Il y a actuellement 388 visiteurs
Vendredi 29 Mars 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

Infecté par fakewarn[tri] : Besoin d'aide svp :-(

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

Infecté par fakewarn[tri] : Besoin d'aide svp :-(

Message le 25 Jan 2011 08:36

Bonjour,

hier soir mon pc portqble a été infecté par cette saloperie qui se présente comme un antivirus à installer. Je ne peux plus acceder à internet car tous les navigateurs sont bloqués, ainsi que certains programmes.

Pouvez-vous m'aider à m'en débarasser svp, actuellement je suis connecté à un autre pc, celui infecté est un :

Pc portable Compaq Presario 700
Windows vista
antivirus: AVAST Pro 4.8 Version VPS: 110124-1 , 24/01/2011
J'ai aussi macafee installé mais je ne l'utilise plus.

Avast Détecte ces fichiers mqlveillants: HTML:FakeWarn [tri] mais aussi Win32:Cycbot-AQ[tri]

Je ne peux rien télècharger, mais je dispose d'un disc dur externe, dois-je installer des programmes dessus et les reinstaller sur le PC infecté? Pouvez-vous me dire quelles sont les précaitions pour ne infecter aussi le disque dur?

Je vous remercie d'avance pour votre aide

Masterblaster
masterblaster
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 14
Inscription: 25 Jan 2011 08:16
 


Re: Infecté par fakewarn[tri] : Besoin d'aide svp :-(

Message le 25 Jan 2011 08:50

Bonjour & Bienvenue,

Commence par suivre cette procédure en postant les rapports demandés!
Un helper va passé par là et te prendra en charge ;)
Avatar de l'utilisateur
DouDou9455
PC-Infopraticien
PC-Infopraticien
 
Messages: 9537
Inscription: 03 Nov 2007 17:50
Localisation: In Your Brain
 

Re: Infecté par fakewarn[tri] : Besoin d'aide svp :-(

Message le 25 Jan 2011 09:07

DouDou9455 a écrit:Bonjour & Bienvenue,

Commence par suivre cette procédure en postant les rapports demandés!
Un helper va passé par là et te prendra en charge ;)


Bonjour DouDou9455

De quelle procédure tu parles ? On ne m'a encore rien dit.

Pour rappel sur le pc infecté je ne peux rien télécharger, j utilise un pc sain qui fonctionne aussi sous vista

merci
masterblaster
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 14
Inscription: 25 Jan 2011 08:16
 

Re: Infecté par fakewarn[tri] : Besoin d'aide svp :-(

Message le 25 Jan 2011 09:10

Oup's...

Autant pour moi je suis mal reveillé j'ai oublié le lien, la voici .::ICI::.
Avatar de l'utilisateur
DouDou9455
PC-Infopraticien
PC-Infopraticien
 
Messages: 9537
Inscription: 03 Nov 2007 17:50
Localisation: In Your Brain
 

Re: Infecté par fakewarn[tri] : Besoin d'aide svp :-(

Message le 25 Jan 2011 09:55

Salut
j'ajouterais une remarque, si tu n'utilise plus Macafee , désinstalle le aussi, car 2 antivirus sur une même machine se nuisent mutuellement (donc Avast marche moins bien :-? )
Avatar de l'utilisateur
EinsteinZero
Moderateur
Moderateur
 
Messages: 18275
Inscription: 27 Déc 2009 16:22
Localisation: Normandie
 

Re: Infecté par fakewarn[tri] : Besoin d'aide svp :-(

Message le 25 Jan 2011 09:57

+1 j'avais pas fait attention aux deux anti-virus!

Pour le désinstaller un petit tour .::ICI::.
Avatar de l'utilisateur
DouDou9455
PC-Infopraticien
PC-Infopraticien
 
Messages: 9537
Inscription: 03 Nov 2007 17:50
Localisation: In Your Brain
 

Re: Infecté par fakewarn[tri] : Besoin d'aide svp :-(

Message le 25 Jan 2011 10:04

Merci Doudou,

Merci. je suis la procédure, pour la 1ère étape je vais m en servir seulement pour protéger le disque dur externe, mais je ne vais pas y copier mes fichiers car j ai trop peur de l infecté, il n est pas à moi et meme s il est vacciné je ne veux pas prendre le moindre risque.

Prècision: pas de possibilité de restauration

voici les rapports

1) OTL.txt

Code: Tout sélectionner
OTL logfile created on: 25/01/2011 9:47:08 - Run 1
OTL by OldTimer - Version 3.2.20.5     Folder = C:\Users\BFS\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103,53 Gb Total Space | 26,91 Gb Free Space | 25,99% Space Free | Partition Type: NTFS
Drive D: | 8,26 Gb Total Space | 3,13 Gb Free Space | 37,90% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 99,80 Gb Free Space | 21,43% Space Free | Partition Type: NTFS
 
Computer Name: PC-DE-BFS | User Name: BFS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/01/25 09:20:46 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\BFS\Desktop\OTL.exe
PRC - [2010/12/08 22:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/12/08 20:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/30 21:19:06 | 000,268,848 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/10/15 19:42:14 | 000,326,704 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010/10/15 19:35:30 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/05 21:08:45 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/02/05 21:08:40 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/02/05 21:01:25 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/15 16:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 16:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/21 03:33:52 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/01/21 03:33:00 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2008/01/21 03:32:50 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2007/06/21 06:04:56 | 000,693,600 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WksWP.exe
PRC - [2007/06/21 06:04:54 | 000,091,488 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\wkgdcach.exe
PRC - [2007/06/21 06:04:52 | 000,095,584 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkDStore.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2011/01/25 09:20:46 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\BFS\Desktop\OTL.exe
MOD - [2010/08/31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2011/01/06 02:43:45 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010/11/30 21:20:50 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/11/30 21:19:06 | 000,268,848 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/10/15 19:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/10/15 19:35:30 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/09 15:55:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/24 10:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/09/23 15:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/08/05 21:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/05 21:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/02/05 21:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/02/05 21:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/02/05 21:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/04/15 16:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/21 03:32:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/21 03:32:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/05 08:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/09/22 20:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hssdrv.sys -- (HssDrv)
DRV - [2010/01/09 00:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/08/05 21:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/02/05 21:07:23 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/02/05 21:07:12 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/02/05 21:06:59 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/02/05 21:06:20 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/02/05 21:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/05/02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/04/15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/02/27 05:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:32:51 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/01/21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:32:48 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:32:47 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Stuurprogramma voor Intel(R)
DRV - [2008/01/21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/11 12:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/08/20 13:25:56 | 001,790,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/07/10 15:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/25 12:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/20 12:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 12:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 12:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/20 12:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (.ntnicips)
DRV - [2007/06/18 15:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/30 14:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/23 22:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 08:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/06/28 08:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_be&c=81&bd=Presario&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_be&c=81&bd=Presario&pf=laptop
IE - HKLM\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_be&c=81&bd=Presario&pf=laptop
IE - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559
IE - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8592
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1750559&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.34
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.backup.ftp: "91.121.24.65 "
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "91.121.24.65 "
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "91.121.24.65 "
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "91.121.24.65 "
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "91.121.24.65 "
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "91.121.24.65 "
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "91.121.24.65 "
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "91.121.24.65 "
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "91.121.24.65 "
FF - prefs.js..network.proxy.ssl_port: 8080
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/14 00:36:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/14 00:36:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 08:37:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 08:37:37 | 000,000,000 | ---D | M]
 
[2009/04/22 14:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BFS\AppData\Roaming\mozilla\Extensions
[2009/04/22 14:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BFS\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/01/24 23:27:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BFS\AppData\Roaming\mozilla\Firefox\Profiles\eizd7vzr.default\extensions
[2011/01/18 15:00:10 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Users\BFS\AppData\Roaming\mozilla\Firefox\Profiles\eizd7vzr.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/12/22 13:37:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\BFS\AppData\Roaming\mozilla\Firefox\Profiles\eizd7vzr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/09 08:28:31 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\BFS\AppData\Roaming\mozilla\Firefox\Profiles\eizd7vzr.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010/11/17 10:06:43 | 000,000,000 | ---D | M] ("SearchStatus") -- C:\Users\BFS\AppData\Roaming\mozilla\Firefox\Profiles\eizd7vzr.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2011/01/07 09:01:07 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\BFS\AppData\Roaming\mozilla\Firefox\Profiles\eizd7vzr.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/01/04 00:19:28 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\BFS\AppData\Roaming\mozilla\Firefox\Profiles\eizd7vzr.default\extensions\illimitux@illimitux.net
[2009/10/15 20:21:25 | 000,002,163 | ---- | M] () -- C:\Users\BFS\AppData\Roaming\Mozilla\Firefox\Profiles\eizd7vzr.default\searchplugins\bing.xml
[2010/01/20 12:13:52 | 000,000,921 | ---- | M] () -- C:\Users\BFS\AppData\Roaming\Mozilla\Firefox\Profiles\eizd7vzr.default\searchplugins\conduit.xml
[2009/04/22 14:41:54 | 000,001,196 | ---- | M] () -- C:\Users\BFS\AppData\Roaming\Mozilla\Firefox\Profiles\eizd7vzr.default\searchplugins\winamp-search.xml
[2010/12/24 02:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/11 00:09:50 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2010/12/24 02:02:02 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2009/11/11 00:09:50 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
[2010/12/14 00:36:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010/12/14 00:36:43 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/01/15 11:14:53 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\BFS\APPDATA\ROAMING\MOVE NETWORKS
[2010/09/19 16:01:25 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/09/19 16:01:25 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/09/19 16:01:25 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/09/19 16:01:26 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/09/19 16:01:26 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\..\Toolbar\WebBrowser: (Softonic_France Toolbar) - {4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent]  File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000..\Run: [eyeBeam SIP Client]  File not found
O4 - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000..\Run: [SEO Soft] C:\Users\BFS\Desktop\stat.exe ()
O4 - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\BFS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\..Trusted Domains: localhost ([]http in Trusted sites)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe (CamfrogWEB Advanced Unicode Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\dmutil32.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2011/01/25 09:39:48 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{9fcf1f23-e542-11dd-a6ed-001eec90a4cd}\Shell\AutoRun\command - "" = F:\Start_PC.exe
O33 - MountPoints2\{a8f5920a-068b-11de-9ad0-001eec90a4cd}\Shell - "" = AutoRun
O33 - MountPoints2\{a8f5920a-068b-11de-9ad0-001eec90a4cd}\Shell\AutoRun\command - "" = F:\launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/01/25 09:46:20 | 000,027,234 | ---- | M] () -- C:\Users\BFS\AppData\Roaming\wklnhst.dat
[2011/01/25 09:43:04 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1628343672-1530423325-3293427146-1000UA.job
[2011/01/25 09:41:43 | 000,673,938 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/01/25 09:41:43 | 000,661,204 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2011/01/25 09:41:43 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/25 09:41:43 | 000,128,586 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2011/01/25 09:41:43 | 000,125,636 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/01/25 09:41:43 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/25 09:24:26 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5492486A-C19A-461B-A3E2-1DB96D922BC3}.job
[2011/01/25 09:23:50 | 000,032,425 | ---- | M] () -- C:\Users\BFS\Desktop\Concurrence.csv
[2011/01/25 09:23:50 | 000,000,224 | ---- | M] () -- C:\Users\BFS\Desktop\Conf.csv
[2011/01/25 09:23:43 | 000,000,500 | ---- | M] () -- C:\Users\BFS\Desktop\MotClef.csv
[2011/01/25 09:23:43 | 000,000,038 | ---- | M] () -- C:\Users\BFS\Desktop\URL.csv
[2011/01/25 09:23:30 | 000,000,281 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/01/25 09:23:18 | 000,008,392 | ---- | M] () -- C:\Users\BFS\Desktop\temp.gz
[2011/01/25 09:22:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/25 09:22:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/25 09:21:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/25 09:20:46 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\BFS\Desktop\OTL.exe
[2011/01/25 08:39:51 | 3210,756,096 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/25 00:32:29 | 000,058,715 | ---- | M] () -- C:\Users\BFS\Desktop\positions.csv
[2011/01/24 23:40:34 | 000,018,811 | ---- | M] () -- C:\Users\BFS\Desktop\testpr2.ods
[2011/01/24 23:40:11 | 000,030,785 | ---- | M] () -- C:\Users\BFS\Desktop\testpr.ods
[2011/01/24 23:32:27 | 000,008,704 | ---- | M] () -- C:\Users\BFS\AppData\Local\syssvc.exe
[2011/01/24 14:18:46 | 000,087,552 | ---- | M] () -- C:\Users\BFS\Desktop\cv-walid.doc
[2011/01/21 14:35:09 | 000,038,843 | ---- | M] () -- C:\Users\BFS\Desktop\tunisie-rcd.jpg
[2011/01/21 03:12:33 | 000,000,680 | ---- | M] () -- C:\Users\BFS\AppData\Local\d3d9caps.dat
[2011/01/20 15:43:00 | 000,001,016 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1628343672-1530423325-3293427146-1000Core.job
[2011/01/20 10:37:42 | 000,091,558 | ---- | M] () -- C:\Users\BFS\Desktop\Constitution_tunisienne.pdf
[2011/01/19 19:26:15 | 000,290,519 | ---- | M] () -- C:\Users\BFS\Desktop\t41_26695579.jpg
[2011/01/19 19:24:41 | 000,292,227 | ---- | M] () -- C:\Users\BFS\Desktop\t38_26635063.jpg
[2011/01/19 19:20:05 | 000,296,062 | ---- | M] () -- C:\Users\BFS\Desktop\la-classe.jpg
[2011/01/19 18:05:06 | 000,019,543 | ---- | M] () -- C:\Users\BFS\Desktop\croix-de-pharmacie.jpg
[2011/01/19 18:04:42 | 000,026,835 | ---- | M] () -- C:\Users\BFS\Desktop\picto_pharmacie.jpg
[2011/01/18 20:30:03 | 000,030,727 | ---- | M] () -- C:\Users\BFS\Desktop\revolution-jasmin.jpg
[2011/01/14 07:44:29 | 000,002,032 | ---- | M] () -- C:\Users\BFS\Desktop\Google Chrome.lnk
[2011/01/14 07:44:29 | 000,001,994 | ---- | M] () -- C:\Users\BFS\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/06 14:24:46 | 000,000,829 | ---- | M] () -- C:\Users\BFS\Desktop\lucia.JPG - Raccourci.lnk
[2011/01/06 10:44:23 | 000,000,829 | ---- | M] () -- C:\Users\BFS\Desktop\S5001363.JPG - Raccourci.lnk
[2011/01/04 23:27:13 | 000,992,225 | ---- | M] () -- C:\Users\BFS\Desktop\54604607.pdf
[2011/01/04 23:16:46 | 000,079,676 | ---- | M] () -- C:\Users\BFS\Desktop\pedestrian_council2.jpg
[2010/12/30 00:38:43 | 005,625,535 | ---- | M] () -- C:\Users\BFS\Desktop\La regente 2 Carthage.pdf
[2010/12/28 20:58:32 | 000,026,266 | ---- | M] () -- C:\Users\BFS\Desktop\Sans nom 4.odt
[2010/12/28 20:58:10 | 000,024,236 | ---- | M] () -- C:\Users\BFS\Desktop\bozza2.odt
[2010/12/28 20:57:43 | 000,029,401 | ---- | M] () -- C:\Users\BFS\Desktop\bozza1.odt
[2010/12/28 15:57:35 | 000,409,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010/12/26 14:23:19 | 000,002,029 | ---- | M] () -- C:\Users\BFS\Desktop\Seesmic Desktop 2.lnk
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/09/11 06:53:51 | 000,000,000 | ---D | M] -- C:\Users\BFS\AppData\Roaming\BSplayer
[2010/09/11 06:22:22 | 000,000,000 | ---D | M] -- C:\Users\BFS\AppData\Roaming\BSplayer Pro
[2010/10/14 17:21:38 | 000,000,000 | ---D | M] -- C:\Users\BFS\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2010/12/18 09:03:41 | 000,000,000 | ---D | M] -- C:\Users\BFS\AppData\Roaming\FileZilla
[2009/10/23 17:32:31 | 000,000,000 | ---D | M] -- C:\Users\BFS\AppData\Roaming\gtk-2.0
[2009/10/23 17:18:37 | 000,000,000 | ---D | M] -- C:\Users\BFS\AppData\Roaming\Inkscape
[2009/04/22 20:24:10 | 000,000,000 | ---D | M] -- C:\Users\BFS\AppData\Roaming\LimeWire
[2010/12/14 00:36:47 | 000,000,000 | ---D | M] -- C:\Users\BFS\AppData\Roaming\Local
[2009/11/23 09:43:29 | 000,000,000 | ---D | M] -- C:\Users\BFS\AppData\Roaming\OpenOffice.org
[2009/12/05 22:28:58 | 000,000,000 | ---D | M] -- C:\Users\BFS\AppData\Roaming\StreamTorrent
[2009/11/09 11:47:57 | 000,000,000 | ---D | M] -- C:\Users\BFS\AppData\Roaming\TeamViewer
[2008/11/17 11:26:24 | 000,000,000 | ---D | M] -- C:\Users\BFS\AppData\Roaming\Template
[2010/12/09 20:11:53 | 000,000,000 | ---D | M] -- C:\Users\BFS\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/12/07 10:46:22 | 000,000,000 | ---D | M] -- C:\Users\BFS\AppData\Roaming\VoipBuster
[2010/11/07 13:31:52 | 000,000,000 | ---D | M] -- C:\Users\BFS\AppData\Roaming\XnView
[2011/01/25 08:38:57 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/25 09:24:26 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5492486A-C19A-461B-A3E2-1DB96D922BC3}.job
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >


2) EXTRA.txt

Code: Tout sélectionner
OTL Extras logfile created on: 25/01/2011 9:47:08 - Run 1
OTL by OldTimer - Version 3.2.20.5     Folder = C:\Users\BFS\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103,53 Gb Total Space | 26,91 Gb Free Space | 25,99% Space Free | Partition Type: NTFS
Drive D: | 8,26 Gb Total Space | 3,13 Gb Free Space | 37,90% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 99,80 Gb Free Space | 21,43% Space Free | Partition Type: NTFS
 
Computer Name: PC-DE-BFS | User Name: BFS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1628343672-1530423325-3293427146-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02058670-9665-49E0-A040-AD74D21D74C1}" = rport=139 | protocol=6 | dir=out | app=system |
"{107E13B1-E73C-4543-8987-6A6DEDAF9666}" = rport=138 | protocol=17 | dir=out | app=system |
"{1C6F8C1C-B4A0-49D8-A6E9-11215ECA2716}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{3711B298-1EA0-4E01-B903-800E5E39834A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3D27AF59-3FCC-435C-99D3-AB0812B69B8F}" = lport=138 | protocol=17 | dir=in | app=system |
"{405A68C9-C6CD-481E-8479-8CE806A7C86E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{40B3145B-6077-4C24-884B-5DC956B70F0B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4BAB2206-5445-490C-9B72-613746B40F5C}" = rport=445 | protocol=6 | dir=out | app=system |
"{6543EFE0-C1B2-47CB-892D-B0E61ABC397E}" = rport=137 | protocol=17 | dir=out | app=system |
"{6FEECC9B-1532-48BD-AE3D-218E3A7F1AD4}" = lport=139 | protocol=6 | dir=in | app=system |
"{88EA7A6D-96D3-45BF-A877-E253E55D0490}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A93EF67-3CE7-4E36-A2D0-7DF94DAECB66}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8D30D324-275A-4FAB-8EA5-DD2971E28D54}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{969A1A19-DAFB-421E-A918-86341B764249}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A549FAF9-10E8-49E7-8745-728936E0AB66}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A71A7E0E-26CE-48AD-930D-33D1F6815A0B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A9C6B4D8-72FB-4565-94E9-9B2A3B5CECB6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AC34A3EA-0701-4D49-AA02-25B0912CD338}" = lport=445 | protocol=6 | dir=in | app=system |
"{BAF7543D-EC10-4349-8188-8954AD34B9C7}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{C8D3AB17-D665-46EE-8A6D-FDF0067EBE79}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CD38C962-69A0-4D86-B43A-D85917FDD509}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E0EB1CA6-1126-4593-BAB7-61B4B1BB6930}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E4D42F1E-92BC-4C57-8FE3-51340F9E9A29}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1BEE07F-8FB3-496A-A500-53B0074D1743}" = lport=137 | protocol=17 | dir=in | app=system |
"{FF401EEC-863A-41C7-87B9-1AF9B622F5A8}" = lport=2869 | protocol=6 | dir=in | app=system |
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EA0A945-5E86-4531-8E21-F821A34E6B08}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1819F109-7EB0-4198-AC28-256D62DE1A46}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe |
"{19559D44-D64C-4B62-821E-0E30987113A8}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{19EBDF5C-3EA9-4921-A7BE-3DA0F2325FED}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe |
"{2066A4A7-BE6E-4670-AA53-DB912F28E199}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2375AA20-33EE-481D-AEF2-46C9A6299594}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{53866DAA-8741-42D9-821D-EC2D841BCFCB}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{54C34C25-3547-433A-AA5E-387CBCCAC9F0}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{5D748FF0-6D64-4234-B0FE-0F47FDD1A76E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6404562F-DA54-44B4-9678-A5C7FE261F4F}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{64D75D23-E49D-4B37-9ED1-723ACDF27CC9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6E8D3898-84F6-4AB1-BB27-94F3C62698FD}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{8D373C4A-7F2E-4ECF-B17A-A2811DC7A566}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{98577CFA-38A8-4EAB-B4B7-664A6FBB037C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9AB497A4-FE50-4AF2-94EB-AF8AF2CFF6B4}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9FF775A2-5F6D-4078-B15E-8381BFD005EB}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{C12B835B-C073-4FFA-AA5A-03351446C408}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{D07B1B20-63D7-4022-A3F7-73D022EA9C69}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DA2A9BB8-6FD9-440A-8FF1-917A1074AB67}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{DE68FA24-C419-472E-96CC-9972F19F72EE}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E88ADB96-91BF-4296-8ACC-EF3536409932}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{F4BFE06A-1897-42B8-ADE5-0F032F0AB496}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{002492C1-1AF3-4D07-B3F7-77C0D30FAA76}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{017B549F-083F-4111-8F6D-F97B7D721BEA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{0955EA3A-9768-4A22-BFD7-1561D602494A}C:\program files\net2phone commcenter\commctr.exe" = protocol=6 | dir=in | app=c:\program files\net2phone commcenter\commctr.exe |
"TCP Query User{0AB702AC-D84F-4CA7-94F2-0FB1F50ECB66}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{12DDEFFF-9700-4514-9C06-A54E5DD6A3FD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{1B6C72A0-0E12-4381-AD13-E84D91BF5BF3}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{1BE9E21C-FDA9-4ED3-AE12-9AE5017F4CCD}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{22B95C6E-93F7-469E-B546-E85F2B6BDA4C}C:\program files\voipbuster.com\voipbuster\voipbuster.exe" = protocol=6 | dir=in | app=c:\program files\voipbuster.com\voipbuster\voipbuster.exe |
"TCP Query User{3D28FE46-E093-4ABF-B359-597DFA1DBC89}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{47FE1A1E-FBE4-4DA0-A003-C0D22589D7CF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{50BE477E-3602-4C7C-8429-A9E07195D85D}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{57A556E0-5E0A-43BE-BF35-3D7FB164FB32}C:\users\bfs\desktop\distrib_eggcrm\server\mysql\bin\distribmysqld.exe" = protocol=6 | dir=in | app=c:\users\bfs\desktop\distrib_eggcrm\server\mysql\bin\distribmysqld.exe |
"TCP Query User{6330E2DB-C711-45B6-9AE5-B50479FC5A8A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7460D9CA-E3C5-40E1-BD24-9A3FFDFC08F2}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{7DD5FD10-05F2-4503-AA05-F7623DE863DB}C:\users\bfs\desktop\distrib_eggcrm\server\apache\bin\distribhttpd.exe" = protocol=6 | dir=in | app=c:\users\bfs\desktop\distrib_eggcrm\server\apache\bin\distribhttpd.exe |
"TCP Query User{7E7AE256-653E-4571-BC63-C952733FE772}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{87C5B6EE-107A-4D3C-A3A2-4FE201130D87}C:\program files\maïdo production\izispot 4\izispot.exe" = protocol=6 | dir=in | app=c:\program files\maïdo production\izispot 4\izispot.exe |
"TCP Query User{9F469003-B066-4BB1-B09D-2F2D7A01E6DB}C:\program files\pangolin\pangolin.exe" = protocol=6 | dir=in | app=c:\program files\pangolin\pangolin.exe |
"TCP Query User{CB0389C8-EAB7-45E3-BDFE-46245E85D99E}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{D4665F42-0DDB-4D9F-BC62-0881776E89CF}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{DD8BD450-B0EB-44E8-BB9F-CF9BD39E796B}C:\users\bfs\downloads\keygen.avast.pro.4.8.1169.exe" = protocol=6 | dir=in | app=c:\users\bfs\downloads\keygen.avast.pro.4.8.1169.exe |
"TCP Query User{E5489E0A-B444-4F91-B5C2-61DE7A162034}C:\program files\counterpath\x-lite\x-lite.exe" = protocol=6 | dir=in | app=c:\program files\counterpath\x-lite\x-lite.exe |
"TCP Query User{EA3D1C0D-660C-4E8A-8EB6-654489178009}C:\yooda\seeurankv3\seeurank.exe" = protocol=6 | dir=in | app=c:\yooda\seeurankv3\seeurank.exe |
"UDP Query User{019A67A2-59C4-4391-8B64-3CA8C975EBB6}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{150E3D9F-F0C1-4934-B13C-A40AA79965D7}C:\yooda\seeurankv3\seeurank.exe" = protocol=17 | dir=in | app=c:\yooda\seeurankv3\seeurank.exe |
"UDP Query User{16D4D7AE-4A21-4837-817A-EAD381154C7B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{232D580F-BB26-493B-8D88-E1D70C5726E5}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{29ECEE12-2919-4430-821A-D9031E1B395B}C:\program files\net2phone commcenter\commctr.exe" = protocol=17 | dir=in | app=c:\program files\net2phone commcenter\commctr.exe |
"UDP Query User{331BDA16-74CE-4BF3-9143-03AE1EF46573}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{41A6D306-2731-49AE-BFB4-C393BFFF4B26}C:\users\bfs\downloads\keygen.avast.pro.4.8.1169.exe" = protocol=17 | dir=in | app=c:\users\bfs\downloads\keygen.avast.pro.4.8.1169.exe |
"UDP Query User{425B4685-E165-4CBD-B247-74235FE29BCC}C:\program files\maïdo production\izispot 4\izispot.exe" = protocol=17 | dir=in | app=c:\program files\maïdo production\izispot 4\izispot.exe |
"UDP Query User{45B3A099-6A4D-4517-85EA-5434FFFEBD05}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{6F36E13B-5BA3-4FED-AA5F-D5537C83CD2F}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{73F7950E-A21E-4188-BDB9-B2660F1F8226}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7FFEC392-1A06-40FB-8DBD-2D183C48B000}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{89C8BC93-2FB6-4B1F-87B6-D93C2B9BFE4D}C:\users\bfs\desktop\distrib_eggcrm\server\mysql\bin\distribmysqld.exe" = protocol=17 | dir=in | app=c:\users\bfs\desktop\distrib_eggcrm\server\mysql\bin\distribmysqld.exe |
"UDP Query User{8C9A3585-076B-4464-A1FA-6E0ADB5BC944}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{97ED1930-0DAA-4C27-855B-E86E4EB1199D}C:\program files\pangolin\pangolin.exe" = protocol=17 | dir=in | app=c:\program files\pangolin\pangolin.exe |
"UDP Query User{98BEF3C4-56BE-4180-80BD-185BA6918826}C:\program files\counterpath\x-lite\x-lite.exe" = protocol=17 | dir=in | app=c:\program files\counterpath\x-lite\x-lite.exe |
"UDP Query User{AE1A09A6-166D-4E8A-A44B-132A0BF35802}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B174030F-D8D2-485B-8D7D-45E05B548D75}C:\users\bfs\desktop\distrib_eggcrm\server\apache\bin\distribhttpd.exe" = protocol=17 | dir=in | app=c:\users\bfs\desktop\distrib_eggcrm\server\apache\bin\distribhttpd.exe |
"UDP Query User{B9393AA3-5DD8-49B8-B11E-FAAF856F83D1}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{CDE91A8B-B6E5-4C37-BADC-D5A309EB7BBE}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{D3C79626-B09A-4CA3-8645-BA305DF8A47A}C:\program files\voipbuster.com\voipbuster\voipbuster.exe" = protocol=17 | dir=in | app=c:\program files\voipbuster.com\voipbuster\voipbuster.exe |
"UDP Query User{F86B6B3C-EDC4-4CD3-ACFB-8E1562F250EA}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{FA49787E-E44C-47E9-983D-2E2946E00246}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37C5A56A-00EA-347B-B7A1-5628BED56702}" = Google Talk Plugin
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}" = Macromedia Extension Manager
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{433297A1-0844-C181-7C19-75BA40FF9CAA}" = twhirl
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48F9998C-3BA0-42D3-82E6-5882441EB8CE}" = Adobe Flash CS4 STI-fr
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4C93C363-414E-11D4-9756-00C04F8EEB39}" = Macromedia Flash 5
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1
"{53B20C18-D8D4-4588-8737-9BBFE303C354}" = Windows Live Movie Maker
"{56D833FD-1A45-486F-9CC0-AE0A0529D085}" = Désinstaller Kompass France -EasyBusiness-
"{58C19BBD-4D08-6835-A608-27A2B568A7F6}" = TweetDeck
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FD788ED-1A37-4496-9BDD-463F493B27FA}" = Macromedia Dreamweaver 8
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{78DEE332-4FE2-469F-9CF7-F54C47E11F21}" = IziSpot 4
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.3 - Français
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2E581DB-C4DD-432C-AC84-ED761AC056BC}" = OpenOffice.org 3.1
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BD423B54-8668-44B6-8610-D24514445E88}" = Adobe Flash CS4 Extension - Flash Lite STI fr
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C920A046-D5AD-4EC4-8932-8BAA4DB7C17F}_is1" = Pangolin 5.2
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software  1.10.13.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental
"{D7358B07-4F10-4014-9869-7999578BE8ED}" = HP User Guides 0093
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"4Videosoft PDF Converter Ultimate_is1" = 4Videosoft PDF Converter Ultimate
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Akamai" = Akamai NetSession Interface
"ANNUCAPT" = ANNUCAPT
"avast!" = avast! Antivirus
"BS_Player Toolbar" = BS_Player Toolbar
"BSPlayerf" = BS.Player FREE
"CFWebAdvancedU" = CamfrogWEB Advanced ActiveX Plugin (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1" = twhirl
"DivX Setup.divx.com" = Configuration DivX
"eMule" = eMule
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 1703] [2007-12-15]
"FileZilla Client" = FileZilla Client 3.3.0.1
"Free-Web-Buttons.com" = Free-Web-Buttons.com
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"Hotspot_Shield Toolbar" = Hotspot_Shield Toolbar
"HotspotShield" = Hotspot Shield 1.56
"Inkscape" = Inkscape 0.46
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LastBit Zip Password (DEMO)" = LastBit Zip Password (DEMO)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Picasa2" = Picasa 2
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.355
"SEOSCOPE" = SEOscope
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Softonic_France Toolbar" = Softonic_France Toolbar
"TVWiz" = Intel(R) TV Wizard
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"VLC media player" = VLC media player 0.9.6
"VoipBuster_is1" = VoipBuster
"WampServer 2_is1" = WampServer 2.0
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"XnView_is1" = XnView 1.97.4
"Yooda seeUrank" = Yooda seeUrank
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1628343672-1530423325-3293427146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"582204272.d.seesmic.com" = Seesmic Desktop 2
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Antivirus Events ]
Error - 2/12/2008 18:43:18 | Computer Name = PC-de-BFS | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 E:\walid-lucia 2006\2006 dicembre (paris-brussel)\Paris décembre 2006\S5000511.JPG
 failed, 00000017. 
 
Error - 2/12/2008 18:44:00 | Computer Name = PC-de-BFS | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 E:\walid-lucia 2006\2006 dicembre (paris-brussel)\Paris décembre 2006\S5000509.JPG
 failed, 00000017. 
 
Error - 2/12/2008 18:44:12 | Computer Name = PC-de-BFS | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 E:\walid-lucia 2006\2006 dicembre (paris-brussel)\Paris décembre 2006\S5000509.JPG
 failed, 00000017. 
 
Error - 26/10/2009 21:53:19 | Computer Name = PC-de-BFS | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 http://dl1.digium.com/AsteriskNOW-1.5.0-i386-1of1.iso failed, 00000084. 
 
[ Application Events ]
Error - 22/01/2011 3:46:47 | Computer Name = PC-de-BFS | Source = WinMgmt | ID = 10
Description =
 
Error - 22/01/2011 5:33:49 | Computer Name = PC-de-BFS | Source = WinMgmt | ID = 10
Description =
 
Error - 22/01/2011 19:29:32 | Computer Name = PC-de-BFS | Source = WinMgmt | ID = 10
Description =
 
Error - 23/01/2011 5:56:47 | Computer Name = PC-de-BFS | Source = WinMgmt | ID = 10
Description =
 
Error - 23/01/2011 12:46:34 | Computer Name = PC-de-BFS | Source = WinMgmt | ID = 10
Description =
 
Error - 24/01/2011 3:41:15 | Computer Name = PC-de-BFS | Source = WinMgmt | ID = 10
Description =
 
Error - 24/01/2011 18:44:15 | Computer Name = PC-de-BFS | Source = WinMgmt | ID = 10
Description =
 
Error - 24/01/2011 19:10:39 | Computer Name = PC-de-BFS | Source = VSS | ID = 12298
Description =
 
Error - 24/01/2011 19:10:40 | Computer Name = PC-de-BFS | Source = System Restore | ID = 8193
Description =
 
Error - 24/01/2011 19:29:34 | Computer Name = PC-de-BFS | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 24/01/2011 19:10:39 | Computer Name = PC-de-BFS | Source = volsnap | ID = 393224
Description = Le délai de l'opération de vidange et de conservation des écritures
 sur le volume C: a expiré lors de l'attente de la libération d'une commande d'écriture.
 
Error - 24/01/2011 19:10:45 | Computer Name = PC-de-BFS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =
 
Error - 24/01/2011 19:29:13 | Computer Name = PC-de-BFS | Source = HTTP | ID = 15016
Description =
 
Error - 24/01/2011 19:31:07 | Computer Name = PC-de-BFS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 24/01/2011 19:50:51 | Computer Name = PC-de-BFS | Source = DCOM | ID = 10010
Description =
 
Error - 25/01/2011 3:24:41 | Computer Name = PC-de-BFS | Source = HTTP | ID = 15016
Description =
 
Error - 25/01/2011 3:25:37 | Computer Name = PC-de-BFS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 25/01/2011 4:22:01 | Computer Name = PC-de-BFS | Source = HTTP | ID = 15016
Description =
 
Error - 25/01/2011 4:25:57 | Computer Name = PC-de-BFS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 25/01/2011 4:37:53 | Computer Name = PC-de-BFS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =
 
 
< End of report >


J'attends vos recommandations pour les prochaines étapes.

Je vous rappele que je ne peux pas aller sur internet depuis le pc infecté pour télécharger les divers programmes de nettoyage. Je dispose d un disque dur externe, que j ai vacciné selon la procédure.
Sur le bureau de l ordinateur sain s'est installé une icone représentant une seringue et appelée MKV.exe c'est normal ?

Merci d'avance pour votre aide.
masterblaster
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 14
Inscription: 25 Jan 2011 08:16
 

Re: Infecté par fakewarn[tri] : Besoin d'aide svp :-(

Message le 25 Jan 2011 10:10

Désolé, j ai oublié la 3ème étape pour la description de la situation.

Hier j'étais sur des sites de streamings, la protection residente de Avast était active, un faux antivirus s est installé sur mon pc, plus moyen d acceder à internet.

Avant de venir sur le forum, j ai eu la bonne ou la mauvaise idée de lancer un scan avast au demarrage, resultat le faux antivirus et ses fenetres intempestives n apparaissent plus, mais je sais qu il est toujours là, je ne peux toujours pas acceder à internet, et depuis aue j ai fait le scan au demarrage et mis les fichiers infectés en quarentaine firefox me dit :

Firefox est configuré pour utiliser un serveur proxy mais celui-ci n accepte pas les connexions

merci encore
masterblaster
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 14
Inscription: 25 Jan 2011 08:16
 

Re: Infecté par fakewarn[tri] : Besoin d'aide svp :-(

Message le 25 Jan 2011 10:16

Je laisse les pros te répondre, je n'es pas encore les compétences pour le faire ;)

Un peut de patiente tu devrais être pris en charge.
Avatar de l'utilisateur
DouDou9455
PC-Infopraticien
PC-Infopraticien
 
Messages: 9537
Inscription: 03 Nov 2007 17:50
Localisation: In Your Brain
 

Re: Infecté par fakewarn[tri] : Besoin d'aide svp :-(

Message le 25 Jan 2011 10:24

DouDou9455 a écrit:Je laisse les pros te répondre, je n'es pas encore les compétences pour le faire ;)

Un peut de patiente tu devrais être pris en charge.


Merci DouDou9455
je patiente, en espérant pouvoir me débarrasser de cette saloperie :)
masterblaster
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 14
Inscription: 25 Jan 2011 08:16
 

Re: Infecté par fakewarn[tri] : Besoin d'aide svp :-(

Message le 25 Jan 2011 11:08

Re,

je ne sais pas quels sont les temps de réponses en général, mais on ne m'aurait pas oublié par hasard? :-(
masterblaster
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 14
Inscription: 25 Jan 2011 08:16
 

Re: Infecté par fakewarn[tri] : Besoin d'aide svp :-(

Message le 25 Jan 2011 11:13

Une demi heure ? Vraiment ?

Un up ne se justifie que de 24h à 48h après le dernier message. Les helpers ont une vie, et jette un œil sur les autres topics, tout ce taf est fait bénévolement. Donc : Un peu de patience !
Avatar de l'utilisateur
H3bus
Moderateur
Moderateur
 
Messages: 12195
Inscription: 08 Avr 2008 15:13
Localisation: /home/h3bus
 

Re: Infecté par fakewarn[tri] : Besoin d'aide svp :-(

Message le 25 Jan 2011 11:19

H3bus a écrit:Une demi heure ? Vraiment ?

Un up ne se justifie que de 24h à 48h après le dernier message. Les helpers ont une vie, et jette un œil sur les autres topics, tout ce taf est fait bénévolement. Donc : Un peu de patience !


Oui Merci, tu as raisons, je suis trop impatient. Désolé
masterblaster
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 14
Inscription: 25 Jan 2011 08:16
 

Re: Infecté par fakewarn[tri] : Besoin d'aide svp :-(

Message le 25 Jan 2011 12:55

Il ne s'agit pas d'un up, d'ailleurs le topic est toujours en haut du forum.

J'ai juste une information complémentaire sur l'évolution de la situation.

J'ai utilisé un PC sain pour pouvoir télécharger les programmes nécessaires et suivre la procédure, j'ai du rendre ce PC Sain à son propriétaire qui en a besoin.

Ne pouvant pas aller sur internet avec le PC infecté, j'ai tenté une restauration du système qui semble avoir fonctionné. Tout semble normal.

Bien sur, cela m'étonnerai que la restauration ait définitivement réglé le problème, donc je patiente et attends encore vos recommandations, mais au moins je peux me connecter depuis mon PC portable et c'est déjà un bon pas.
masterblaster
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 14
Inscription: 25 Jan 2011 08:16
 

Re: Infecté par fakewarn[tri] : Besoin d'aide svp :-(

Message le 25 Jan 2011 13:02

Bonjour a tous

Fait ceci "masterblaster" s.t.p


* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case " Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"
:OTL
IE - HKLM\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
IE - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: http://search.conduit.com/?ctid=CT17505 ... hSource=13
O2 - BHO: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\..\Toolbar\WebBrowser: (Softonic_France Toolbar) - {4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)
O4 - HKLM\..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM\..\Run: [WinampAgent] File not found
O4 - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1628343672-1530423325-3293427146-1000\..\Run: [eyeBeam SIP Client] File not found
:Files
C:\Users\BFS\AppData\Roaming\Mozilla\Firefox\Profiles\eizd7vzr.default\searchplugins\conduit.xml
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
C:\Users\BFS\AppData\Local\syssvc.exe
C:\Program Files\pdfforge Toolbar

:Commands
[emptytemp]

* Cliques sur l'icône Correction (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport s'ouvrir "OTL.Txt"
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Mets le rapport ici car il prend bien de la place.
http://www.cijoint.fr/index.php



Ensuite ceci.


Installe Malewarebytes' Antimalware,
Téléchargement



*** Met-le à jour puis choisi, Exécuter un examen complet

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

Poste le rapport final.


petite question
C'est toi qui a valider les proxy sur IE et firefox :cry:

Si cela n'est pas le cas fait ceci.
- Sur Firefox, Outils /Options puis onglet Avancés.
- Cliquez sur Réseau et Paramètres.
- Choisissez "Pas de Proxy".

- Sur Internet Explorer , c'est le menu Outils / Options Internet.
- Onglet Connexions puis Paramètres réseau--> désactiver le proxy.

Vérifier que la case "Détecter automatiquement les paramètres de connections" soit cochée.
Redémarrez l'ordinateur.

Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Suivante


Sujets similaires

Message Aide suite à une analyse FRST contre un virus vbc.exe
Bonjour tout le monde, J'ai récemment constaté que j'étais infecté par un virus lié à vbc.exe, ce qui entraîne une utilisation du CPU allant jusqu'à 30% voire 40%. J'ai donc effectué mes analyses FRST et voici les rapports obtenus : - FRST.txt: https://pjjoint.malekal.com/files.php?id=FRST_20240315_ ...
Réponses: 3

Message : besoin d'aide pour un pc portable à 500 euros
Bonjour à tous, J'ai besoin d'un sacré coup de main et de vos compétences. Voilà, j'ai un ami de mon fils avec ses frères et s?urs. Ils vont casser leur tirelire pour acheter un PC portable à leur s?ur pour son anniversaire . Elle va avoir 17 ans car leurs parents ne peuvent pas se le permettre . ...
Réponses: 3

Message Aide pc portable
Bonjour,Je souhaiterai faire plaisir à ma femme et lui acheter un pc portable qui ferait tourner world of warcraft en haute qualité (élevé ou ultra sans lag). J?ai fait un peu le tour sur le forum pour pas faire de doublon mais je n?ai rien trouvé. J?ai un petit budget max 700 euros avec un écran au ...
Réponses: 5

Message [réglé] aide pour achat imprimante compatible chromebook
Bonjour à tous, j'ai besoin d'acheter une imprimante laser n/b et couleur compatible Chromebook (un acer)Quelqu'un pourrait-il m'aider car je ne trouve rien par les moteurs de recherche. Les réponses données ne sont pas compatibles.Un grand merci pour votre aide
Réponses: 6

Message Aide achat PC Portable
Bonjour Je viens sur le forum car j'envisage de changer de PC Portable et j'ai besoin d'aide !! Mon PC actuel : PC Portable ASUS R415UA-EB035T - 14" FHD sur lequel je suis passé de 8Go de mémoire vive à 16Go de mémoire vive Mon budget : 800 euros max Mon utilisation : internet et Word et lectur ...
Réponses: 9

Message [Réglé] Aide nettoyage pc
Bonjour, mon pc rame et j'aimerais avoir votre aide pour déjà vérifier si il n'est pas infecté
Réponses: 12

Message [Réglé] Aide pour analyse fichier FRST
Bonsoir,J'ai une fenêtre Powershell.exe qui s'ouvre et se ferme quelques minutes après le démarrage et ca n'était pas le cas avant.Mise à jour windows et mise à jour Nvidia récente.J'ai effectué une analyse et j'ai obtenu les fichiers texte suivants.Est ce que quelqu'un peut m'aider et me dire de qu ...
Réponses: 7


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 11 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.