru
O1 - Hosts: 127.0.0.1 forum.pc-soft.ru
O1 - Hosts: 127.0.0.1 www.forum.pc-soft.ru
O1 - Hosts: 127.0.0.1 yandex.ru
O1 - Hosts: 127.0.0.1 www.yandex.ru
O1 - Hosts: 127.0.0.1 ya.ru
O1 - Hosts: 127.0.0.1 www.ya.ru
O1 - Hosts: 127.0.0.1 passport.yandex.ru
O1 - Hosts: 127.0.0.1 www.passport.yandex.ru
O1 - Hosts: 127.0.0.1 mail.yandex.ru
O1 - Hosts: 127.0.0.1 www.mail.yandex.ru
O1 - Hosts: 127.0.0.1 nulled.ws
O1 - Hosts: 127.0.0.1 www.nulled.ws
O1 - Hosts: 127.0.0.1 layer-ads.de
O1 - Hosts: 127.0.0.1 www.google-analytics.com
O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
O1 - Hosts: 127.0.0.1 plati.ru
O1 - Hosts: 127.0.0.1 www.plati.ru
O1 - Hosts: 127.0.0.1 digiseller.ru
O1 - Hosts: 127.0.0.1 www.digiseller.ru
O1 - Hosts: 127.0.0.1 binural.ru
O1 - Hosts: 8569 more lines...
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..\Toolbar: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang FR (TOSHIBA Inc.)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (IObit)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (Tonec Inc.)
O4 - HKCU..\Run: [mmva] C:\WINDOWS\system32\mmvo.exe File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe (Salaat Time - www.salaattime.com)
O4 - HKCU..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 (Adobe Systems Incorporated)
O4 - HKU\.DEFAULT..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (IObit)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (Tonec Inc.)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [mmva] C:\WINDOWS\system32\mmvo.exe File not found
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe (Salaat Time - www.salaattime.com)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1547161642-287218729-839522115-1003..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0



O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0



O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm022YYTN
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe File not found
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: 38 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Sites: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Sites: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1547161642-287218729-839522115-1003\..Trusted Sites: 38 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.exe (Reg Error: Value does not exist or could not be read.)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab (HouseCall Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4 ... s-i586.cab (Reg Error: Value does not exist or could not be read.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - livecall - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-help - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - skype4com - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler: - x-mem1 - C:\WINDOWS\system32\wowctl2.dll (EzTools Software)
O18 - Protocol\Handler: - x-mem3 - C:\WINDOWS\system32\eztoolslib2.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or file not found.

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6584C510-924B-486A-A1A0-E380DE08C2DB}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,C:\WINDOWS\system32\awtsRKAP,
>File not found --

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007-07-27 10:24:53 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf [;pe | [AutoRun] | ;iscK0o1Lsar2AK | open=x6rlc0.exe | ;0kKiowsisqi982dkDps7sfcd14lSjrww4qS0ld24a2Li9330w5kLZA2I1iLSalK2LAa7Lrk32waKSilsd | shell\open\Command=x6rlc0.exe | ;e2a4D8kddw87ewpir7ikdlLL34Jws3wsoDkaw9Dooq54a4sdlJ2p9aDi | shell\open\Default=1 | ;0KK2rAsAsia3k8cso1Dwdw3ioKDKr5w4w2l1913oDAiZa4iJ9AaKldqqe7lJ1022wkkdae3DjlD4Dsik0a5oris2e3i | shell\explore\Command=x6rlc0.exe | ;9aq04aKwL37K56sorksocDK2iAjJ413Z2DlejSekk23AiKai512edkpdilHorwws45024033da34sCqlDj1kk2KkwiaXLawi9slqJ4wSAl2LajAIKLifowZJjw2Die | ]
[2008-12-21 12:35:46 | 00,000,503 | RHS- | M] () -- E:\autorun.inf -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02b51205-ee88-11dc-8192-001636fdb91d}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02b51205-ee88-11dc-8192-001636fdb91d}\Shell\AutoRun\command]
"" = E:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09e8f57e-dfaa-11dc-a8a6-001636fdb91d}\Shell\??\command]
"" = F:\taipingtianguov1.1.exe -- File not found



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10f222db-e3b9-11dc-a8bc-001636fdb91d}\Shell\Auto\command]
"" = sal.xls.exe



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10f222dd-e3b9-11dc-a8bc-001636fdb91d}\Shell\Auto\command]
"" = sal.xls.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{158e74e5-8791-11dc-bc28-001636fdb91d}\Shell]
"" = AutoRun



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{167a16d8-3924-11dd-b691-001636fdb91d}\Shell\AutoRun\command]
"" = F:\6kthp0.cmd -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{167a16d8-3924-11dd-b691-001636fdb91d}\Shell\explore\Command]
"" = F:\6kthp0.cmd -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{167a16d8-3924-11dd-b691-001636fdb91d}\Shell\open\Command]
"" = F:\6kthp0.cmd -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dbe62db-3c2c-11dc-bb84-001636fdb91d}\Shell\AutoRun\command]
"" = E:\x6rlc0.exe -- [2008-12-21 12:17:58 | 00,120,417 | RHS- | M] ()


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dbe62db-3c2c-11dc-bb84-001636fdb91d}\Shell\explore\Command]
"" = E:\x6rlc0.exe -- [2008-12-21 12:17:58 | 00,120,417 | RHS- | M] ()


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dbe62db-3c2c-11dc-bb84-001636fdb91d}\Shell\open\Command]
"" = E:\x6rlc0.exe -- [2008-12-21 12:17:58 | 00,120,417 | RHS- | M] ()


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{319dc0ad-a711-11dd-9631-001636fdb91d}\Shell\AutoRun\command]
"" = E:\9.cmd -- [2008-10-16 08:43:16 | 00,105,198 | RHS- | M] ()


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{319dc0ad-a711-11dd-9631-001636fdb91d}\Shell\explore\Command]
"" = E:\9.cmd -- [2008-10-16 08:43:16 | 00,105,198 | RHS- | M] ()


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{319dc0ad-a711-11dd-9631-001636fdb91d}\Shell\open\Command]
"" = E:\9.cmd -- [2008-10-16 08:43:16 | 00,105,198 | RHS- | M] ()


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{518ecfa6-27d6-11dd-a1c1-001636fdb91d}\Shell\AutoRun\command]
"" = F:\6kthp0.cmd -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{518ecfa6-27d6-11dd-a1c1-001636fdb91d}\Shell\explore\Command]
"" = F:\6kthp0.cmd -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{518ecfa6-27d6-11dd-a1c1-001636fdb91d}\Shell\open\Command]
"" = F:\6kthp0.cmd -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b81757-caae-11dd-81f1-001636fdb91d}\Shell\AutoRun\command]
"" = E:\dee3.cmd -- [2008-12-20 14:54:44 | 00,120,417 | RHS- | M] ()


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b81757-caae-11dd-81f1-001636fdb91d}\Shell\explore\Command]
"" = E:\dee3.cmd -- [2008-12-20 14:54:44 | 00,120,417 | RHS- | M] ()


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b81757-caae-11dd-81f1-001636fdb91d}\Shell\open\Command]
"" = E:\dee3.cmd -- [2008-12-20 14:54:44 | 00,120,417 | RHS- | M] ()


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{883758ce-e21c-11dc-a8b2-001636fdb91d}\Shell\AutoRun\command]
"" = F:\setupSNK.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92e44388-28a9-11dd-a1c3-001636fdb91d}\Shell\AutoRun\command]
"" = wscript.exe .\.vbs


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92e44388-28a9-11dd-a1c3-001636fdb91d}\Shell\open\command]
"" = wscript.exe .\.vbs


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9f45290-105e-11dd-b009-001636fdb91d}\Shell\AutoRun\command]
"" = wscript.exe .\.vbs


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9f45290-105e-11dd-b009-001636fdb91d}\Shell\open\command]
"" = wscript.exe .\.vbs


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca0e6139-a5b0-11dd-962a-001636fdb91d}\Shell\??\command]
"" = E:\taipingtianguov1.1.exe -- File not found



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9490e1a-8525-11dc-bc1e-001636fdb91d}\Shell\Auto\command]
"" = E:\printer.exe -- File not found



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df60991c-a4c3-11dc-bed7-001636fdb91d}\Shell\AutoRun\command]
"" = A.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3b0ccd4-e45e-11dc-a8bf-001636fdb91d}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3b0d0cd-e45e-11dc-a8bf-001636fdb91d}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3b0e6b7-e45e-11dc-a8bf-001636fdb91d}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3b0e6b7-e45e-11dc-a8bf-001636fdb91d}\Shell\Auto\command]
"" = boot.exe


========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
File not found -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Copie de و بعد اني الممضي اسفله فاطمة الحاج عمار من مواليد 25 جويلية 1986 بالنستير صاحبة بطاقة التعريف الوطنية عدد 06879952 متحصلة على شهادة الجامعية للتكنولوجيا في الاتصالات سنة2008 من المعهد العالي ل.doc
** - C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Copie de ? ??? ??? ?????? ????? ????? ????? ???? ?? ?????? 25 ?????? 1986 ???????? ????? ????? ??????? ??????? ??? 06879952 ?????? ??? ????? ???????? ??????????? ?? ????????? ???2008 ?? ?????? ?????? ?.doc
[2008-12-21 12:35:50 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008-12-21 12:31:19 | 00,000,000 | ---D | C] -- C:\ToolBar SD
[2008-12-21 12:16:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2008-12-21 12:12:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\viewtopic_fichiers
[2008-12-21 12:12:46 | 00,068,502 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\viewtopic.htm
[2008-12-21 12:12:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\helpp.php_fichiers
[2008-12-21 12:12:20 | 00,068,502 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\helpp.php.htm
[2008-12-21 12:09:44 | 00,342,717 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\ToolBarSD.exe
[2008-12-21 12:02:23 | 01,033,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\OTMoveIt3.exe
[2008-12-21 12:00:29 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\OTListIt2.exe
[2008-12-20 18:56:41 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\HijackThis.lnk
[2008-12-20 18:56:41 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008-12-20 14:44:08 | 00,109,013 | RHS- | C] () -- C:\dee3.cmd
[2008-12-20 12:31:48 | 00,040,768 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2008-12-20 12:31:48 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2008-12-20 12:31:48 | 00,021,312 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2008-12-20 12:31:45 | 00,062,016 | ---- | C] (AVIRA GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008-12-20 12:31:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008-12-20 12:31:44 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2008-12-17 17:26:30 | 00,120,417 | RHS- | C] () -- C:\x6rlc0.exe
[2008-12-16 18:25:18 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2008-12-16 18:21:51 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008-12-16 18:10:35 | 00,000,146 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\KAV_RC.ini
[2008-12-16 18:10:33 | 00,505,344 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\KAV_Registry_Clean.exe
[2008-12-16 18:10:33 | 00,098,522 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Do_list.dat
[2008-12-15 22:33:01 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\قصيبة المديوني في 15.doc
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\????? ???????? ?? 15.doc
[2008-12-15 14:47:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\TP OG P 4&5 (Raif El Hadj Ammar)textile3 chimie 1
[2008-12-13 18:35:57 | 00,028,672 | ---- | C] (FunWebProducts.com) -- C:\WINDOWS\System32\f3PSSavr.scr
[2008-12-13 18:35:55 | 00,000,000 | ---D | C] -- C:\Program Files\MyWebSearch
[2008-12-13 18:34:01 | 00,000,000 | ---D | C] -- C:\Program Files\FunWebProducts
[2008-12-13 08:26:50 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Nouveau Document Microsoft Office Word 97 - 2003.doc
[2008-12-13 08:15:20 | 00,242,688 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\tp bonnet raif.doc
[2008-12-11 23:53:15 | 20,772,276 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Nouveau_dossier.rar
[2008-12-10 20:57:57 | 00,003,435 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\images.jpg
[2008-12-10 20:28:28 | 00,000,000 | ---D | C] -- C:\meta
[2008-12-09 13:23:53 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\s1604410210_52864_9266.jpg
[2008-12-08 18:15:30 | 00,036,757 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\n1559596126_74743_3275.jpg
[2008-12-08 18:12:25 | 00,037,606 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\n1559596126_74726_3327.jpg
[2008-12-06 22:51:58 | 00,016,061 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\image002.2.jpg
[2008-12-06 22:36:01 | 00,014,416 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\image.jpg
[2008-12-06 22:35:36 | 00,010,177 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\adha.gif
[2008-12-06 22:35:25 | 00,029,355 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\ed10.jpg
[2008-12-06 22:33:12 | 00,114,889 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\sunnaflowersinfo2bl.jpg
[2008-12-06 22:32:05 | 00,089,005 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\aid.jpg
[2008-12-06 19:32:02 | 00,051,167 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\n1346683010_111721_3573.jpg
[2008-12-06 00:36:04 | 00,001,601 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Quake III Arena.lnk
[2008-12-06 00:35:26 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2008-12-06 00:31:38 | 00,000,000 | ---D | C] -- C:\Program Files\Quake III Arena
[2008-12-06 00:31:12 | 00,000,897 | ---- | C] () -- C:\WINDOWS\Qiii.INI
[2008-12-05 22:56:34 | 00,000,878 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\TmNations.lnk
[2008-12-05 22:55:37 | 00,000,000 | ---D | C] -- C:\Program Files\TrackMania Nations ESWC
[2008-12-05 22:50:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\trackmania
[2008-12-05 21:25:46 | 00,000,755 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Counter-Strike 1.6.lnk
[2008-12-05 21:22:13 | 00,000,000 | ---D | C] -- C:\Program Files\Counter-Strike 1.6
[2008-12-05 21:21:34 | 31,417,7167 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\counterstrike_final_digitalzone.exe
[2008-12-05 19:26:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\meddeb mohamed TP5
[2008-12-05 19:26:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\meddeb mohamed TP4
[2008-12-05 19:26:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\meddeb mohamed TP3
[2008-12-04 21:59:41 | 00,000,068 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\listen.pls
[2008-12-03 19:47:38 | 00,172,032 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\1dc299.doc
[2008-12-03 19:46:50 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\1ds399.doc

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
File not found -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Copie de و بعد اني الممضي اسفله فاطمة الحاج عمار من مواليد 25 جويلية 1986 بالنستير صاحبة بطاقة التعريف الوطنية عدد 06879952 متحصلة على شهادة الجامعية للتكنولوجيا في الاتصالات سنة2008 من المعهد العالي ل.doc
** - C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Copie de ? ??? ??? ?????? ????? ????? ????? ???? ?? ?????? 25 ?????? 1986 ???????? ????? ????? ??????? ??????? ??? 06879952 ?????? ??? ????? ???????? ??????????? ?? ????????? ???2008 ?? ?????? ?????? ?.doc
[2008-12-21 12:38:01 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008-12-21 12:37:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008-12-21 12:37:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008-12-21 12:17:56 | 00,120,417 | RHS- | M] () -- C:\x6rlc0.exe
[2008-12-21 12:13:55 | 11,275,132 | -H-- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Local Settings\Application Data\IconCache.db
[2008-12-21 12:12:50 | 00,068,502 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\viewtopic.htm
[2008-12-21 12:12:30 | 00,068,502 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\helpp.php.htm
[2008-12-21 12:09:33 | 00,342,717 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\ToolBarSD.exe
[2008-12-21 12:02:02 | 01,033,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\OTMoveIt3.exe
[2008-12-21 11:59:57 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\OTListIt2.exe
[2008-12-20 22:53:26 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008-12-20 20:46:23 | 00,000,576 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Mes dossiers de partage.lnk
[2008-12-20 18:56:41 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\HijackThis.lnk
[2008-12-20 12:28:24 | 00,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008-12-19 21:23:36 | 00,168,960 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-12-19 17:16:41 | 00,000,430 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2008-12-16 08:12:52 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\قصيبة المديوني في 15.doc
** - C:\Documents and Settings\Fatma Hadj Ammar\Bureau\????? ???????? ?? 15.doc
[2008-12-16 07:24:57 | 00,332,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008-12-15 22:17:43 | 00,090,464 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008-12-15 14:55:27 | 00,000,085 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2008-12-14 20:14:28 | 00,109,013 | RHS- | M] () -- C:\dee3.cmd
[2008-12-13 23:55:44 | 20,772,276 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Nouveau_dossier.rar
[2008-12-13 18:35:55 | 00,028,672 | ---- | M] (FunWebProducts.com) -- C:\WINDOWS\System32\f3PSSavr.scr
[2008-12-13 08:37:32 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008-12-13 08:37:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008-12-13 08:29:12 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Mes documents\Nouveau Document Microsoft Office Word 97 - 2003.doc
[2008-12-13 02:07:04 | 00,242,688 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\tp bonnet raif.doc
[2008-12-12 22:50:21 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008-12-12 18:02:12 | 03,088,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008-12-12 18:02:12 | 03,088,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008-12-10 20:57:58 | 00,003,435 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\images.jpg
[2008-12-10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008-12-09 13:23:54 | 00,004,608 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\s1604410210_52864_9266.jpg
[2008-12-08 18:15:30 | 00,036,757 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\n1559596126_74743_3275.jpg
[2008-12-08 18:12:26 | 00,037,606 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\n1559596126_74726_3327.jpg
[2008-12-07 11:53:08 | 00,208,384 | -HS- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Thumbs.db
[2008-12-06 22:51:58 | 00,016,061 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\image002.2.jpg
[2008-12-06 22:36:07 | 00,014,416 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\image.jpg
[2008-12-06 22:35:37 | 00,010,177 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\adha.gif
[2008-12-06 22:35:26 | 00,029,355 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\ed10.jpg
[2008-12-06 22:33:13 | 00,114,889 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\sunnaflowersinfo2bl.jpg
[2008-12-06 22:32:06 | 00,089,005 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\aid.jpg
[2008-12-06 19:32:03 | 00,051,167 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\n1346683010_111721_3573.jpg
[2008-12-06 00:36:04 | 00,001,601 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Quake III Arena.lnk
[2008-12-06 00:35:26 | 00,000,897 | ---- | M] () -- C:\WINDOWS\Qiii.INI
[2008-12-05 22:56:34 | 00,000,878 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\TmNations.lnk
[2008-12-05 21:25:46 | 00,000,755 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\Counter-Strike 1.6.lnk
[2008-12-04 21:59:41 | 00,000,068 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\listen.pls
[2008-12-03 19:47:42 | 00,172,032 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\1dc299.doc
[2008-12-03 19:46:51 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Fatma Hadj Ammar\Bureau\1ds399.doc
[2008-12-02 20:55:20 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\Bureau\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemRoot%\System32\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable
<End>
a suivre..........;)
fatma
 
Messages: 20
Inscription: 08 Mar 2008, 18:26

Messagede fatma » 21 Déc 2008, 13:06

et enfin le contenu de extras.txt:
OTListIt Extras logfile created on: 21-12-2008 12:43:03 - Run
OTListIt2 by OldTimer - Version 1.0.1.0 Folder = C:\Documents and Settings\Fatma Hadj Ammar\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001C01 | Country: Tunisie | Language: ART | Date Format: dd-MM-yyyy

894.04 Mb Total Physical Memory | 417.58 Mb Available Physical Memory | 46.71% Memory free
1.80 Gb Paging File | 1.37 Gb Available in Paging File | 75.67% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 6.49 Gb Free Space | 8.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 984.91 Mb Total Space | 33.31 Mb Free Space | 3.38% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAHADJAMMAR
Current User Name: Fatma Hadj Ammar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FlockHTML] -- Reg Error: Key does not exist or could not be opened. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007-01-19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007-01-04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008-05-21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2007-08-16 23:07:08 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008-04-14 03:33:58 | 01,044,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
[2008-04-11 06:58:58 | 02,577,840 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe:*:Enabled:Internet Download Manager (IDM)
[2008-12-18 18:25:15 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2008-04-14 03:34:01 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2003-07-11 23:09:58 | 00,485,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Plus! Digital Media Edition\PhotoStory\PhotoStory.exe:*:Enabled:Plus! Photo Story
[2008-04-14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007-01-19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007-01-04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2007-08-17 03:45:12 | 23,120,680 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI/PCIe card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = Panneau de contrôle ATI
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = Assist TOSHIBA
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = Outil de diagnostic PC TOSHIBA
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32A3A4F4-B792-11D6-A78A-00B0D0160000}" = Java(TM) SE Development Kit 6
"{350C97B8-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}" = Macromedia Extension Manager
"{4538A605-868A-43A2-BB49-BCC2515256C1}" = SAGEM F@st 1201
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{5FD788ED-1A37-4496-9BDD-463F493B27FA}" = Macromedia Dreamweaver 8
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = Utilitaire de zoom TOSHIBA
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{5A2F65A4-808F-4A1E-973E-92E17824982D}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{EC50B538-CBE1-42E6-B7FE-87AA540AADFB}" = Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
"{9051040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = Pilote du DVD-RAM
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit lect. CD/DVD
"{A90D10BA-1E82-44E1-87DE-56A22BA151DA}" = Windows Live installer
"{AC76BA86-7AD7-1036-7B44-A71000000002}" = Adobe Reader 7.1.0 - Français
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Premium
"{D0A05EB3-1A5E-45EF-B2AB-E3ABD2B86130}" = Toshiba Hotkey Utility
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera-168
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}" = Windows Live Messenger
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AntiVir PersonalEdition Classic" = Avira AntiVir PersonalEdition Classic
"ATI Display Driver" = ATI Display Driver
"Borland JBuilder 2006 Enterprise" = Borland JBuilder 2006 Enterprise
"Counter-Strike 1.6" = Counter-Strike 1.6
"EasyPHP_is1" = EasyPHP 1.8
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = Outil de diagnostic PC TOSHIBA
"Internet Download Manager" = Internet Download Manager
"Java Web Start" = Java Web Start
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.3.5
"Les pays d'Asie" = Les pays d'Asie
"Les pays d'Europe" = Les pays d'Europe
"Les pays d'Océanie" = Les pays d'Océanie
"LimeWire" = LimeWire PRO 4.14.8
"Messenger Plus! Live" = Messenger Plus! Live & Sponsor (CiD)
"Metacafe" = Metacafe
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MsJavaVM" = Microsoft VM for Java
"MyWebSearch bar Uninstall" = My Web Search (Webfetti)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PCWH" = PCWH
"Power Saver" = Gestion d'énergie TOSHIBA
"Propel Accelerator" = Propel Accelerator
"PROPLUS" = Microsoft Office Professional Plus 2007
"Quake III Arena" = Quake III Arena
"RealPlayer 6.0" = RealPlayer
"Salaat Time 1.01 {F1E7BE12-94E3-4DB1-8FA9-A30AA5B7B0BE}" = Salaat Time 1.01
"SuperCopier2" = SuperCopier2
"TmNations_is1" = TrackMania Nations ESWC 1.7.9
"Vista Anthracite Pack - Lite" = Vista Anthracite Pack - Lite 1.31
"WebPost" = Assistant Publication de sites Web Microsoft 1.53
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service" = Windows XP Service Pack 3
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Menu Look Demo" = Menu Look Demo

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-287218729-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Menu Look Demo" = Menu Look Demo

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05-12-2008 22:41:23 | Computer Name = FAHADJAMMAR | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.2900.5512, module
défaillant mpegsplitter.ax, version 1.0.0.4, adresse de défaillance 0x000249eb.

Error - 05-12-2008 22:41:30 | Computer Name = FAHADJAMMAR | Source = Application Error | ID = 1000
Description = Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant
dbghelp.dll, version 5.1.2600.5512, adresse de défaillance 0x0001295d.

Error - 07-12-2008 12:22:43 | Computer Name = FAHADJAMMAR | Source = Application Error | ID = 1000
Description = Application défaillante metacafe.exe, version 1.3.31.0, module défaillant
sharedmem.bpl, version 1.0.0.1, adresse de défaillance 0x00025ed0.

Error - 10-12-2008 7:30:40 | Computer Name = FAHADJAMMAR | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 80080005 à partir de la ligne 44
de d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 13-12-2008 14:09:38 | Computer Name = FAHADJAMMAR | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.2900.5512, module
défaillant mpegsplitter.ax, version 1.0.0.4, adresse de défaillance 0x000249eb.

Error - 16-12-2008 7:13:43 | Computer Name = FAHADJAMMAR | Source = Ci | ID = 4124
Description = L'index de contenu sur c:\system volume information\catalog.wci est
endommagé. Veuillez arrêter et redémarrer le service d'indexation (cisvc).

Error - 16-12-2008 7:13:43 | Computer Name = FAHADJAMMAR | Source = Ci | ID = 4126
Description = Nettoyage des méta-données endommagées de l'index de contenu sur c:\system
volume information\catalog.wci. L'index sera automatiquement restauré en refiltrant
tous les documents.

Error - 16-12-2008 13:14:34 | Computer Name = FAHADJAMMAR | Source = MsiInstaller | ID = 11921
Description = Programme : Kaspersky Internet Security 7.0 -- Erreur 1921.Impossible
d'arrêter le service Kaspersky Internet Security 7.0 (AVP). Assurez-vous que vous
bénéficiez des privilèges d'arrêt des services système.

Error - 16-12-2008 13:15:53 | Computer Name = FAHADJAMMAR | Source = MsiInstaller | ID = 11921
Description = Programme : Kaspersky Internet Security 7.0 -- Erreur 1921.Impossible
d'arrêter le service Kaspersky Internet Security 7.0 (AVP). Assurez-vous que vous
bénéficiez des privilèges d'arrêt des services système.

Error - 16-12-2008 13:17:21 | Computer Name = FAHADJAMMAR | Source = MsiInstaller | ID = 11921
Description = Programme : Kaspersky Internet Security 7.0 -- Erreur 1921.Impossible
d'arrêter le service Kaspersky Internet Security 7.0 (AVP). Assurez-vous que vous
bénéficiez des privilèges d'arrêt des services système.

[ System Events ]
Error - 20-12-2008 6:54:18 | Computer Name = FAHADJAMMAR | Source = Service Control Manager | ID = 7031
Description = Le service Spouleur d'impression s'est terminé de manière inattendue.
Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans
60000 millisecondes : Redémarrer le service.

Error - 20-12-2008 15:45:35 | Computer Name = FAHADJAMMAR | Source = NetBT | ID = 4307
Description = L'initialisation a échoué car le transport a refusé d'ouvrir les adresses
initiales.

Error - 21-12-2008 7:16:37 | Computer Name = FAHADJAMMAR | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 21-12-2008 7:17:00 | Computer Name = FAHADJAMMAR | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc
avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 21-12-2008 7:17:06 | Computer Name = FAHADJAMMAR | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc
avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 21-12-2008 7:17:25 | Computer Name = FAHADJAMMAR | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc
avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 21-12-2008 7:17:27 | Computer Name = FAHADJAMMAR | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : avgio avipbb Fips intelppm ssmdrv

Error - 21-12-2008 7:22:40 | Computer Name = FAHADJAMMAR | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc
avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 21-12-2008 7:22:40 | Computer Name = FAHADJAMMAR | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc
avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 21-12-2008 7:36:22 | Computer Name = FAHADJAMMAR | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}


<End>
-----Fin----- merci pour votre aide et je n'espere que je n'ai te pas trops derangé :)
fatma
 
Messages: 20
Inscription: 08 Mar 2008, 18:26

Messagede nickW » 21 Déc 2008, 23:45

Bonsoir,

On continue ..... :wink:

Au vu de la longueur de la procédure, je te conseille de l'imprimer ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet, et des redémarrages sont possibles).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection.



Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).


Étape 1: Malwarebytes' Anti-Malware, installation
Télécharger Malwarebytes' Anti-Malware depuis l'un des liens ci-dessous:
http://www.besttechie.net/tools/mbam-setup.exe
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Enregistrer ce fichier sur le Bureau.
Faire un double clic sur mbam-setup.exe pour lancer l'installation (Accepter le contrat de licence, puis valider les options par défaut).
Sur le dernier écran de la procédure d'installation, cocher la case située devant "Mettre à jour Malwarebytes' Anti-Malware", puis cliquer sur le bouton "Terminer".


Étape 2: Désactivation des programmes de sécurité résidents
Désactiver les programmes de protection résidents (Antivirus).
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "AntiVir Guard enable"


Étape 3: OTMoveIt3 (de OldTimer)
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien
:Processes
explorer.exe

:Services
BOONTY
Boonty Games

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6584C510-924B-486A-A1A0-E380DE08C2DB}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"0aMCPClient"=-
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09e8f57e-dfaa-11dc-a8a6-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10f222db-e3b9-11dc-a8bc-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{167a16d8-3924-11dd-b691-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dbe62db-3c2c-11dc-bb84-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{319dc0ad-a711-11dd-9631-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{518ecfa6-27d6-11dd-a1c1-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b81757-caae-11dd-81f1-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92e44388-28a9-11dd-a1c3-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9f45290-105e-11dd-b009-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca0e6139-a5b0-11dd-962a-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9490e1a-8525-11dc-bc1e-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df60991c-a4c3-11dc-bed7-001636fdb91d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3b0ccd4-e45e-11dc-a8bf-001636fdb91d}]

:Files
E:\autorun.inf
E:\x6rlc0.exe
E:\9.cmd
E:\dee3.cmd
C:\dee3.cmd
C:\x6rlc0.exe
C:\WINDOWS\system32\awtsRKAP
C:\WINDOWS\system32\PAKRstwa.ini
C:\WINDOWS\system32\PAKRstwa.ini2
C:\WINDOWS\system32\SsCbHRqr.ini
C:\WINDOWS\system32\SsCbHRqr.ini2
C:\Program Files\Fichiers communs\BOONTY Shared

:Commands
[start explorer]
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom OTMI-2.txt
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: fatma.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 4: Création du fichier reparlsa.reg
Ouvrir une înstance du Bloc-notes: Démarrer---->Exécuter, taper notepad puis cliquer sur OK.
Faire un copier/coller des lignes ci-dessous (dans la zone blanche située sous "Code:") dans la fenêtre du Bloc-notes qui vient d'être ouverte.
Dans le Bloc-notes, vérifier (dans le menu Format) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom de reparlsa.reg
Attention no 1: Il y a une ligne blanche après la dernière ligne
Attention no 2: l'extension doit être .reg , choisir "Tous les fichiers" dans la liste déroulante de "Type" lors du "Enregistrer sous.."
Si l'extension est .reg.txt, renommer le fichier en .reg
Code: Tout sélectionner
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00



Fermer le Bloc-notes.


Étape 5: Toolbar-S&D (de la Team IDN) , option 2: Suppression

Impératif: Fermer toutes les fenêtres de navigateur (Internet Explorer, Firefox, Mozilla, Opera, etc).

Faire un double clic sur ToolBarSD.exe situé sur le Bureau pour lancer l'exécution de l'outil.

Choisir la langue en tapant F puis en appuyant sur Entrée.
Lire l'avertissement, puis cliquer sur OK.

Après l'affichage du menu, taper 2 puis faire Entrée pour supprimer les fichiers responsables de l'infection.

Ne pas fermer la fenêtre pendant la suppression des fichiers!

Lorsque la suppression est terminée, une fenêtre du Bloc-notes s'ouvre et affiche le rapport (alias log).

Fermer le Bloc-notes, ce qui termine l'exécution de l'outil.

Note:
Si le Bureau ne réapparaît pas, ouvrir le Gestionnaire des tâches en utilisant simultanément les touches CTRL+ALT+SUPP.
Cliquer en haut sur le Menu Fichier et choisir Nouvelle tâche (Exécuter...).
Dans la nouvelle fenêtre Créer une nouvelle tâche qui s'est ouverte, dans la zone Ouvrir, taper exactement explorer puis cliquer sur le bouton OK. Le Bureau va réapparaître.


Étape 6: Utilisation du fichier reparlsa.reg
Faire un clic droit sur reparlsa.reg, puis dans le menu contextuel choisir Fusionner et accepter la fusion dans le Registre.


Étape 7: OTMoveIt3 (de OldTimer)
Faire un double clic sur OTMoveIt3.exe pour lancer l'outil.
Ouvrir le fichier OTMI-2.txt dans le Bloc-notes.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Sélectionner tout.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Copier.

Retourner dans la fenêtre de OTMoveIt3, faire un clic droit dans la fenêtre située sur la gauche nommée "Paste Instructions for Items to be Moved" Image et choisir Coller.

Cliquer sur le bouton MoveIt!: Image
Attendre la fin du travail de l'outil puis fermer OTMoveIt3.
Note: Un redémarrage est parfois nécessaire. S'il est demandé, cliquer sur Oui/Yes


Étape 8: Malwarebytes' Anti-Malware, recherche
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Cliquer sur le bouton "Enregistrer le rapport", valider la sauvegarde, puis cliquer sur le bouton "Quitter"


Étape 9: Réactivation des programmes de sécurité résidents
Réactiver les programmes de protection résidents (Antivirus).


Étape 10: OTListIt2 (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTListIt2.exe pour lancer l'outil.

L'écran principal de OTListIt2 s'affiche:
Image

Cocher (en haut) la case située devant Scan All Users: Image

Puis cliquer sur le bouton Run Scan: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTListIt2.


Étape 11: Résultats
Envoyer en réponse:
*- le rapport de Toolbar S&D (contenu du fichier SystemDrive\TB.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de OTMoveIt3 (contenu du fichier Lecteur\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[Lecteur représente la partition depuis laquelle OTMoveIt3 a été lancé, généralement C:]
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTListIt2 (contenu du fichier OTListIt2.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

les resultats :)

Messagede fatma » 28 Déc 2008, 19:29

salut,
je suis vraiment desolée pour ma ce retard,
bon je suivis tous les instructions comme tu as dis et voila le resultat :
le rapport de toolbar S&D:

-----------\\ ToolBar S&D 1.2.7 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2060 @ 1.60GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : Fatma Hadj Ammar ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Not Activated)
C:\ (Local Disk) - NTFS - Total:73 Go (Free:5 Go)
D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 19-12-2008|22:30 )
Option : [2] ( Sun 12/28/2008|18:59 )

-----------\\ SUPPRESSION

Supprime! - [Service] MyWebSearchService
Supprime! - C:\Program Files\FunWebProducts\ScreenSaver
Supprime! - C:\Program Files\FunWebProducts\Shared
Echec ! - C:\Program Files\MyWebSearch\bar
Echec ! - C:\Program Files\MyWebSearch\SrchAstt
Echec ! - C:\Program Files\MyWebSearch\bar\1.bin
Echec ! - C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
Echec ! - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
Echec ! - C:\Program Files\MyWebSearch\SrchAstt\1.bin
Echec ! - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
Supprime! - C:\WINDOWS\System32\f3PSSavr.scr
Supprime! - C:\Program Files\Internet Explorer\msimg32.dll
Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
Supprime! - C:\Program Files\MSN Messenger\riched20.dll
Supprime! - C:\Program Files\FunWebProducts
Echec ! - C:\Program Files\MyWebSearch

-----------\\ DEUXIEME PASSAGE

Echec ! - C:\Program Files\MyWebSearch\bar
Echec ! - C:\Program Files\MyWebSearch\SrchAstt
Echec ! - C:\Program Files\MyWebSearch\bar\1.bin
Echec ! - C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
Echec ! - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
Echec ! - C:\Program Files\MyWebSearch\SrchAstt\1.bin
Echec ! - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
Echec ! - C:\Program Files\MyWebSearch

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch\SrchAstt
C:\Program Files\MyWebSearch\bar\1.bin
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\SrchAstt\1.bin
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\DOCUME~1\FATMAH~1\Cookies\fatma hadj ammar@mywebsearch[1].txt

-----------\\ Extensions

(Fatma Hadj Ammar) - {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} => megaupload


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com"
"Search Bar"="http://fr.rd.yahoo.com/customize/ycomp/defaults/sb/*http://fr.yahoo.com/search/ie.html"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.msn.com/"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\PAKRstwa.ini
C:\WINDOWS\system32\PAKRstwa.ini2
C:\WINDOWS\system32\SsCbHRqr.ini
C:\WINDOWS\system32\SsCbHRqr.ini2
[b]==> VUNDO </b>
fatma
 
Messages: 20
Inscription: 08 Mar 2008, 18:26

Messagede fatma » 28 Déc 2008, 19:31

le rapport de OTMoveIt3:
Error: Unable to interpret <rien> in the current context!
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service BOONTY .
Service Boonty Games stopped successfully.
Service Boonty Games deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{6584C510-924B-486A-A1A0-E380DE08C2DB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6584C510-924B-486A-A1A0-E380DE08C2DB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\0aMCPClient deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09e8f57e-dfaa-11dc-a8a6-001636fdb91d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10f222db-e3b9-11dc-a8bc-001636fdb91d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{167a16d8-3924-11dd-b691-001636fdb91d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dbe62db-3c2c-11dc-bb84-001636fdb91d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{319dc0ad-a711-11dd-9631-001636fdb91d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{518ecfa6-27d6-11dd-a1c1-001636fdb91d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b81757-caae-11dd-81f1-001636fdb91d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92e44388-28a9-11dd-a1c3-001636fdb91d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9f45290-105e-11dd-b009-001636fdb91d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca0e6139-a5b0-11dd-962a-001636fdb91d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9490e1a-8525-11dc-bc1e-001636fdb91d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df60991c-a4c3-11dc-bed7-001636fdb91d}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3b0ccd4-e45e-11dc-a8bf-001636fdb91d}\\ deleted successfully.
========== FILES ==========
File/Folder E:\autorun.inf not found.
File/Folder E:\x6rlc0.exe not found.
File/Folder E:\9.cmd not found.
File/Folder E:\dee3.cmd not found.
File/Folder C:\dee3.cmd not found.
C:\x6rlc0.exe moved successfully.
File/Folder C:\WINDOWS\system32\awtsRKAP not found.
C:\WINDOWS\system32\PAKRstwa.ini moved successfully.
C:\WINDOWS\system32\PAKRstwa.ini2 moved successfully.
C:\WINDOWS\system32\SsCbHRqr.ini moved successfully.
C:\WINDOWS\system32\SsCbHRqr.ini2 moved successfully.
C:\Program Files\Fichiers communs\BOONTY Shared\Service moved successfully.
C:\Program Files\Fichiers communs\BOONTY Shared moved successfully.
========== COMMANDS ==========
Explorer started successfully
File delete failed. C:\DOCUME~1\FATMAH~1\LOCALS~1\Temp\~DF1CFF.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12282008_190553

Files moved on Reboot...
C:\DOCUME~1\FATMAH~1\LOCALS~1\Temp\~DF1CFF.tmp moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
a suivre ---------------->
fatma
 
Messages: 20
Inscription: 08 Mar 2008, 18:26

Messagede fatma » 28 Déc 2008, 19:33

le log de malwaresbytes:
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1562
Windows 5.1.2600 Service Pack 3

28-12-2008 19:19:10
mbam-log-2008-12-28 (19-19-05).txt

Type de recherche: Examen rapide
Eléments examinés: 56112
Temps écoulé: 4 minute(s), 11 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 13

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\mmvo0.dll (Trojan.Agent) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmva (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\ossgjds.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mmvo.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mmvo0.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM3ad8e867.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM3ad8e867.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\explorer.backup (Heuristics.Reserved.Word.Exploit) -> No action taken.
a suivre----------->
fatma
 
Messages: 20
Inscription: 08 Mar 2008, 18:26

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 45 invités

cron