Demande d'analyse

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Demande d'analyse

Messagede lil » 18 Avr 2011, 15:12

Bonjour,

Depuis environ 2 semaines, mon pc ne me donne plus accès à des moteurs de recherches tels que google, bing, yahoo search ainsi qu'à d'autres sites comme youtube, il est également de plus en plus lent.
C'est pourquoi je sollicite votre aide.
Après avoir suivi toutes les instructions présentes dans le topic "OBLIGATOIRE pour toute demande d'analyse", je poste l'ensemble des résultats.
En vous remerciant par avance,

Lil.

------------------- Rapport Malwarebytes' Anti-Malware--------------------

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Version de la base de données: 6389

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/04/2011 15:38:07
mbam-log-2011-04-18 (15-38-03).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 158478
Temps écoulé: 6 minute(s), 34 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\32 Vegas Casino (Adware.21Nova) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\lili\local settings\temporary internet files\Content.IE5\PEUDMYAG\OTL[1].exe (Trojan.Dropper.PGen) -> No action taken.

<End>
lil
 
Messages: 8
Inscription: 18 Avr 2011, 14:54

Re: Demande d'analyse

Messagede lil » 18 Avr 2011, 15:14

-------------------- 1er Rapport OTL ------------------

OTL logfile created on: 18/04/2011 15:40:45 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\lili\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 68,56 Gb Free Space | 46,00% Space Free | Partition Type: NTFS
Drive I: | 1,84 Gb Total Space | 0,76 Gb Free Space | 41,57% Space Free | Partition Type: FAT

Computer Name: NONE-A1376844F5 | User Name: lili | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/18 15:11:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lili\Bureau\OTL.exe
PRC - [2011/03/21 23:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/23 16:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/02/23 16:04:17 | 000,121,000 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/12/02 22:30:39 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
PRC - [2010/10/16 01:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/06 14:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/16 21:36:06 | 000,955,392 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
PRC - [2009/07/10 13:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/18 15:11:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lili\Bureau\OTL.exe
MOD - [2011/02/23 16:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2011/02/23 16:04:11 | 000,122,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\ashShell.dll
MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/23 16:04:17 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/10/16 01:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/06 14:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 15:57:38 | 000,101,976 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2011/02/23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 15:56:41 | 000,192,728 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2011/02/23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 15:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 15:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/02/23 14:34:54 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/01/25 16:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/11/03 18:40:04 | 000,821,248 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-448539723-839522115-1169738307-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com
IE - HKU\S-1-5-21-448539723-839522115-1169738307-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-448539723-839522115-1169738307-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-448539723-839522115-1169738307-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-448539723-839522115-1169738307-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://fr.msn.com/ [binary data]
IE - HKU\S-1-5-21-448539723-839522115-1169738307-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
IE - HKU\S-1-5-21-448539723-839522115-1169738307-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-448539723-839522115-1169738307-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-448539723-839522115-1169738307-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 34 5A 56 0D 0D CA 01 [binary data]
IE - HKU\S-1-5-21-448539723-839522115-1169738307-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-448539723-839522115-1169738307-1003\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\prxtbMes0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-448539723-839522115-1169738307-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-448539723-839522115-1169738307-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.fr"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={C2E82EBC-A45B-5E7F-543E-AEFED9D455D3}&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/02 22:34:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/10 20:21:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/10 20:21:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/04/13 16:45:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/07 15:18:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/07 15:18:54 | 000,000,000 | ---D | M]

[2010/01/30 22:11:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lili\Application Data\Mozilla\Extensions
[2011/03/02 19:49:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lili\Application Data\Mozilla\Firefox\Profiles\t1pdh3rl.default\extensions
[2011/03/01 22:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lili\Application Data\Mozilla\Firefox\Profiles\t1pdh3rl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/01 22:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lili\Application Data\Mozilla\Firefox\Profiles\t1pdh3rl.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}
[2009/11/30 17:45:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lili\Application Data\Mozilla\Firefox\Profiles\t1pdh3rl.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2011/03/01 22:04:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lili\Application Data\Mozilla\Firefox\Profiles\t1pdh3rl.default\extensions\ffxtlbr@babylon.com
[2009/11/30 17:45:50 | 000,005,407 | ---- | M] () -- C:\Documents and Settings\lili\Application Data\Mozilla\Firefox\Profiles\t1pdh3rl.default\searchplugins\fast-browser-search.xml
[2011/03/01 22:00:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/02 22:34:20 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/04/13 16:45:46 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011/04/10 20:21:16 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/04/10 20:21:16 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/03/25 01:16:30 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2011/03/25 01:16:30 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/03/25 01:16:30 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2011/03/25 01:16:30 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2011/03/25 01:16:30 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/11/12 20:53:03 | 000,002,839 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 69.72.252.252 www.google.com
O1 - Hosts: 69.72.252.252 google.com
O1 - Hosts: 69.72.252.252 google.com.au
O1 - Hosts: 69.72.252.252 www.google.com.au
O1 - Hosts: 69.72.252.252 google.be
O1 - Hosts: 69.72.252.252 www.google.be
O1 - Hosts: 69.72.252.252 google.com.br
O1 - Hosts: 69.72.252.252 www.google.com.br
O1 - Hosts: 69.72.252.252 google.ca
O1 - Hosts: 39 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\prxtbMes0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - File not found
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\prxtbMes0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-448539723-839522115-1169738307-1003\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-448539723-839522115-1169738307-1003\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - File not found
O3 - HKU\S-1-5-21-448539723-839522115-1169738307-1003\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-448539723-839522115-1169738307-1003\..\Toolbar\WebBrowser: (Messenger Plus Live France Toolbar) - {59994074-C06D-4A75-9768-49E5A8C21264} - C:\Program Files\Messenger_Plus_Live_France\prxtbMes0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-448539723-839522115-1169738307-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] File not found
O4 - HKU\S-1-5-21-448539723-839522115-1169738307-1003..\Run: [ISUSPM] File not found
O4 - HKU\S-1-5-21-448539723-839522115-1169738307-1003..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\lili\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-839522115-1169738307-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 8514848546 (WUWebControl Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab (EPUImageControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\lili\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\lili\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ff85790-8ad6-11df-a0c0-0013d326f719}\Shell\Auto\command - "" = J:\launcher.exe
O33 - MountPoints2\{1ff85790-8ad6-11df-a0c0-0013d326f719}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL launcher.exe
O33 - MountPoints2\{7b82beb1-3b76-11df-9ffa-0013d326f719}\Shell\AutoRun\command - "" = I:\ws.exe
O33 - MountPoints2\{7b82beb1-3b76-11df-9ffa-0013d326f719}\Shell\open\Command - "" = I:\ws.exe
O33 - MountPoints2\{e9cd17ea-6100-11df-a052-0013d326f719}\Shell\AutoRun\command - "" = J:\start.exe
O33 - MountPoints2\{e9cd17ea-6100-11df-a052-0013d326f719}\Shell\iledefrance\command - "" = J:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/18 15:23:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/18 15:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ERUNT
[2011/04/18 15:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/18 15:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lili\Application Data\Malwarebytes
[2011/04/18 15:18:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/18 15:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2011/04/18 15:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/18 15:18:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/18 15:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/18 15:14:53 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\lili\Bureau\erunt-setup.exe
[2011/04/18 15:11:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lili\Bureau\OTL.exe
[2011/04/14 17:30:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\lili\Recent
[2011/04/14 17:23:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options
[2011/04/14 17:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lili\Bureau\backups
[2011/04/14 17:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CCleaner
[2011/04/14 16:32:08 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\lili\Bureau\Sanner.exe.exe
[2011/04/13 17:17:24 | 000,101,976 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2011/04/13 17:16:31 | 000,192,728 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2011/04/13 17:15:28 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2011/04/13 17:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\avast! Internet Security
[2011/04/13 16:45:49 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/13 04:27:32 | 000,000,000 | ---D | C] -- C:\81b61d96e6a478c168e1
[2011/04/07 15:14:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/03/23 00:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lili\Mes documents\BlackBerry
[2011/03/23 00:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lili\Local Settings\Application Data\Research In Motion
[2011/03/21 21:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lili\Mes documents\carte memoire
[2004/11/03 19:20:26 | 000,192,512 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\lili\Mes documents\*.tmp files -> C:\Documents and Settings\lili\Mes documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/18 15:44:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5E873725-E0ED-4339-8E50-73A0A3169C8D}.job
[2011/04/18 15:41:02 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/18 15:29:47 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-839522115-1169738307-1003.job
[2011/04/18 15:29:47 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-839522115-1169738307-1003.job
[2011/04/18 15:21:47 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\lili\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2011/04/18 15:21:38 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\lili\Bureau\NTREGOPT.lnk
[2011/04/18 15:21:38 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\lili\Bureau\ERUNT.lnk
[2011/04/18 15:18:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/04/18 15:15:34 | 000,005,024 | ---- | M] () -- C:\Documents and Settings\lili\Bureau\erunt-loc_fr.zip
[2011/04/18 15:14:56 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\lili\Bureau\erunt-setup.exe
[2011/04/18 15:11:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lili\Bureau\OTL.exe
[2011/04/18 15:05:52 | 000,001,408 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
[2011/04/18 13:40:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/18 13:39:36 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/18 13:38:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/17 01:32:51 | 000,002,575 | ---- | M] () -- C:\Documents and Settings\lili\Bureau\Microsoft Office Word 2007.lnk
[2011/04/14 17:04:13 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2011/04/14 16:53:43 | 000,000,212 | -HS- | M] () -- C:\boot.ini
[2011/04/14 16:32:10 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\lili\Bureau\Sanner.exe.exe
[2011/04/13 21:52:56 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 20:12:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/13 20:09:10 | 000,503,656 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/04/13 20:09:10 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/13 20:09:10 | 000,081,626 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/04/13 20:09:10 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/13 17:16:31 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/13 17:12:04 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\avast! Internet Security.lnk
[2011/04/12 23:01:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/10 20:21:22 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Converter.lnk
[2011/04/10 20:21:22 | 000,001,474 | ---- | M] () -- C:\Documents and Settings\lili\Bureau\DivX Movies.lnk
[2011/04/10 20:20:49 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Player.lnk
[2011/03/22 23:25:01 | 010,968,161 | ---- | M] () -- C:\Documents and Settings\lili\Mes documents\LoaderBackup-(2011-03-22).ipd
[2011/03/22 23:14:58 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011/03/22 23:14:51 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/03/22 22:44:22 | 004,031,355 | ---- | M] () -- C:\Documents and Settings\lili\Mes documents\Marques Houston Feat. Joe Budden - Clubbin.mp3
[2011/03/22 22:43:53 | 000,013,002 | -HS- | M] () -- C:\Documents and Settings\lili\Mes documents\Folder.jpg
[2011/03/22 22:43:53 | 000,013,002 | -HS- | M] () -- C:\Documents and Settings\lili\Mes documents\AlbumArt_{68B48082-E414-43D3-BCAE-4097796B8FD4}_Large.jpg
[2011/03/22 22:43:52 | 000,002,730 | -HS- | M] () -- C:\Documents and Settings\lili\Mes documents\AlbumArtSmall.jpg
[2011/03/22 22:43:52 | 000,002,730 | -HS- | M] () -- C:\Documents and Settings\lili\Mes documents\AlbumArt_{68B48082-E414-43D3-BCAE-4097796B8FD4}_Small.jpg
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\lili\Mes documents\*.tmp files -> C:\Documents and Settings\lili\Mes documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/18 15:21:47 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\lili\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2011/04/18 15:21:38 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\lili\Bureau\NTREGOPT.lnk
[2011/04/18 15:21:38 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\lili\Bureau\ERUNT.lnk
[2011/04/18 15:18:49 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/04/18 15:15:34 | 000,005,024 | ---- | C] () -- C:\Documents and Settings\lili\Bureau\erunt-loc_fr.zip
[2011/04/14 17:04:13 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2011/04/14 16:56:23 | 000,001,837 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
[2011/04/13 17:11:48 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\avast! Internet Security.lnk
[2011/04/10 20:20:22 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DivX Plus Converter.lnk
[2011/03/22 23:25:01 | 010,968,161 | ---- | C] () -- C:\Documents and Settings\lili\Mes documents\LoaderBackup-(2011-03-22).ipd
[2011/03/22 23:14:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011/03/22 23:14:51 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/03/22 23:14:45 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/03/22 22:43:54 | 000,013,002 | -HS- | C] () -- C:\Documents and Settings\lili\Mes documents\AlbumArt_{68B48082-E414-43D3-BCAE-4097796B8FD4}_Large.jpg
[2011/03/22 22:43:54 | 000,002,730 | -HS- | C] () -- C:\Documents and Settings\lili\Mes documents\AlbumArt_{68B48082-E414-43D3-BCAE-4097796B8FD4}_Small.jpg
[2011/03/21 21:44:12 | 004,031,355 | ---- | C] () -- C:\Documents and Settings\lili\Mes documents\Marques Houston Feat. Joe Budden - Clubbin.mp3
[2010/12/07 23:54:06 | 001,002,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/25 22:10:11 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/03/29 01:29:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/23 13:45:58 | 000,000,469 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/03/10 01:26:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\lili\Local Settings\Application Data\rx_image.Cache
[2010/02/01 02:20:00 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/01/25 19:24:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/01/25 19:24:50 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/01/13 00:37:58 | 000,057,788 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/17 15:39:59 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat
[2009/10/29 02:08:38 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/09/26 02:04:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/26 01:03:50 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/09/01 16:41:14 | 000,000,434 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/09/01 16:41:14 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/08/14 23:53:08 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\lili\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/23 21:03:59 | 000,459,776 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2009/07/23 21:03:59 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/07/23 21:03:59 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/07/23 21:01:19 | 000,005,715 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/23 19:13:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/23 19:07:46 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/23 18:58:06 | 000,295,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 16:23:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/08/30 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/30 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/30 14:00:00 | 000,503,656 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2002/08/30 14:00:00 | 000,435,396 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/30 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2002/08/30 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/30 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/30 14:00:00 | 000,081,626 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2002/08/30 14:00:00 | 000,068,292 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/30 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/30 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2002/08/30 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/30 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/30 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/11/12 21:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4ae076
[2010/09/19 12:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/10/29 02:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/01/18 22:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/11/06 01:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2010/09/06 01:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/05/18 21:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/15 23:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/07 12:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/11/19 23:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\BabylonToolbar
[2009/11/30 21:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\Canneverbe Limited
[2009/10/29 02:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\Canneverbe_Limited
[2009/11/09 20:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\CasinoOnNet
[2010/09/26 22:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\ch.sts.simultrain.F382F56A50910B98DC9E552DECB78E214AB00214.1
[2010/02/02 14:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\FMZilla
[2010/02/07 02:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\GetRight
[2010/01/30 22:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\igraal
[2010/07/25 16:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\moovida-1
[2010/07/09 00:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\MP-Manager
[2010/09/14 19:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\OfferBox
[2011/01/23 21:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\OpenCandy
[2010/06/02 18:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\PhotoFiltre
[2011/04/14 15:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\PriceGong
[2010/12/07 22:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\Research In Motion
[2009/07/30 13:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\Skinux
[2010/06/22 12:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\SPlayer
[2011/01/23 21:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\Uniblue
[2011/01/29 01:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2010/07/25 17:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lili\Application Data\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
[2011/04/18 15:44:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5E873725-E0ED-4339-8E50-73A0A3169C8D}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/02/09 11:16:25 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/02/09 11:16:25 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/02/09 11:16:25 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/02/09 11:16:25 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CTFMON.EXE >
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe
[2004/08/19 16:09:52 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=64E41E8FEE655B03E3F19DED21BA5118 -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe

< MD5 for: EVENTLOG.DLL >
[2004/08/19 16:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004/08/19 16:09:54 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/19 16:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 20:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 20:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/19 16:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/19 16:10:04 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/19 16:10:06 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >
lil
 
Messages: 8
Inscription: 18 Avr 2011, 14:54

Re: Demande d'analyse

Messagede lil » 18 Avr 2011, 15:17

------------------------- 2è Rapport OTL -------------------------

OTL Extras logfile created on: 18/04/2011 15:40:45 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\lili\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 68,56 Gb Free Space | 46,00% Space Free | Partition Type: NTFS
Drive I: | 1,84 Gb Total Space | 0,76 Gb Free Space | 41,57% Space Free | Partition Type: FAT

Computer Name: NONE-A1376844F5 | User Name: lili | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-448539723-839522115-1169738307-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Fluendo\Moovida\Moovida.exe" = C:\Program Files\Fluendo\Moovida\Moovida.exe:*:Enabled:Moovida
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5E1CF770-3B0A-485C-B41C-F3B9396F6FEE}" = BlackBerry Device Software v5.0.0 pour smartphone BlackBerry 8900
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A38B0AC4-9CB3-4386-897A-EE27AFCA97B2}" = BlackBerry Device Software v5.0.0 pour smartphone BlackBerry 8900
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Français
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BA47D989-B453-49F3-8066-55EFB9716D51}" = BlackBerry Device Software v5.0.0 pour smartphone BlackBerry 9700
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CD7C9B20-D251-4504-B280-7CD2ABEA7B1A}" = BlackBerry Device Software v5.0.0 pour smartphone BlackBerry 9700
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Logiciel Kodak EasyShare
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EA50F6E4-8542-4B2B-B344-D080D5DA0EB1}" = BlackBerry Device Software Updater
"{ED1B169D-F33E-4EB2-AB5E-F5C85FC3325C}" = BlackBerry Device Software v6.0.0 pour smartphone BlackBerry 9700
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF71074A-C7D8-4EBE-95CC-91A0A3994A55}" = BlackBerry Device Software v5.0.0 pour smartphone BlackBerry 9700
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"afplanet" = AnglaisFacile.com - Planet English
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Internet Security
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = Configuration DivX
"ERUNT_is1" = ERUNT 1.1j
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.81
"Free Studio_is1" = Free Studio version 4.2
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_France Toolbar" = Messenger_Plus_Live_France Toolbar
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 12.0" = RealPlayer
"SuperCopier2" = SuperCopier2
"VLC media player" = VLC media player 1.1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-448539723-839522115-1169738307-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 02/06/2010 08:21:50 | Computer Name = NONE-A1376844F5 | Source = avast! | ID = 33554522
Description =

Error - 02/06/2010 08:21:50 | Computer Name = NONE-A1376844F5 | Source = avast! | ID = 33554522
Description =

Error - 02/06/2010 08:21:50 | Computer Name = NONE-A1376844F5 | Source = avast! | ID = 33554522
Description =

Error - 02/06/2010 08:21:50 | Computer Name = NONE-A1376844F5 | Source = avast! | ID = 33554522
Description =

Error - 02/06/2010 08:21:51 | Computer Name = NONE-A1376844F5 | Source = avast! | ID = 33554522
Description =

Error - 02/06/2010 08:21:51 | Computer Name = NONE-A1376844F5 | Source = avast! | ID = 33554522
Description =

Error - 02/06/2010 08:21:51 | Computer Name = NONE-A1376844F5 | Source = avast! | ID = 33554522
Description =

Error - 02/06/2010 08:21:51 | Computer Name = NONE-A1376844F5 | Source = avast! | ID = 33554522
Description =

Error - 02/06/2010 08:21:51 | Computer Name = NONE-A1376844F5 | Source = avast! | ID = 33554522
Description =

Error - 02/06/2010 08:21:51 | Computer Name = NONE-A1376844F5 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 22/03/2011 16:57:25 | Computer Name = NONE-A1376844F5 | Source = Application Hang | ID = 1002
Description = Application bloquée Loader.exe, version 6.0.1.11, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 22/03/2011 19:48:20 | Computer Name = NONE-A1376844F5 | Source = Application Error | ID = 1000
Description = Application défaillante plugin-container.exe, version 1.9.2.4079,
module défaillant ntdll.dll, version 5.1.2600.6055, adresse de défaillance 0x0000100b.

Error - 24/03/2011 19:11:55 | Computer Name = NONE-A1376844F5 | Source = Application Error | ID = 1000
Description = Application défaillante plugin-container.exe, version 1.9.2.4079,
module défaillant ntdll.dll, version 5.1.2600.6055, adresse de défaillance 0x0000100b.

Error - 24/03/2011 23:51:33 | Computer Name = NONE-A1376844F5 | Source = Application Error | ID = 1000
Description = Application défaillante plugin-container.exe, version 1.9.2.4095,
module défaillant ntdll.dll, version 5.1.2600.6055, adresse de défaillance 0x0000100b.

Error - 28/03/2011 15:29:58 | Computer Name = NONE-A1376844F5 | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 04/04/2011 13:37:53 | Computer Name = NONE-A1376844F5 | Source = Application Error | ID = 1000
Description = Application défaillante acrord32.exe, version 10.0.1.434, module défaillant
acrord32.dll, version 10.0.1.434, adresse de défaillance 0x00020ab2.

Error - 06/04/2011 07:05:42 | Computer Name = NONE-A1376844F5 | Source = Application Error | ID = 1000
Description = Application défaillante wmplayer.exe, version 11.0.5721.5262, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0xc25d5ec6.

Error - 07/04/2011 19:42:24 | Computer Name = NONE-A1376844F5 | Source = Application Error | ID = 1000
Description = Application défaillante svchost.exe, version 5.1.2600.5512, module
défaillant ntdll.dll, version 5.1.2600.6055, adresse de défaillance 0x0004487f.

Error - 10/04/2011 13:17:48 | Computer Name = NONE-A1376844F5 | Source = Application Hang | ID = 1002
Description = Application bloquée EXCEL.EXE, version 12.0.6545.5000, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 10/04/2011 13:18:38 | Computer Name = NONE-A1376844F5 | Source = Application Hang | ID = 1002
Description = Application bloquée EXCEL.EXE, version 12.0.6545.5000, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ OSession Events ]
Error - 18/11/2009 09:06:52 | Computer Name = NONE-A1376844F5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 205
seconds with 180 seconds of active time. This session ended with a crash.

Error - 29/11/2009 17:43:06 | Computer Name = NONE-A1376844F5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/05/2010 03:08:39 | Computer Name = NONE-A1376844F5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2439
seconds with 60 seconds of active time. This session ended with a crash.

Error - 28/05/2010 22:19:25 | Computer Name = NONE-A1376844F5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 05/01/2011 12:38:06 | Computer Name = NONE-A1376844F5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/03/2011 13:07:59 | Computer Name = NONE-A1376844F5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/03/2011 13:08:17 | Computer Name = NONE-A1376844F5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/03/2011 13:13:56 | Computer Name = NONE-A1376844F5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 13/04/2011 07:19:18 | Computer Name = NONE-A1376844F5 | Source = Server | ID = 2505
Description = Le serveur n'a pas pu se lier au transport \Device\NetBT_Tcpip_{88A6291C-0188-4FD9-8E85-FD09137A52A4}
car un autre ordinateur du réseau porte le même nom. Le serveur n'a pas pu démarrer.

Error - 14/04/2011 04:23:32 | Computer Name = NONE-A1376844F5 | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 192.168.0.11 sur
la carte réseau d'adresse réseau 0013D326F719.

Error - 14/04/2011 10:48:46 | Computer Name = NONE-A1376844F5 | Source = Service Control Manager | ID = 7006
Description = L'appel ScRegSetValueExW a échoué pour Start avec l'erreur : %%5

Error - 14/04/2011 10:48:46 | Computer Name = NONE-A1376844F5 | Source = Service Control Manager | ID = 7006
Description = L'appel ScRegSetValueExW a échoué pour Start avec l'erreur : %%5

Error - 14/04/2011 18:02:13 | Computer Name = NONE-A1376844F5 | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 192.168.0.11 sur
la carte réseau d'adresse réseau 0013D326F719.

Error - 14/04/2011 22:02:46 | Computer Name = NONE-A1376844F5 | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 192.168.0.11 sur
la carte réseau d'adresse réseau 0013D326F719.

Error - 15/04/2011 08:48:23 | Computer Name = NONE-A1376844F5 | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 192.168.0.11 sur
la carte réseau d'adresse réseau 0013D326F719.

Error - 15/04/2011 11:13:10 | Computer Name = NONE-A1376844F5 | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 192.168.0.11 sur
la carte réseau d'adresse réseau 0013D326F719.

Error - 15/04/2011 13:56:26 | Computer Name = NONE-A1376844F5 | Source = Server | ID = 2505
Description = Le serveur n'a pas pu se lier au transport \Device\NetBT_Tcpip_{88A6291C-0188-4FD9-8E85-FD09137A52A4}
car un autre ordinateur du réseau porte le même nom. Le serveur n'a pas pu démarrer.

Error - 15/04/2011 14:42:58 | Computer Name = NONE-A1376844F5 | Source = Server | ID = 2505
Description = Le serveur n'a pas pu se lier au transport \Device\NetBT_Tcpip_{88A6291C-0188-4FD9-8E85-FD09137A52A4}
car un autre ordinateur du réseau porte le même nom. Le serveur n'a pas pu démarrer.


< End of report >
lil
 
Messages: 8
Inscription: 18 Avr 2011, 14:54

Re: Demande d'analyse

Messagede nickW » 19 Avr 2011, 18:22

Bonjour,

Est-ce toi qui as désactivé la Restauration système?
Dans l'affirmative, pourquoi?


Premiers nettoyages, nouvelle analyse:

Étape 1: Désinstallation
Démarrer-->Paramètres-->Panneau de Configuration-->Ajout/Suppression de programmes
Rechercher et désinstaller (si trouvé) Conduit Engine
Rechercher et désinstaller (si trouvé) Messenger_Plus_Live_France Toolbar


Étape 2: Gmer, téléchargement
Télécharger le programme exécutable (fichier .exe) depuis la page http://www.gmer.net/#files
Cliquer sur le bouton Download EXE.
Enregistrer le fichier à la racine du disque système (généralement C: ) en notant son nom (qui est aléatoire).


Étape 3: HostsXpert (de FunkyToad)
Télécharger HostsXpert.zip depuis la page:
http://www.funkytoad.com/index.php?opti ... 13&Itemid=
(cliquer sur Click Here to download HostsXpert Image)
Enregistrer le fichier sur le Bureau.
Décompresser la totalité de l'archive HostsXpert.zip (sous XP: clic droit, puis Extraire tout).

Dans l'Explorateur, ouvrir le dossier HostsXpert qui vient d'être créé sur le Bureau.

Faire un double clic sur HostsXpert.exe pour lancer le programme.

*- Dans la colonne de gauche, sous "File Handling", vérifier que le premier bouton affiche "Make ReadOnly?", comme ceci:
Image
Si ce premier bouton affiche "Make Writable?", cliquer une fois dessus de façon à ce qu'il affiche "Make ReadOnly?"

*- Dans la colonne de gauche, cliquer sur le bouton "Restore MS Hosts File"
Image
Dans la petite fenêtre intitulée "Confirm", cliquer sur OK

*- Dans la colonne de gauche, cliquer sur le premier bouton de façon à ce qu'il affiche "Make Writable?", comme ceci:
Image

*- Fermer HostsXpert.


Étape 4: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image avast5!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Gestion des Agents avast!" et désactiver tous les agents de protection


Étape 5: OTL (de OldTimer), correction

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Sélectionner toutes les lignes ci-dessous comprises entre les deux lignes ------- (qu'il ne faut pas sélectionner), puis appuyer simultanément sur les touches Ctrl et C
Note importante: ne pas oublier de sélectionner le caractère "deux points" en début de première ligne.

-----------------------------------------------------

:otl
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={C2E82EBC-A45B-5E7F-543E-AEFED9D455D3}&q="
[2009/11/30 17:45:50 | 000,005,407 | ---- | M] () -- C:\Documents and Settings\lili\Application Data\Mozilla\Firefox\Profiles\t1pdh3rl.default\searchplugins\fast-browser-search.xml
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\prxtbMes0.dll (Conduit Ltd.)
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - File not found
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-448539723-839522115-1169738307-1003\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - File not found
O3 - HKU\S-1-5-21-448539723-839522115-1169738307-1003\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-448539723-839522115-1169738307-1003\..\Toolbar\WebBrowser: (Messenger Plus Live France Toolbar) - {59994074-C06D-4A75-9768-49E5A8C21264} - C:\Program Files\Messenger_Plus_Live_France\prxtbMes0.dll (Conduit Ltd.)
O33 - MountPoints2\{1ff85790-8ad6-11df-a0c0-0013d326f719}\Shell\Auto\command - "" = J:\launcher.exe
O33 - MountPoints2\{1ff85790-8ad6-11df-a0c0-0013d326f719}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL launcher.exe
O33 - MountPoints2\{7b82beb1-3b76-11df-9ffa-0013d326f719}\Shell\AutoRun\command - "" = I:\ws.exe
O33 - MountPoints2\{7b82beb1-3b76-11df-9ffa-0013d326f719}\Shell\open\Command - "" = I:\ws.exe
O33 - MountPoints2\{e9cd17ea-6100-11df-a052-0013d326f719}\Shell\AutoRun\command - "" = J:\start.exe
O33 - MountPoints2\{e9cd17ea-6100-11df-a052-0013d326f719}\Shell\iledefrance\command - "" = J:\start.exe

:Commands
[emptytemp]


-----------------------------------------------------

Retourner dans la fenêtre de OTL, faire un clic droit dans la zone blanche sous "Personnalisation" Image et choisir Coller.

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 6: Pas de processus de contrôle en temps réel
Comme le PC a redémarré, si l'antivirus a été réactivé, il faut de nouveau le désactiver.


Étape 7: Gmer, exécution

Fermer absolument toutes les applications, les connexions et les navigateurs.

Faire un double clic sur le fichier au nom aléatoire téléchargé précédemment.

Attendre quelques instants le chargement du pilote et les premières recherches.

Si l'outil affiche un message "WARNING !!! GMER has found system modification ... Do You want to fully scan your system ?", cliquer sur NO.

Vérifier que toutes les cases de la colonne de droite sont cochées sauf
Sections
les lecteurs autres que C:\
"Show all"

comme ceci:
Image

puis cliquer sur le bouton Scan.

Attendre sans rien faire d'autre (... c'est un peu long...).
Les clés de Registre & fichiers analysés s'affichent en bas de la fenêtre.

Lorsque l'outil a terminé (il n'y a plus de défilement en bas de la fenêtre), cliquer sur le bouton Save ....

Une fenêtre du Bloc-notes va s'ouvrir, contenant le fichier rapport.
Note: Dans le Bloc-notes, vérifier dans le menu Format que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sur le Bureau sous le nom gmer-110419.txt.
Fermer la fenêtre Gmer (clic sur OK).


Étape 8: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 9: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Tous les utilisateurs: Image

Puis cliquer sur le bouton Analyse: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 10: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier %SystemDrive%\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Gmer (contenu du fichier gmer-110419.txt)<----ce rapport est parfois très long; vérifier qu'il est complet; si nécessaire le découper en plusieurs messages -- en utilisant toujours le bouton Répondre.

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End of report>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Demande d'analyse

Messagede lil » 19 Avr 2011, 21:51

Bonsoir,

non je ne savais même pas qu'elle était désinstallée. Je vais procéder aux instructions que tu m'as laissées et je te tiens au courant.

Merci.
lil
 
Messages: 8
Inscription: 18 Avr 2011, 14:54

Re: Demande d'analyse

Messagede lil » 19 Avr 2011, 22:17

A l'étape 3 : HostsXpert je n'obtiens pas là même chose que ce qu'il est écrit pour "Make ReadOnl".
Voici ci-joint un imprim écran: ( doc1) et quand je mets ok pour accéder au colonne le "Make Writable?" apparait sans que je ne puisse le modifier. Ceci même en appuyant à maintes reprises dessus pour qu'il affiche "Make ReadOnly?".

Que faire ?

Merci d'avance.
Fichiers joints
imprim ecran.JPG
imprim ecran.JPG (126.44 Kio) Vu 2684 fois
lil
 
Messages: 8
Inscription: 18 Avr 2011, 14:54

Re: Demande d'analyse

Messagede lil » 19 Avr 2011, 22:46

P.S : j'ai réussi à activer la restauration du système.
lil
 
Messages: 8
Inscription: 18 Avr 2011, 14:54

Re: Demande d'analyse

Messagede nickW » 20 Avr 2011, 18:16

Bonjour,

Nouvelle stratégie pour le remplacement du fichier hosts (ceci annule et remplace l'Étape 3: HostsXpert (de FunkyToad) ci-dessus):


hostsperm-fr (adapté du fichier de Grinler)
Télécharger le fichier hostsperm-fr.bat via un clic droit sur le lien ci-dessous:
http://assiste.com.free.fr/m/nick/hostsperm-fr.bat
Enregistrer ce fichier sur le Bureau.
Note: Si le fichier a été enregistré sous le nom hostsperm-fr.bat.txt, il faut le renommer en hostsperm-fr.bat

Faire un double clic sur le fichier hostsperm-fr.bat pour lancer son exécution.
Une petite fenêtre à fond noir va s'ouvrir puis se fermer très rapidement: c'est normal.

Avec l'Explorateur, aller jusqu'au dossier C:\Windows\System32\Drivers\etc\
Si nécessaire, demander au préalable l'affichage des dossiers cachés et système:
http://assiste.com.free.fr/p/comment/co ... aches.html

Dans ce dossier, supprimer le fichier nommé hosts sans extension.


Télécharger le fichier hosts par défaut de Windows XP via un clic droit sur le lien ci-dessous, et placer le fichier hosts ainsi téléchargé dans le dossier C:\Windows\System32\Drivers\etc\
http://download.bleepingcomputer.com/mi ... s-xp/hosts

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Demande d'analyse

Messagede lil » 22 Avr 2011, 12:49

Bonjour,

je ne peux pas effacer le fichier hosts sans extension. j'ai mis l'imprimecran en pièce jointe.
Que faire ?

Merci.
Fichiers joints
Sans titre.JPG
Sans titre.JPG (121.74 Kio) Vu 2668 fois
lil
 
Messages: 8
Inscription: 18 Avr 2011, 14:54

Re: Demande d'analyse

Messagede lil » 25 Avr 2011, 17:42

up
lil
 
Messages: 8
Inscription: 18 Avr 2011, 14:54

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 52 invités

cron