Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

Plusieur Trojans sur mon PC

 

Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

Plusieur Trojans sur mon PC

Prévenir les modérateurs en cas d'abus 
Virtu0z
virtu0z
  1. Posté le 18/01/2009 à 20:14:42  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonsoir,
 Je voudrais avoir de l'aide sur mon PC portable ASUS, en effet, j'ai plusieurs Trojan sur mon pc. Je voudrais avoir de l'aide pour pouvoir m'en débarasser, ayant fait quelques recherche, j'ai su qu'il falait poster le résulat d'hijackthis.

 Que faire ensuite ? Merci beaucoup d'avance pour vos réponses !

May CastleCops live forever in our memories.
curson
Débutant confirmé (de 1 000 à 4 999 messages postés)
  1. Posté le 18/01/2009 à 20:23:07  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonsoir,

 1) Télécharge OTViewIt de OldTimer sur ton bureau.

 - Ferme toutes les fenêtres et applications.
 - Double clique sur OTViewIt.exe pour le lancer.
 - Dans la liste déroulante "File Age" choisis : 30 days (ou selon votre choix)
 - Clique sur le bouton "Run Scan".
 - Patiente quelques minutes.
 - le bloc note va s'ouvrir, poste les deux rapports obtenus dans ta prochaine réponse.

 Si le bloc note ne s'ouvre pas, tu les trouveras sur ton bureau : OTViewIt.txt et Extras.txt

(Publicité)
virtu0z
  1. Posté le 18/01/2009 à 21:00:54  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Merci encore!

 Voici les 2 rapports :

 OTViewIt Extras logfile created on: 19/01/2009 21:22:37 - Run
 OTViewIt by OldTimer - Version 1.0.21.0     Folder = C:\Documents and Settings\Nelly MARTY\Bureau
 Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
 Internet Explorer (Version = 7.0.5730.11)
 Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
 511,36 Mb Total Physical Memory | 115,56 Mb Available Physical Memory | 22,60% Memory free
 1,22 Gb Paging File | 0,87 Gb Available in Paging File | 70,90% Paging File free
 Paging file location(s): C:\pagefile.sys 768 1536;
 
 %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
 Drive C: | 43,70 Gb Total Space | 2,39 Gb Free Space | 5,48% Space Free | Partition Type: FAT32
 Drive D: | 29,04 Gb Total Space | 29,04 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 E: Drive not present or media not loaded
 Drive F: | 968,09 Mb Total Space | 707,42 Mb Free Space | 73,07% Space Free | Partition Type: FAT32
 G: Drive not present or media not loaded
 H: Drive not present or media not loaded
 I: Drive not present or media not loaded
 
 Computer Name: NOM-M8HOYK0DH9J
 Current User Name: Nelly MARTY
 Logged in as Administrator.
 
 Current Boot Mode: Normal
 Scan Mode: Current user
 Whitelist: On
 File Age = 30 Days

 ========== File Associations ==========

 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\<extension>]
 .html [@ = FirefoxHTML] -- C:\PROGRA~1\MOZILL~1\FIREFOX.E​XE (Mozilla Corporation)

 ========== Security Center Settings ==========

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center]
 "AntiVirusDisableNotify"=1
 "FirewallDisableNotify"=1
 "UpdatesDisableNotify"=1
 "AntiVirusOverride"=0
 "FirewallOverride"=0
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Monitoring]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Monitoring\AhnlabAntiVirus]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Monitoring\KasperskyAntiVirus]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Monitoring\McAfeeAntiVirus]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Monitoring\McAfeeFirewall]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Monitoring\PandaAntiVirus]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Monitoring\PandaFirewall]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Monitoring\SophosAntiVirus]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Monitoring\SymantecAntiVirus]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Monitoring\SymantecFirewall]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Monitoring\TinyFirewall]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Monitoring\TrendAntiVirus]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Monitoring\TrendFirewall]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Monitoring\ZoneLabsFirewall]

 HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\SharedA​ccess\Parameters\FirewallPolic​y\StandardProfile
 "EnableFirewall"=0
 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\SharedA​ccess\Parameters\FirewallPolic​y\StandardProfile\AuthorizedAp​plications]
 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\SharedA​ccess\Parameters\FirewallPolic​y\StandardProfile\GloballyOpen​Ports]

 ========== Authorized Applications List ==========

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\SharedA​ccess\Parameters\FirewallPolic​y\DomainProfile\AuthorizedAppl​ications\List]
 [2008/04/14 04:34:22 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:​*:enabled:@xpsp2res.dll,-22019
 [2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Ena​bled:@xpsp3res.dll,-20000
 [2007/10/18 11:34:04 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:E​nabled:Windows Live Messenger
 [2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:​Enabled:Windows Live Messenger (Phone)

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\SharedA​ccess\Parameters\FirewallPolic​y\StandardProfile\AuthorizedAp​plications\List]
 [2008/04/14 04:34:22 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:​*:enabled:@xpsp2res.dll,-22019
 [2008/04/14 04:34:14 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:E​nabled:Windows Messenger
 [2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Ena​bled:@xpsp3res.dll,-20000
 [2007/10/18 11:34:04 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:E​nabled:Windows Live Messenger
 [2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:​Enabled:Windows Live Messenger (Phone)
 [2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enab​led:iTunes
 [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.ex​e:*:Enabled:Bonjour

 ========== (O10) Winsock2 Catalogs ==========

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\WinSock​2\Parameters\]
 NameSpace_Catalog5\Catalog_Ent​ries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

 ========== (O18) Protocol Handlers ==========

 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\PROTOCOLS\Handler\]
 [2005/01/12 14:54:56 | 00,081,920 | ---- | M] (Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\comp\hpuip​rot.dll (cetihpz:{CF184AD3-CDCB-4168-A​3F7-8E447D129300} (HKLM) [CZipHandler Object])
 ipp: [HKLM - No CLSID value]
 [2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-​11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
 [2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\WI1F86~1\MESSEN~1\​MSGRAP~1.DLL (livecall:{828030A1-22C1-4009-​854F-8E305202313F} (HKLM) [Reg Error: Value  does not exist or could not be read.])
 msdaipp: [HKLM - No CLSID value]
 [2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A​96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
 [2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-1​1d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
 [2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\WI1F86~1\MESSEN~1\​MSGRAP~1.DLL (msnim:{828030A1-22C1-4009-854​F-8E305202313F} (HKLM) [Reg Error: Value  does not exist or could not be read.])
 [2003/08/04 21:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\FICHIE~1\MICROS~1\​WEBCOM~1\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D​3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
 [2003/08/01 23:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\FICHIE~1\MICROS~1\​WEBCOM~1\11\OWC11.DLL (mso-offdap11:{32505114-5902-4​9B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
 [2007/10/23 12:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-485​6-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

 ========== (O18) Protocol Filters ==========

 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\PROTOCOLS\Filter\] - Protocol Filters
 [2003/07/15 06:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A​672-00B0D022E945} (HKLM) [Reg Error: Value  does not exist or could not be read.]

 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Uninstall]
 "{059D06EE-8C0B-4D18-964F-E0EE​9B16297C}"=ACDSee for PENTAX
 "{07287123-B8AC-41CE-8346-3D77​7245C35B}"=Bonjour
 "{0A8C97AD-DEED-4894-B446-3ABA​95A77D0D}"=Windows Live Toolbar
 "{0BEDBD4E-2D34-47B5-9973-57E6​2B29307C}"=ATI Control Panel
 "{0CA6047C-D28B-4295-834A-07C5​2BA20C2D}"=Extension de Windows Live Toolbar (Windows Live Toolbar)
 "{0CC70FEF-5068-4CD5-B4DE-86FF​D98EC929}"=Menus intelligents (Windows Live Toolbar)
 "{0FABD3D7-3036-4e78-B29D-5895​7ADB0A12}"=HP PSC & OfficeJet 3.5
 "{15EE79F4-4ED1-4267-9B0F-3510​09325D7D}"=HP Software Update
 "{1967D67C-6F3F-4001-9644-BAC7​04F7EE84}"=Samsung PC Studio
 "{1F7473D9-6C0B-4F5A-8FA4-AB8A​D78CBE54}"=DocProc
 "{236BB7C4-4419-42FD-040C-2E25​7A25E34D}"=Adobe Photoshop CS2
 "{24C8FBF7-26C6-48ca-834B-A4E5​C09E362F}"=AiO_Scan
 "{257EC58E-03FD-472B-A9B6-93F2​3A3C4CB0}"=Scan
 "{29B50D30-EAFC-4cea-9F76-3A0E​3729E9B0}"=SkinsHP1
 "{2BD5C305-1B27-4D41-B690-7A61​172D2FEB}"=Macromedia Flash 8
 "{2E132061-C78A-48D4-A899-1D13​B9D189FA}"=Memories Disc Creator 2.0
 "{300D9EF4-2721-4cb4-A6C3-FB23​37CFEA2D}"=AIOMinimal
 "{318AB667-3230-41B5-A617-CB3B​F748D371}"=iTunes
 "{3248F0A8-6813-11D6-A77B-00B0​D0150030}"=J2SE Runtime Environment 5.0 Update 3
 "{3248F0A8-6813-11D6-A77B-00B0​D0160050}"=Java(TM) 6 Update 5
 "{3248F0A8-6813-11D6-A77B-00B0​D0160070}"=Java(TM) 6 Update 7
 "{350C940c-3D7C-4EE8-BAA9-00BC​B3D54227}"=WebFldrs XP
 "{3A2AF807-9F9F-43C9-A24A-17B6​17238B74}"=OpenOffice.org Installer 1.0
 "{3C8C9FB3-5FDF-40B4-B314-EAD7​22728C76}"=Macromedia Extension Manager
 "{3CF78481-FB7B-4B51-99A2-D5E0​CD0B3AAF}"=HPSystemDiagnostics
 "{3DA61550-F0BC-4732-8C9E-D630​5E899D30}"=1200
 "{3DFF4274-EBB0-4356-9692-9729​65018954}"=Windows Live Writer
 "{415B8A4E-0EA2-4C69-975C-EEE0​7B837FD7}"=Unload
 "{48242276-DB89-42e8-9678-BD42​80D7B99A}"=Copy
 "{4C24A8C1-7CFA-4650-AF15-732F​5BD7B46D}"=Macromedia Fireworks 8
 "{4DA99032-B859-44BF-A4E6-0AF9​99E6A0FB}"=Macromedia Contribute 3
 "{5421155F-B033-49DB-9B33-8F80​F233D4D5}"=GdiplusUpgrade
 "{57C7C46A-D35D-492d-A328-4F8C​9B5B4B52}"=PrintScreen
 "{582D2A53-F426-4C5E-A2E6-43C1​AB36B907}"=Safari
 "{5FD788ED-1A37-4496-9BDD-463F​493B27FA}"=Macromedia Dreamweaver 8
 "{62394DA4-3452-435f-935F-D38B​90786590}"=1200_Help
 "{6266AB37-350F-483C-88D2-C530​ACA42645}"=SAGEM Wi-Fi 11g USB adapter (Tool)
 "{63F2408D-A675-4d97-A256-70EA​CB6B9B4A}"=AiOSoftware
 "{6811CAA0-BF12-11D4-9EA1-0050​BAE317E1}"=ASUSDVD
 "{6956856F-B6B3-4BE0-BA0B-8F49​5BE32033}"=Apple Software Update
 "{6D7F8D4B-D1A4-402A-973E-31E9​0940E585}"=OneCare Advisor (Windows Live Toolbar)
 "{6E15BEDF-7EB5-4010-998E-B430​DB4EFE45}"=Barre d'outils Outlook de Windows Live (Windows Live Toolbar)
 "{723C033E-63EA-4227-BAB2-0AA8​693C16EB}"=Director
 "{745A92AF-53B4-41A7-91C3-9B02​6B1D5897}"=InstantShare
 "{766273C1-A39B-47EB-ACE8-DEBD​D8094BCC}"=overland
 "{786C4AD1-DCBA-49A6-B0EF-B317​A344BD66}"=Windows Live Favorites pour Windows Live Toolbar
 "{786C5747-0C40-4930-9AFE-113B​CE553101}"=Adobe Stock Photos 1.0
 "{7AD35FDD-A268-44b7-9A8E-4677​020CC90B}"=1300Tour
 "{81DD5688-695A-4c1d-AE7D-368B​F857725A}"=TrayApp
 "{8600C854-BB21-4545-BC04-9AE0​B69DFB98}"=1000Tour
 "{872C01B6-428F-4f10-97A1-9709​CE543E4A}"=1200Trb
 "{8777AC6D-89F9-4793-8266-DE40​6F343E89}"=QFolder
 "{8BF2C401-02CE-424D-BC26-6C4F​9FB446B6}"=Macromedia Flash 8 Video Encoder
 "{8D3562E7-C795-4B5D-A091-6DAA​3FF0DF3B}"=Macromedia HomeSite+
 "{8EDBA74D-0686-4C99-BFDD-F894​678E5101}"=Adobe Common File Installer
 "{8F722FA9-B994-4C9B-B292-FD32​D6206EDF}"=ASUS WLAN Card Utilities/Driver
 "{9011040C-6000-11D3-8CFE-0150​048383C9}"=Microsoft Office Professional Edition 2003
 "{924EB80F-C2BB-4B9F-8412-88BB​A937393F}"=MobileMe Control Panel
 "{980606BB-A475-4a85-A665-6E30​DB2F28B3}"=1300Trb
 "{9A394342-4A68-4EBA-85A6-55B5​59F4E700}"=Microsoft .NET Framework 1.1 French Language Pack
 "{9B03C535-3AEA-4ef2-B326-0A01​A2207034}"=CreativeProjects
 "{A2500497-FD32-493e-B8E5-28D6​728DBEF5}"=Readme
 "{A425C250-A0E1-4D78-B1C1-A5CB​C7385E7C}"=Bloqueur de fenêtres pop-up (Windows Live Toolbar)
 "{A71822CD-7F77-46a3-B761-D6BA​35245E95}"=1300
 "{AC76BA86-7AD7-1036-7B44-A710​00000002}"=Adobe Reader 7.1.0 - Français
 "{AF226123-1A6F-4ec1-8DEF-E35E​7A0D0127}"=Fax
 "{AFA4E5FD-ED70-4D92-99D0-162F​D56DC986}"=Assistant de connexion Windows Live
 "{B4092C6D-E886-4CB2-BA68-FE5A​88D31DE6}_is1"=Spybot - Search & Destroy
 "{B7050CBDB2504B34BC2A9CA0A692​CC29}"=DivX Web Player
 "{B74D4E10-6884-0000-0000-0000​00000101}"=Adobe Bridge 1.0
 "{BADF6744-3787-48F6-B8C9-4C49​95401D65}"=Windows Live Messenger
 "{BC339BFD-F550-471a-8D26-4D08​126C62F7}"=SkinsHP2
 "{BDFE199D-E889-4BB6-BECB-C4BD​F5700849}"=Documents To Go
 "{C4A4722E-79F9-417C-BD72-8D35​9A090C97}"=Samsung PC Studio
 "{C514C594-23AA-4F13-A070-DB8B​DB27594F}"=Windows Live Mail
 "{CB099890-1D5F-11D5-9EA9-0050​BAE317E1}"=PowerDirector
 "{CB2F7EDD-9D1F-43C1-90FC-4F52​EAE172A1}"=Microsoft .NET Framework 1.1
 "{CB83F10A-D02A-4aba-8843-ACAB​50D48216}"=1300_Help
 "{CBE3E0AF-73BB-4c21-8B96-B09E​003EDE7F}"=QuickProjects
 "{D186329B-1B4D-408D-ABEC-EA5C​E1F182C9}"=Overland
 "{DDB20844-4874-11D6-B55D-0050​DA3C7AAA}"=Lanceur Club Internet v6
 "{E2AA331E-E10E-438C-B1C0-24B2​FFD3D9C4}"=SAGEM Wi-Fi 11g USB adapter (Driver)
 "{E3B2546C-4953-40E6-9285-873E​3C07962D}"=Colin McRae Rally 3 Demo
 "{E8BFBD0A-8002-4dc9-869C-E495​FA9DCE7A}"=PhotoGallery
 "{E916E61F-DE9D-4EAF-91E1-CEB5​0016326A}"=Navigation par onglets (Windows Live Toolbar)
 "{E9787678-119F-4D52-B551-6739​B2B22101}"=Adobe Help Center 1.0
 "{EBA29752-DDD2-4B62-B2E3-9841​F92A3E3A}"=Samsung PC Studio 3 USB Driver Installer
 "{EC4455AB-F155-4CC1-A4C5-88F3​777F9886}"=Apple Mobile Device Support
 "{EFFCB0F1-CFEC-48D4-B793-EBFC​AE852976}"=Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)
 "{F0B430D1-B6AA-473D-9B06-AA3D​D01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
 "{F958CA02-BB40-4007-894B-2587​29456EE4}"=QuickTime
 "{FB10FE1A-9906-44A1-B8AB-B70B​19FEAB58}"=Microsoft Picture It! Express 2001
 "{FBBF532A-47AC-457d-AC06-0D31​63D8911E}"=WebReg
 "{FC7DDAAE-7F2B-4270-9BFD-5A13​0B667E9E}"=Livebox
 "{FD44E544-E7D0-4DBA-9FA0-8AE1​A1300390}"=Windows Live installer
 "{FF102450-55AA-4AE1-ACE4-E271​E2470C83}"=hpmdtab
 "{FF8157AA-F640-45BD-B7C2-BAA1​016B267A}"=palmOne
 "Adobe Acrobat 5.0"=Adobe Acrobat 5.0
 "Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
 "Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
 "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-040C-2E257​A25E34D}"=Adobe Photoshop CS2
 "Alexandra Ledermann 4"=Alexandra Ledermann 4
 "Asus ChkMail"=Asus ChkMail
 "ASUS Hotkey"=ASUS Hotkey
 "ASUS Live Update"=ASUS Live Update
 "ASUS Probe V2.10"=ASUS Probe V2.10
 "ATI Display Driver"=ATI Display Driver
 "Azureus Vuze"=Azureus Vuze
 "BroadJump Client Foundation"=BroadJump Client Foundation
 "CNXT_MODEM_PCI_VEN_8086&DEV_2​4C6&SUBSYS_18261043"=SoftV92 Data Fax Modem with SmartCP
 "Corel Applications"=Corel Applications
 "EspaceWanadoo.exe"=Outil de connexion Wanadoo
 "Hcontrol"=ATK0100 ACPI UTILITY
 "HijackThis"=HijackThis 2.0.2
 "HP Photo & Imaging"=HP Image Zone 3.5
 "IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
 "ie7"=Windows Internet Explorer 7
 "InterActual Player"=InterActual Player
 "MediaShow"=Medi@Show
 "Microsoft .NET Framework 1.1  (1033)"=Microsoft .NET Framework 1.1
 "Mozilla Firefox (2.0.0.20)"=Mozilla Firefox (2.0.0.20)
 "MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
 "Nero - Burning Rom!UninstallKey"=Nero OEM
 "NLSDownlevelMapping"=Microsof​t National Language Support Downlevel APIs
 "OutilsCI"=Outils Club Internet
 "PokerStars"=PokerStars
 "PokerStars.net"=PokerStars.ne​t
 "Power4 Gear V1.07"=Power4 Gear V1.07
 "SAMSUNG CDMA Modem"=SAMSUNG CDMA Modem Driver Set
 "SAMSUNG Mobile USB Modem"=SAMSUNG Mobile USB Modem Software
 "SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software
 "Shockwave"=Shockwave
 "ShockwaveFlash"=Adobe Flash Player 9
 "SynTPDeinstKey"=Synaptics Pointing Device Driver
 "TONLFR.MCCInstall"=LE COMPAGNON CLUB
 "TopStyle Lite (Version 3.0)"=TopStyle Lite (Version 3.0)
 "VLC media player"=VideoLAN VLC media player 0.8.6d
 "Vodafone 804SS USB driver"=Vodafone 804SS USB driver Software
 "WIC"=Windows Imaging Component
 "Windows Live Toolbar"=Windows Live Toolbar
 "Windows Media Format Runtime"=Windows Media Format 11 runtime
 "Windows Media Player"=Lecteur Windows Media 11
 "Windows XP Service"=Windows XP Service Pack 3
 "WINFLASH V2.13"=WINFLASH V2.13
 "WMFDist11"=Windows Media Format 11 runtime
 "wmp11"=Windows Media Player 11
 "Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
 "Yahoo! Companion"=Yahoo! Toolbar
 "Yahoo! Toolbar"=Yahoo! Toolbar

 ========== Last 10 Event Log Errors ==========

 [ Application Events ]
 Error - 05/02/2008 07:41:47 | Computer Name = NOM-M8HOYK0DH9J | Source = Application Error | ID = 1000
 Description = Application défaillante iexplore.exe, version 7.0.6000.16574, module
 défaillant ntdll.dll, version 5.1.2600.2180, adresse de défaillance 0x00018fea.

 Error - 07/02/2008 10:31:04 | Computer Name = NOM-M8HOYK0DH9J | Source = Application Hang | ID = 1002
 Description = Application bloquée ACDSee5.exe, version 5.1.0.1, module bloqué hungapp,
 version 0.0.0.0, adresse de blocage 0x00000000.

 Error - 07/02/2008 16:26:54 | Computer Name = NOM-M8HOYK0DH9J | Source = Application Error | ID = 1000
 Description = Application défaillante iexplore.exe, version 7.0.6000.16574, module
 défaillant basegui.dll, version 6.0.0.299, adresse de défaillance 0x00019ce8.

 [ System Events ]
 Error - 19/01/2009 11:49:54 | Computer Name = NOM-M8HOYK0DH9J | Source = Service Control Manager | ID = 7009
 Description = Délai (30000 millisecondes) d'attente pour une connexion du service
 avast! Antivirus.

 Error - 19/01/2009 11:49:54 | Computer Name = NOM-M8HOYK0DH9J | Source = Service Control Manager | ID = 7000
 Description = Le service avast! Antivirus n'a pas pu démarrer en raison de l'erreur :

%%1053

 Error - 19/01/2009 11:54:19 | Computer Name = NOM-M8HOYK0DH9J | Source = Windows Update Agent | ID = 20
 Description = Échec de l'installation : l'installation de la mise à jour suivante
 a échoué avec l'erreur 0x8024002d : Microsoft Office 2003 Service Pack 3 (SP3).

 Error - 19/01/2009 12:02:57 | Computer Name = NOM-M8HOYK0DH9J | Source = W32Time | ID = 39452706
 Description = Le service de temps a détecté que l'heure système doit être modifiée
 de  -88244 secondes. Le service de temps ne va pas modifier  l'heure système de plus
 de -54000 secondes. Vérifiez que votre heure et votre fuseau horaire  sont corrects
 et que la source de temps time.windows.com (ntp.m|0x1|192.168.1.3:123->20​7.46.232.182:123)
 fonctionne correctement.

 Error - 19/01/2009 13:12:52 | Computer Name = NOM-M8HOYK0DH9J | Source = Service Control Manager | ID = 7009
 Description = Délai (30000 millisecondes) d'attente pour une connexion du service
 avast! Antivirus.

 Error - 19/01/2009 13:12:52 | Computer Name = NOM-M8HOYK0DH9J | Source = Service Control Manager | ID = 7000
 Description = Le service avast! Antivirus n'a pas pu démarrer en raison de l'erreur :

%%1053

 Error - 19/01/2009 14:32:04 | Computer Name = NOM-M8HOYK0DH9J | Source = Service Control Manager | ID = 7009
 Description = Délai (30000 millisecondes) d'attente pour une connexion du service
 avast! Antivirus.

 Error - 19/01/2009 14:32:04 | Computer Name = NOM-M8HOYK0DH9J | Source = Service Control Manager | ID = 7000
 Description = Le service avast! Antivirus n'a pas pu démarrer en raison de l'erreur :

%%1053

 Error - 19/01/2009 14:56:16 | Computer Name = NOM-M8HOYK0DH9J | Source = Service Control Manager | ID = 7009
 Description = Délai (30000 millisecondes) d'attente pour une connexion du service
 avast! Antivirus.

 Error - 19/01/2009 14:56:16 | Computer Name = NOM-M8HOYK0DH9J | Source = Service Control Manager | ID = 7000
 Description = Le service avast! Antivirus n'a pas pu démarrer en raison de l'erreur :

%%1053

 Et voici le 2eme :

 OTViewIt logfile created on: 19/01/2009 21:22:37 - Run
 OTViewIt by OldTimer - Version 1.0.21.0     Folder = C:\Documents and Settings\Nelly MARTY\Bureau
 Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
 Internet Explorer (Version = 7.0.5730.11)
 Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
 511,36 Mb Total Physical Memory | 115,56 Mb Available Physical Memory | 22,60% Memory free
 1,22 Gb Paging File | 0,87 Gb Available in Paging File | 70,90% Paging File free
 Paging file location(s): C:\pagefile.sys 768 1536;
 
 %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
 Drive C: | 43,70 Gb Total Space | 2,39 Gb Free Space | 5,48% Space Free | Partition Type: FAT32
 Drive D: | 29,04 Gb Total Space | 29,04 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 E: Drive not present or media not loaded
 Drive F: | 968,09 Mb Total Space | 707,42 Mb Free Space | 73,07% Space Free | Partition Type: FAT32
 G: Drive not present or media not loaded
 H: Drive not present or media not loaded
 I: Drive not present or media not loaded
 
 Computer Name: NOM-M8HOYK0DH9J
 Current User Name: Nelly MARTY
 Logged in as Administrator.
 
 Current Boot Mode: Normal
 Scan Mode: Current user
 Whitelist: On
 File Age = 30 Days
 
 ========== Processes ==========
 
 [2004/04/30 03:00:18 | 00,397,312 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.e​xe
 [2003/01/27 17:16:58 | 00,376,912 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
 [2006/04/21 15:41:20 | 00,438,359 | ---- | M] (Motive Communications, Inc.) -- C:\PROGRA~1\CLUB-I~1\LECOMP~1\​SMARTB~1\MotiveSB.exe
 [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jus​ched.exe
 [2004/10/05 17:00:12 | 00,061,440 | ---- | M] (France Télécom R&D) -- C:\PROGRA~1\WANADOO\TaskBarIco​n.exe
 [2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
 [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
 [2009/01/07 17:10:42 | 01,111,552 | ---- | M] () -- C:\Program Files\Antivirus 2009\av2009.exe
 [2008/07/07 09:42:06 | 02,156,368 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 [2005/07/14 10:50:50 | 00,835,584 | ---- | M] ( ) -- C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
 [2004/06/09 14:16:08 | 00,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe
 [2008/12/13 15:32:32 | 00,028,672 | ---- | M] (DataViz, Inc.) -- C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
 [2007/12/26 14:17:06 | 05,484,544 | ---- | M] (Groupe Neuf Cegetel) -- C:\Program Files\Club-Internet\Lanceur\la​nceur.exe
 [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 [2004/05/06 12:21:04 | 00,496,640 | ---- | M] () -- C:\WINDOWS\system32\ASWLSVC.ex​e
 [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.ex​e
 [2004/08/23 14:49:56 | 00,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\System32\FTRTSVC.ex​e
 [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
 [2004/05/20 21:52:40 | 00,488,448 | ---- | M] () -- C:\WINDOWS\system32\ASWL2K.exe
 [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.ex​e
 [2009/01/02 15:57:50 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
 [2009/01/18 20:50:52 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nelly MARTY\Bureau\OTViewIt.exe
 
 ========== (O23) Win32 Services ==========
 
 [2006/09/28 15:36:56 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
 [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe -- (Apple Mobile Device [Auto | Running])
 [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Frame​work\v1.1.4322\aspnet_state.ex​e -- (aspnet_state [On_Demand | Stopped])
 [2004/05/06 12:21:04 | 00,496,640 | ---- | M] () -- C:\WINDOWS\system32\ASWLSVC.ex​e -- (ASWLSVC [Auto | Running])
 [2004/04/30 03:00:18 | 00,397,312 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.e​xe -- (Ati HotKey Poller [Auto | Running])
 [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.ex​e -- (Bonjour Service [Auto | Running])
 [2004/08/23 14:49:56 | 00,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\System32\FTRTSVC.ex​e -- (FTRTSVC [Auto | Running])
 [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
 [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
 [2004/01/05 11:44:28 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.e​xe -- (Pml Driver HPZ12 [On_Demand | Stopped])
 [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
 [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
 [2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
 
 ========== Driver Services ==========
 
 File not found --  -- (Aavmker4 [System | Running])
 [2006/06/08 22:33:34 | 00,043,672 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AF​S2K.SYS -- (AFS2K [System | Running])
 [2003/09/21 14:41:06 | 00,404,608 | ---- | M] (Sensaura Ltd) -- C:\WINDOWS\system32\drivers\AL​CXSENS.SYS -- (ALCXSENS [On_Demand | Running])
 [2003/09/21 14:41:08 | 00,460,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\AL​CXWDM.SYS -- (ALCXWDM [On_Demand | Running])
 [2002/09/09 19:54:06 | 00,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\ASNDIS5.SY​S -- (ASNDIS5 [On_Demand | Running])
 File not found --  -- (aswFsBlk [Auto | Running])
 File not found --  -- (aswMon2 [Auto | Running])
 File not found --  -- (aswSP [System | Running])
 File not found --  -- (aswTdi [System | Running])
 [2004/04/30 03:00:20 | 00,669,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\at​i2mtag.sys -- (ati2mtag [On_Demand | Running])
 [2004/04/30 02:50:10 | 00,005,786 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\AT​KACPI.sys -- (ATKXPDisplayName [On_Demand | Running])
 [2003/07/17 16:40:06 | 00,265,728 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bc​mwl5.sys -- (BCM43XX [On_Demand | Running])
 [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GE​ARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
 [2004/01/05 11:44:28 | 00,051,056 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HP​Zid412.sys -- (HPZid412 [On_Demand | Stopped])
 [2004/01/05 11:44:30 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HP​Zipr12.sys -- (HPZipr12 [On_Demand | Stopped])
 [2004/01/05 11:44:30 | 00,021,488 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HP​Zius12.sys -- (HPZius12 [On_Demand | Stopped])
 [2003/10/15 22:41:58 | 00,197,504 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HS​FHWICH.sys -- (HSFHWICH [On_Demand | Running])
 [2003/10/15 22:41:58 | 01,043,072 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HS​F_DP.sys -- (HSF_DP [On_Demand | Running])
 [2001/08/17 21:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\ir​sir.sys -- (irsir [On_Demand | Running])
 [2003/10/15 22:41:58 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\md​mxsdk.sys -- (mdmxsdk [Auto | Running])
 [2004/11/22 16:36:40 | 00,018,003 | ---- | M] (Motive, Inc.) -- C:\PROGRA~1\COMMON~1\Motive\MR​ENDIS5.SYS -- (MRENDIS5 [On_Demand | Stopped])
 [2008/12/13 15:22:40 | 00,016,694 | ---- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\Pa​lmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
 [2003/10/22 09:54:18 | 00,017,162 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.S​YS -- (PCANDIS5 [On_Demand | Stopped])
 [2003/07/01 18:47:08 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pf​c.sys -- (pfc [On_Demand | Running])
 [2003/04/28 10:16:08 | 00,050,816 | ---- | M] (StarForce Technologies, Inc.) -- C:\WINDOWS\System32\drivers\pr​odrv06.sys -- (prodrv06 [System | Running])
 [2003/04/28 11:12:22 | 00,094,464 | ---- | M] (StarForce Technologies, Inc.) -- C:\WINDOWS\System32\drivers\pr​ohlp02.sys -- (prohlp02 [Boot | Running])
 [2003/04/04 08:41:48 | 00,006,848 | ---- | M] (StarForce Technologies, Inc.) -- C:\WINDOWS\System32\drivers\pr​osync1.sys -- (prosync1 [Boot | Running])
 [2002/08/30 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\pt​ilink.sys -- (Ptilink [On_Demand | Running])
 [2003/09/21 14:42:24 | 00,050,688 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\R5​92.sys -- (R592 [Boot | Running])
 [2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\se​cdrv.sys -- (Secdrv [Auto | Running])
 [2003/04/29 12:10:42 | 00,004,448 | ---- | M] (StarForce Technologies, Inc.) -- C:\WINDOWS\System32\drivers\sf​hlp01.sys -- (sfhlp01 [Boot | Running])
 [2005/07/13 16:37:18 | 00,260,608 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\System32\DRIVERS\Wl​anUZXP.sys -- (SG760_XP [On_Demand | Stopped])
 [2001/08/17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SO​NYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
 [2004/04/30 02:56:32 | 00,180,000 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\Sy​nTP.sys -- (SynTP [On_Demand | Running])
 [2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\us​baapl.sys -- (USBAAPL [On_Demand | Stopped])
 [2003/10/15 22:41:58 | 00,678,400 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HS​F_CNXT.sys -- (winachsf [On_Demand | Running])
 [2004/04/04 23:22:16 | 00,142,464 | ---- | M] (Marvell Semiconductor Inc.) -- C:\WINDOWS\System32\DRIVERS\yu​konwxp.sys -- (yukonwxp [On_Demand | Running])
 [2005/07/13 16:38:14 | 00,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\ZDPNDIS5.S​YS -- (ZDPNDIS5 [On_Demand | Running])
 
 ========== (R ) Internet Explorer ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\Main]
 "Default_Page_URL"=http://go.m​icrosoft.com/fwlink/?LinkId=69​157
 "Default_Search_URL"=http://go​.microsoft.com/fwlink/?LinkId=​54896
 "Default_Secondary_Page_URL"=
 "Extensions Off Page"=about:NoAdd-ons
 "Local Page"=%SystemRoot%\system32\bl​ank.htm
 "Search Page"=http://go.microsoft.com/​fwlink/?LinkId=54896
 "Security Risk Page"=about:SecurityRisk
 "Start Page"=http://go.microsoft.com/​fwlink/?LinkId=69157
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\Search]
 "CustomizeSearch"=http://ie.se​arch.msn.com/{SUB_RFC1766}/src​hasst/srchcust.htm
 "SearchAssistant"=http://ie.se​arch.msn.com/{SUB_RFC1766}/src​hasst/srchasst.htm
 
 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Internet Explorer\Main]
 "Local Page"=C:\WINDOWS\system32\blan​k.htm
 "Search Page"=http://g.msn.fr/0SEFRFR/​SAOS01?FORM=TOOLBR
 "SearchMigratedDefaultName"=Li​ve Search
 "SearchMigratedDefaultURL"=htt​p://search.live.com/results.as​px?q={searchTerms}&src={referr​er:source?}
 "Start Page"=http://www.club-internet​.fr
 
 [HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\SearchURL]
 ""=http://g.msn.fr/0SEFRFR/SAO​S01?FORM=TOOLBR
 
 [HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\URLSearchHooks]
 "{08C06D61-F1F3-4799-86F8-BE1A​89362C85}" (HKLM) -- C:\PROGRA~1\WANADOO\SEARCH~1.D​LL ()
 "{CFBFAE00-17A6-11D0-99CB-00C0​4FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dl​l (Microsoft Corporation)
 "{EF99BD32-C1FB-11D2-892F-0090​271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Install​s\cpn\yt.dll (Yahoo! Inc.)
 
 [HKEY_CURRENT_USER\Software\Mic​rosoft\Windows\CurrentVersion\​Internet Settings]
 "ProxyEnable" = 0
 "ProxyOverride" = 127.0.0.1;*.local
 
 ========== (O1) Hosts File ==========
 
 HOSTS File = (290828 bytes) - C:\WINDOWS\System32\drivers\et​c\Hosts
 First 25 entries...
 127.0.0.1       localhost
 127.0.0.1 www.007guard.com
 127.0.0.1 007guard.com
 127.0.0.1 008i.com
 127.0.0.1 www.008k.com
 127.0.0.1 008k.com
 127.0.0.1 www.00hq.com
 127.0.0.1 00hq.com
 127.0.0.1 010402.com
 127.0.0.1 www.032439.com
 127.0.0.1 032439.com
 127.0.0.1 www.0scan.com
 127.0.0.1 0scan.com
 127.0.0.1 1000gratisproben.com
 127.0.0.1 www.1000gratisproben.com
 127.0.0.1 www.1001namen.com
 127.0.0.1 1001namen.com
 127.0.0.1 www.100888290cs.com
 127.0.0.1 100888290cs.com
 127.0.0.1 www.100sexlinks.com
 127.0.0.1 100sexlinks.com
 127.0.0.1 www.10sek.com
 127.0.0.1 10sek.com
 127.0.0.1 www.1-2005-search.com
 127.0.0.1 1-2005-search.com
 10015 more lines...
 
 ========== (O2) BHO's ==========
 
 [HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\]
 {02478D38-C3F9-4EFB-9B51-7695E​CA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Install​s\cpn\yt.dll (Yahoo! Inc.)
 {037C7B8A-151A-49E6-BAED-CC05F​CB50328} (HKLM) -- C:\WINDOWS\system32\winsrc.dll ()
 {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
 {0B014B81-4E12-46F9-806F-55867​AF8FD3C} (HKLM) -- C:\WINDOWS\system32\winsrc.dll ()
 {53707962-6F74-2D53-2644-206D7​942484F} (HKLM) -- C:\PROGRA~1\SPYBOT~1\SDHelper.​dll (Safer Networking Limited)
 {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv​.dll (Sun Microsystems, Inc.)
 {7E853D72-626A-48EC-A868-BA8D5​E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
 {9030D464-4C02-4ABF-8ECC-51647​60863C6} (HKLM) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
 {BDBD1DAD-C946-4A17-ADC1-64B5B​4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
 
 ========== (O3) Toolbars ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\ToolBar]
 "{BDAD1DAD-C946-4A17-ADC1-64B5​B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\ToolBar]
 "{EF99BD32-C1FB-11D2-892F-0090​271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Install​s\cpn\yt.dll (Yahoo! Inc.)
 
 [HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\Toolbar\WebBrowser]
 "{BDAD1DAD-C946-4A17-ADC1-64B5​B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
 "{EF99BD32-C1FB-11D2-892F-0090​271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Install​s\cpn\yt.dll (Yahoo! Inc.)
 
 ========== (O4) Run Keys ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.​exe (Apple Inc.)
 "BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
 "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
 "Motive SmartBridge"=C:\PROGRA~1\CLUB-​I~1\LECOMP~1\SMARTB~1\MotiveSB​.exe (Motive Communications, Inc.)
 "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
 "StandardInstall"= File not found
 "SunJavaUpdateSched"="C:\Progr​am Files\Java\jre1.6.0_07\bin\jus​ched.exe" (Sun Microsystems, Inc.)
 "WOOTASKBARICON"=C:\PROGRA~1\W​ANADOO\GestMaj.exe TaskBarIcon.exe File not found
 "WOOWATCH"=C:\PROGRA~1\WANADOO​\Watch.exe (France Télécom R&D)
 
 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "68789774347415719950354492144​745"=C:\Program Files\Antivirus 2009\av2009.exe ()
 "ieupdate"="C:\WINDOWS\system3​2\explorer32.exe" File not found
 "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
 "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.​exe AcRdB7_1_0 (Adobe Systems Incorporated)
 "WOOKIT"=C:\PROGRA~1\WANADOO\S​hell.exe appLaunchClientZone.shl|DEFAUL​T=cnx|PARAM= ()
 
 ========== (O4) RunOnceEx Keys ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\RunOnceEx]
 "Register Homesite+.exe"="C:\Program Files\Macromedia\HomeSite+\Hom​esite+.exe" /REGSERVER (Macromedia, Inc.)
 
 ========== (O4) Startup Folders ==========
 
 [2005/07/14 10:50:50 | 00,835,584 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\​Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
 [2005/06/03 09:25:18 | 00,217,088 | ---- | M] (Motive Communications, Inc.) -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\​LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
 [2008/04/23 03:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\​Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
 [2004/06/09 14:16:08 | 00,471,040 | ---- | M] (PalmSource, Inc) -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\​HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
 [2008/12/13 15:32:32 | 00,028,672 | ---- | M] (DataViz, Inc.) -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\​DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
 [2007/12/26 14:17:06 | 05,484,544 | ---- | M] (Groupe Neuf Cegetel) -- C:\Documents and Settings\Nelly MARTY\Menu Démarrer\Programmes\Démarrage\​Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\la​nceur.exe
 [2005/02/11 13:44:58 | 02,301,952 | ---- | M] (palmOne/Leader Technologies) -- C:\Documents and Settings\Nelly MARTY\Menu Démarrer\Programmes\Démarrage\​palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
 
 ========== (O6 & O7) Current Version Policies ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\policies\System]
 "dontdisplaylastusername"=0
 "legalnoticecaption"=
 "legalnoticetext"=
 "shutdownwithoutlogon"=1
 "undockwithoutlogon"=1
 
 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​policies\Explorer]
 "NoDriveTypeAutoRun"=145
 
 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​policies\System]
 "DisableTaskMgr"=1
 
 ========== (O8) IE Context Menu Extensions ==========
 
 [HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\MenuExt\]
 &Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
 Add to Windows &Live Favorites:  File not found
 E&xporter vers Microsoft Excel: C:\PROGRA~1\MICROS~3\OFFICE11\​EXCEL.EXE [2003/08/13 10:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
 Ouvrir dans un nouvel onglet d'arrière-plan: C:\Program Files\Windows Live Toolbar\Components\fr-fr\msnta​bres.dll.mui [2007/10/19 12:15:22 | 00,092,672 | ---- | M] (Microsoft Corporation)
 Ouvrir dans un nouvel onglet de premier plan: C:\Program Files\Windows Live Toolbar\Components\fr-fr\msnta​bres.dll.mui [2007/10/19 12:15:22 | 00,092,672 | ---- | M] (Microsoft Corporation)
 
 ========== (O9) IE Extensions ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\Extensions\]
 {08B0E5C0-4FCB-11CF-AAA5-00401​C608501}: Menu: Console Java (Sun) -- %ProgramFiles%\Java\jre1.6.0_0​7\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
 {219C3416-8CB2-491a-A3C7-D9FCD​DC9D600}: Button: Ajout Direct -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExten​sion.dll [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
 {219C3416-8CB2-491a-A3C7-D9FCD​DC9D600}: Menu: &Ajout Direct dans Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExten​sion.dll [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
 {3AD14F0C-ED16-4e43-B6D8-661B0​3F6A1EF}: Button: PokerStars -- %ProgramFiles%\PokerStars\Poke​rStarsUpdate.exe [2008/05/01 17:16:10 | 00,435,088 | ---- | M] (PokerStars)
 {92780B25-18CC-41C8-B9BE-3C9C5​71A8263}: Button: Recherche -- %SystemDrive%\PROGRA~1\MICROS~​3\OFFICE11\REFIEBAR.DLL [2003/07/15 06:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
 {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %SystemDrive%\PROGRA~1\SPYBOT~​1\SDHelper.dll [2008/07/07 09:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
 {e2e2dd38-d088-4134-82b7-f2ba3​8496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
 {FA9B9510-9FCB-4ca0-818C-5D098​7B47C4D}: Button: PokerStars.net -- %ProgramFiles%\PokerStars.NET\​PokerStarsUpdate.exe [2007/10/29 17:06:02 | 00,435,088 | ---- | M] (PokerStars)
 {FB5F1910-F110-11d2-BB9E-00C04​F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsg​s.exe [2008/04/14 04:34:14 | 01,695,232 | ---- | M] (Microsoft Corporation)
 {FB5F1910-F110-11d2-BB9E-00C04​F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsg​s.exe [2008/04/14 04:34:14 | 01,695,232 | ---- | M] (Microsoft Corporation)
 
 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Internet Explorer\Extensions\]
 {1462651F-F4BA-4C76-A001-C4284​D0FE16E}\\ButtonText [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
 {1462651F-F4BA-4C76-A001-C4284​D0FE16E}\\CLSID [HKLM] ->  [{0000031A-0000-0000-C000-00000​0000046}] -> File not found
 {1462651F-F4BA-4C76-A001-C4284​D0FE16E}\\Default Visible [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
 {1462651F-F4BA-4C76-A001-C4284​D0FE16E}\\Exec [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
 {1462651F-F4BA-4C76-A001-C4284​D0FE16E}\\HotIcon [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
 {1462651F-F4BA-4C76-A001-C4284​D0FE16E}\\Icon [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
 CmdMapping\\{1462651F-F4BA-4C7​6-A001-C4284D0FE16E} [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
 CmdMapping\\{1F460357-8A94-4D7​1-9CA3-AA4ACF32ED8E} [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
 CmdMapping\\{3AD14F0C-ED16-4e4​3-B6D8-661B03F6A1EF} [HKLM] -> %ProgramFiles%\PokerStars\Poke​rStarsUpdate.exe [PokerStars] -> [2008/05/01 17:16:10 | 00,435,088 | ---- | M] (PokerStars)
 CmdMapping\\{92780B25-18CC-41C​8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%\PROGRA~1\MICROS~​3\OFFICE11\REFIEBAR.DLL [Recherche] -> [2003/07/15 06:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
 CmdMapping\\{FA9B9510-9FCB-4ca​0-818C-5D0987B47C4D} [HKLM] -> %ProgramFiles%\PokerStars.NET\​PokerStarsUpdate.exe [PokerStars.net] -> [2007/10/29 17:06:02 | 00,435,088 | ---- | M] (PokerStars)
 CmdMapping\\{FB5F1910-F110-11d​2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsg​s.exe [Messenger] -> [2008/04/14 04:34:14 | 01,695,232 | ---- | M] (Microsoft Corporation)
 
 ========== (O12) Internet Explorer Plugins ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\Plugins\]
 PluginsPage: "" = http://activex.microsoft.com/c [...] %s&mime=%s
 PluginsPageFriendlyName: "" =  Microsoft ActiveX Gallery
 
 ========== (O13) Default Prefixes ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\URL\DefaultPrefix]
 ""=http://
 
 ========== (O15) Trusted Sites ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Internet Settings\ZoneMap\Domains\]
 49 domain(s) and sub-domain(s) not assigned to a zone.
 
 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Internet Settings\ZoneMap\Domains\]
 : msn in My Computer
 48 domain(s) and sub-domain(s) not assigned to a zone.
 
 ========== (O16) DPF ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\]
 {67DABFBF-D0AB-41FA-9C46-CC0F2​1721616}: http://download.divx.com/playe [...] Plugin.cab -- DivXBrowserPlugin Object
 {8AD9C840-044E-11D1-B3E9-00805​F499D93}: http://java.sun.com/update/1.6 [...] s-i586.cab -- Java Plug-in 1.6.0_07
 {CAFEEFAC-0015-0000-0003-ABCDE​FFEDCBA}: http://java.sun.com/update/1.5 [...] s-i586.cab -- Java Plug-in 1.5.0_03
 {CAFEEFAC-0016-0000-0005-ABCDE​FFEDCBA}: http://java.sun.com/update/1.6 [...] s-i586.cab -- Java Plug-in 1.6.0_05
 {CAFEEFAC-0016-0000-0007-ABCDE​FFEDCBA}: http://java.sun.com/update/1.6 [...] s-i586.cab -- Java Plug-in 1.6.0_07
 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDE​FFEDCBA}: http://java.sun.com/update/1.6 [...] s-i586.cab -- Java Plug-in 1.6.0_07
 DirectAnimation Java Classes: file://C:\WINDOWS\Java\classes​\dajava.cab -- Reg Error: Key does not exist or could not be opened.
 Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes​\xmldso.cab -- Reg Error: Key does not exist or could not be opened.
 
 ========== (O17) DNS Name Servers ==========
 
 {0214331C-71AE-4B76-9B32-31C59​37F99D9} (Servers:  | Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45)
 {0FD50E0B-E842-40A3-BD62-56AE0​A5FD5BA} (Servers:  | Description: Carte réseau ASUS 802.11g)
 {73E2D863-DEB2-428B-AFB9-63E9E​2FCCBD9} (Servers:  | Description: SAGEM Wi-Fi 11g USB adapter)
 {A8BAB1F5-7511-459E-A8F3-FEC42​EB9C16E} (Servers:  | Description: SAGEM Wi-Fi 11g USB adapter)
 {EDFC3D9F-41D1-4DFF-8C55-F258C​7C1E707} (Servers:  | Description: Carte réseau 1394)
 
 ========== Safeboot Options ==========
 
 "AlternateShell"=cmd.exe
 
 ========== CDRom AutoRun Settings ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\Cdrom]
 "AutoRun" = 1
 
 ========== Autorun Files on Drives ==========
 
 AUTOEXEC.BAT []
 [2004/10/06 14:17:00 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ FAT32 ]
 
 ========== MountPoints2 ==========
 
 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Explorer\MountPoints2\{bbf7741​5-0d24-11dc-8b4e-00112fb6b3b4}​\Shell]
 ""=AutoRun
 
 
 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Explorer\MountPoints2\{bbf7741​5-0d24-11dc-8b4e-00112fb6b3b4}​\Shell\AutoRun\command]
 ""=H:\LaunchU3.exe -- File not found
 
 ========== Files/Folders - Created Within 30 Days ==========
 
 [5 C:\WINDOWS\*.tmp files]
 [2009/01/19 21:21:40 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nelly MARTY\Bureau\OTViewIt.exe
 [2009/01/19 19:59:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
 [2009/01/18 20:06:11 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Nelly MARTY\Bureau\HiJackThis.exe
 [2009/01/08 17:31:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
 [2009/01/08 17:31:02 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
 [2009/01/08 17:14:15 | 00,199,680 | ---- | C] () -- C:\Documents and Settings\Nelly MARTY\Mes documents\vin pour doud.doc
 [2009/01/07 17:11:14 | 00,311,816 | ---- | C] () -- C:\WINDOWS\System32\winsrc.dll
 [2009/01/07 17:10:51 | 00,103,424 | ---- | C] () -- C:\WINDOWS\System32\ieupdates.​exe
 [2009/01/07 17:10:42 | 00,000,648 | ---- | C] () -- C:\Documents and Settings\Nelly MARTY\Bureau\Antivirus 2009.lnk
 [2009/01/07 17:10:41 | 00,078,336 | ---- | C] () -- C:\WINDOWS\System32\scui.cpl
 [2009/01/07 17:10:36 | 00,000,000 | ---D | C] -- C:\Program Files\Antivirus 2009
 [2008/12/29 18:30:18 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
 [2008/12/29 18:29:32 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
 [2008/12/29 18:29:08 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
 [2008/12/29 18:29:05 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
 [2008/12/29 18:29:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_​CA64CB79BCF6}
 [2008/12/29 18:22:05 | 00,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Safari.lnk
 [2008/12/29 18:21:51 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
 
 ========== Files - Modified Within 30 Days ==========
 
 [5 C:\WINDOWS\*.tmp files]
 [2009/01/19 20:51:04 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
 [2009/01/19 19:58:48 | 00,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
 [2009/01/19 19:56:56 | 00,000,728 | ---- | M] () -- C:\Documents and Settings\Nelly MARTY\Menu Démarrer\Programmes\Démarrage\​Club Internet.lnk
 [2009/01/19 19:56:56 | 00,000,716 | ---- | M] () -- C:\Documents and Settings\Nelly MARTY\Bureau\Club Internet.lnk
 [2009/01/19 19:56:28 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
 [2009/01/19 19:56:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
 [2009/01/19 19:55:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
 [2009/01/19 19:55:38 | 53,626,8800 | -HS- | M] () -- C:\hiberfil.sys
 [2009/01/18 20:50:52 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nelly MARTY\Bureau\OTViewIt.exe
 [2009/01/18 20:04:12 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Nelly MARTY\Bureau\HiJackThis.exe
 [2009/01/11 20:08:52 | 00,000,655 | ---- | M] () -- C:\Documents and Settings\Nelly MARTY\Menu Démarrer\Programmes\Démarrage\​palmOne Registration.lnk
 [2009/01/08 17:14:16 | 00,199,680 | ---- | M] () -- C:\Documents and Settings\Nelly MARTY\Mes documents\vin pour doud.doc
 [2009/01/08 15:29:56 | 00,311,816 | ---- | M] () -- C:\WINDOWS\System32\winsrc.dll
 [2009/01/07 17:10:56 | 00,103,424 | ---- | M] () -- C:\WINDOWS\System32\ieupdates.​exe
 [2009/01/07 17:10:44 | 00,078,336 | ---- | M] () -- C:\WINDOWS\System32\scui.cpl
 [2009/01/07 17:10:44 | 00,000,648 | ---- | M] () -- C:\Documents and Settings\Nelly MARTY\Bureau\Antivirus 2009.lnk
 [2008/12/30 16:53:16 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Safari.lnk
 [2008/12/29 18:29:34 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
 < End of report >

 Je ne sais pas si c'est important de le signaler, mais j'ai aussi Antivirus 2009 qui est trés génant (Change la taille de la résolution, simule une erreur comme un écran bleu, simule le chargement de windows...)

 Merci encore :)

May CastleCops live forever in our memories.
curson
Débutant confirmé (de 1 000 à 4 999 messages postés)
  1. Posté le 18/01/2009 à 21:42:54  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonsoir,

 Désinstalle PokerStars via ajout/suppression de programmes.


 1) Désactive les logiciels de protection (Antivirus, Antispywares) puis :


 2) Télécharge Combofix de sUBs : combofix.exe
 et sauvegarde le sur ton bureau et pas ailleurs!


 3) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
 



KILLALL::

 Driver::
 Bonjour Service
 FTRTSVC
 Aavmker4
 aswFsBlk
 aswMon2
 aswSP
 aswTdi

 Registry::
 [-HKEY_LOCAL_MACHINE\Software\M​icrosoft\Windows\CurrentVersio​n\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}]
 [-HKEY_LOCAL_MACHINE\Software\M​icrosoft\Windows\CurrentVersio​n\Explorer\Browser Helper Objects\{0B014B81-4E12-46F9-806F-55867AF8FD3C}]
 [-HKEY_LOCAL_MACHINE\Software\M​icrosoft\Windows\CurrentVersio​n\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\M​icrosoft\Windows\CurrentVersio​n\Run]
 "BJCFD"=-
 "StandardInstall"=-
 "WOOTASKBARICON"=-
 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "68789774347415719950354492144​745"=-
 "ieupdate"=-
 [-HKEY_LOCAL_MACHINE\SOFTWARE\M​icrosoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\M​icrosoft\Internet Explorer\Extensions\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}]
 [-HKEY_CURRENT_USER\SOFTWARE\Mi​crosoft\Internet Explorer\Extensions\{1462651F-F4BA-4C76-A001-C4284D0FE16E}]
 [-HKEY_CURRENT_USER\SOFTWARE\Mi​crosoft\Internet Explorer\Extensions\CmdMapping\{1462651F-F4BA-4C76-A001-C4284D0FE16E}]
 [-HKEY_CURRENT_USER\SOFTWARE\Mi​crosoft\Internet Explorer\Extensions\CmdMapping\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}]
 [-HKEY_CURRENT_USER\SOFTWARE\Mi​crosoft\Internet Explorer\Extensions\CmdMapping\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}]
 [-HKEY_CURRENT_USER\SOFTWARE\Mi​crosoft\Internet Explorer\Extensions\CmdMapping\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\M​icrosoft\Code Store Database\Distribution Units\DirectAnimation Java Classes]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\M​icrosoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java]
 [-HKEY_CURRENT_USER\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Explorer\MountPoints2\{bbf774​15-0d24-11dc-8b4e-00112fb6b3b4​}\Shell\AutoRun]
 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Explorer\MountPoints2\{bbf7741​5-0d24-11dc-8b4e-00112fb6b3b4}​\Shell]
 ""=AutoRun

 File::
 C:\WINDOWS\System32\FTRTSVC.ex​e
 C:\WINDOWS\system32\winsrc.dll
 C:\WINDOWS\system32\explorer32​.exe
 C:\WINDOWS\System32\ieupdates.​exe
 C:\Documents and Settings\Nelly MARTY\Bureau\Antivirus 2009.lnk
 C:\WINDOWS\System32\scui.cpl

 Folder::
 C:\Program Files\Bonjour
 C:\Program Files\Antivirus 2009
 C:\Program Files\PokerStars
 C:\Program Files\PokerStars.NET
 C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_​CA64CB79BCF6}



 - Enregistre-le sous le nom de CFScript

 - Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 http://i261.photobucket.com/al​bums/ii49/Malekal_morte/CFScri​pt-2.gif

 - Une fenêtre bleue va apparaître. Tape 1 si nécessaire.
 - Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
 Ne touche à rien tant que le scan n'est pas terminé.
 - Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

 - Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


 3) Télécharge le StarForce Removal Tool

 - Dezippe-le sur ton bureau.
 - Double-clique sur sfdrvrem.exe.


 4) Télécharge Malwarebytes Anti-Malware.

 -  Installe-le et fais les mises à jour.


 5) Lance MBAM :

 - Coche la case "Exécuter un examen complet" puis clique sur Rechercher.
 - Sélectionne (coche) toutes tes partitions puis clique sur "Lancer l'examen".
 - Lorsque le scan est terminé, un message te prévient. Clique alors sur le bouton "Montrer les résultats".
 - Dans la fenêtre suivante clique sur "Supprimer la sélection". Si le programme te propose de redémarrer l'ordinateur, accepte!
 - Le rapport de scan va s'afficher. Sauvegarde le puis poste son contenu.


 5) Je te conseille grandement d'installer l'antivirus AntiVir.
 Tu trouveras un tutorial sur Antivir depuis ce lien : http://www.malekal.com/tutorial_antivir.php

 - Fais un scan complet de ton système.
 - Poste le rapport de scan dans ta prochaine réponse.


 6) Reposte un nouveau rapport HijackThis


 A plus tard.

 Page :
1

Aller à :
 

Sujets relatifs
plusieur anti virs infecter a plusieur virus
Plusieur trojan et probablement des virus infecté par plusieur trojan:win32:agent-bsu,totour..[résolu]
18 "trojans" & "spyware" + lag infection par plusieur virus
Plus de sujets relatifs à : Plusieur Trojans sur mon PC

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
antivirus 2009 1
virus msn ou pas ? 30
Info trojan SVP 3
virus ou autre??? 3
Trojan-Downloader.Js.Iframe.adv ... Aidez moi ! (résolu) 3