Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Cheval de troie:backdoor generic11.dg

Dernière réponse le 20 mai 2009 à 22:47:16 trigo, le 11 mar 2009 à 13:25:14

Signaler ce message aux modérateurs

Bonjour,
jaurais voulu savoir comment retirer ce cheval de troie completement une bonne fois pour toute.car jai lu qu' avec une analyse avg ca revenais sans cesse.merci d'avance a tous

Configuration: Windows XP
Firefox 3.0.7

Meilleures réponses pour « cheval de troie:backdoor generic11.dg » dans :

Cheval de Troie Backdoor.Win32.SdB Voir

Cheval de troie: backdoor . win 32. delf.adj Voir

Cheval de troies Backdoor/ Subseven Voir

[Spybot] Eliminer un logiciel espion-spyware VoirVous pensez que vous avez un "logiciel espion" (spyware) sur votre machine ? Le logiciel Spybot Les différents modes Mises à jour Suppression de spywares Les programmes au démarrage Ad-Aware 2009 A-squared Free Voir...

Cheval Troie WIN32 Agent -Lnk à l'aide (Résolu) Voir

Cheval de troie backdoor.win32.popwin.anf (Résolu) Voir

Cheval de Troie : « Heur.Trojan.Généric » (Résolu) Voir

Introduction aux chevaux de Troie VoirLes chevaux de Troie On appelle « Cheval de Troie » (en anglais trojan horse) un programme informatique effectuant des opérations malicieuses à l'insu de l'utilisateur. Le nom « Cheval de Troie » provient d'une légende narrée dans l'Iliade (de...

Posez votre question Répondre

Ced_King, le 11 mar 2009 à 13:40:55

Salut

- Telecharges RSIT " Random's System Information Tool " sur ton bureau : http://images.malwareremoval.com/random/RSIT.exe

- Fermes toutes les applications en cours et double clic sur RSIT.exe
- Selectionnes " Continue " à l'ecran >> RSIT va analyser le pc et verifier si l'outil hijackthis ( version à jour) est present sur le pc, si ce n'est pas le cas, RSIT le telechargera >> acceptes la license
- Une fois l'analyse terminée, 2 rapports texte s'ouvrent, log.tx à l'écran et info.txt dans la barre des taches
- Postes le contenu des 2 rapports

Répondre à Ced_King

trigo, le 11 mar 2009 à 14:03:10

salut.

Run by damien at 2009-03-11 13:41:59
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 29 GB (38%) free of 76 GB
Total RAM: 255 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42:57, on 11/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\damien\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\damien\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\damien\Bureau\RSIT.exe
C:\Program Files\trend micro\damien.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:/Documents and Settings/damien/Mes documents/Ma musique/Temp/RT/WebRip/profile/rrproxy_ie_4995cb8a.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 190.249.243.16 www.symantec.com
O1 - Hosts: 151.239.67.234 symantec.com
O1 - Hosts: 245.80.209.237 securityresponse.symantec.com
O1 - Hosts: 43.15.192.123 symantecstore.com
O1 - Hosts: 244.92.240.85 www.symantecstore.com
O1 - Hosts: 216.76.118.14 service1.symantec.com
O1 - Hosts: 234.216.205.149 sarc.com
O1 - Hosts: 231.116.0.237 www.sarc.com
O1 - Hosts: 208.26.78.99 www.sophos.com
O1 - Hosts: 219.153.164.216 sophos.com
O1 - Hosts: 234.137.194.252 www.mcafee.com
O1 - Hosts: 231.24.6.247 mcafee.com
O1 - Hosts: 35.52.49.108 customer.symantec.com
O1 - Hosts: 169.48.18.219 liveupdate.symantec.com
O1 - Hosts: 164.236.121.73 liveupdate.symantecliveupdate.com
O1 - Hosts: 179.41.208.150 www.viruslist.com
O1 - Hosts: 89.246.200.154 viruslist.com
O1 - Hosts: 236.9.120.213 f-secure.com
O1 - Hosts: 167.71.211.62 f-secure.de
O1 - Hosts: 186.93.216.157 www.f-secure.de
O1 - Hosts: 11.204.233.100 www.f-secure.com
O1 - Hosts: 254.142.21.3 f-prot.com
O1 - Hosts: 246.218.217.150 www.f-prot.com
O1 - Hosts: 99.197.39.6 kaspersky.com
O1 - Hosts: 138.139.153.216 kaspersky-labs.com
O1 - Hosts: 119.231.60.109 www.avp.com
O1 - Hosts: 153.68.207.77 avp.com
O1 - Hosts: 155.151.94.191 www.kaspersky.com
O1 - Hosts: 120.68.29.242 www.networkassociates.com
O1 - Hosts: 62.206.230.190 networkassociates.com
O1 - Hosts: 41.192.66.237 www.ca.com
O1 - Hosts: 104.3.206.129 www3.ca.com
O1 - Hosts: 75.21.12.101 ca.com
O1 - Hosts: 155.221.66.142 store.ca.com
O1 - Hosts: 226.2.151.104 mast.mcafee.com
O1 - Hosts: 120.1.138.151 ca.mcafee.com
O1 - Hosts: 106.121.95.239 mx.mcafee.com
O1 - Hosts: 195.221.195.178 no.mcafee.com
O1 - Hosts: 55.127.158.223 uk.mcafee.com
O1 - Hosts: 172.159.233.180 tw.mcafee.com
O1 - Hosts: 51.150.128.170 cn.mcafee.com
O1 - Hosts: 108.154.176.142 de.mcafee.comwww.mcafeeasap.com
O1 - Hosts: 218.66.159.245 mcafeeasap.com
O1 - Hosts: 48.216.41.65 vil.mcafee.com
O1 - Hosts: 20.16.89.89 www.mcafeestore.com
O1 - Hosts: 90.46.58.226 mcafeestore.com
O1 - Hosts: 211.59.236.35 www.shopmcafee.com
O1 - Hosts: 8.220.108.172 shopmcafee.com
O1 - Hosts: 145.212.232.56 my-etrust.com
O1 - Hosts: 241.209.1.34 www.my-etrust.com
O1 - Hosts: 12.139.240.252 dispatch.mcafee.com
O1 - Hosts: 155.227.216.61 secure.nai.com
O1 - Hosts: 94.113.201.79 nai.com
O1 - Hosts: 71.49.47.57 www.nai.com
O1 - Hosts: 225.220.190.144 vil.nai.com
O1 - Hosts: 75.0.32.93 update.symantec.com
O1 - Hosts: 230.91.76.64 updates.symantec.com
O1 - Hosts: 42.57.129.101 us.mcafee.com
O1 - Hosts: 180.42.165.168 mcafee.net
O1 - Hosts: 0.233.14.112 rads.mcafee.com
O1 - Hosts: 99.200.129.23 download.mcafee.com
O1 - Hosts: 189.226.90.2 trendmicro.com
O1 - Hosts: 121.147.187.166 www.trendmicro.com
O1 - Hosts: 184.211.32.156 housecall.trendmicro.com
O1 - Hosts: 231.247.72.154 housecall65.trendmicro.com
O1 - Hosts: 3.11.82.216 trendmicro-europe.com
O1 - Hosts: 198.172.240.73 nl.trendmicro-europe.com
O1 - Hosts: 156.181.13.161 de.trendmicro-europe.com
O1 - Hosts: 242.134.101.25 www.trendmicro-europe.com
O1 - Hosts: 106.189.71.112 pandasoftware.com
O1 - Hosts: 232.79.29.7 www.pandasoftware.com
O1 - Hosts: 135.164.93.36 www.pc-cillin.com
O1 - Hosts: 254.60.138.192 pc-cillin.com
O1 - Hosts: 225.6.235.223 www.vsantivirus.com
O1 - Hosts: 106.230.148.83 vsantivirus.com
O1 - Hosts: 161.24.115.126 www.trendmicro.com
O1 - Hosts: 144.222.237.227 free.grisoft.com
O1 - Hosts: 232.66.86.25 www.grisoft.com
O1 - Hosts: 46.69.49.247 grisoft.com
O1 - Hosts: 227.68.30.19 clamav.net
O1 - Hosts: 74.126.213.82 www.clamav.net
O1 - Hosts: 30.238.21.64 free-av.com
O1 - Hosts: 120.111.106.222 www.free-av.com
O1 - Hosts: 179.100.45.24 www.avast.com
O1 - Hosts: 244.74.41.38 avast.com
O1 - Hosts: 204.246.185.117 cert.org
O1 - Hosts: 1.238.91.99 www.cert.org
O1 - Hosts: 107.9.250.235 www.microsoft.com
O1 - Hosts: 26.90.2.147 microsoft.com
O1 - Hosts: 131.136.237.167 www.virustotal.com
O1 - Hosts: 129.33.221.38 virustotal.com
O1 - Hosts: 236.113.254.97 www.teamanti-virus.org
O1 - Hosts: 138.4.57.182 teamanti-virus.org
O1 - Hosts: 28.99.251.98 www.drsolomon.com
O1 - Hosts: 71.136.144.86 drsolomon.com
O1 - Hosts: 49.77.222.20 www.virusbtn.com
O1 - Hosts: 244.170.250.232 virusbtn.com
O1 - Hosts: 82.161.229.162 update.microsoft.com
O1 - Hosts: 196.28.238.10 windowsupdate.microsoft.com
O1 - Hosts: 217.154.125.179 www.avgbulgaria.com
O1 - Hosts: 113.13.210.140 avgbulgaria.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [Windows logon service] C:\WINDOWS\system32\setup\winlogon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\damien\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c98b904426dc5e) (gupdate1c98b904426dc5e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
End of file - 11717 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\Maintenance en 1 clic.job
C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-28 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-28 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-10 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-28 1968920]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-28 1601304]
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
"LClock"=C:\WINDOWS\lclock.exe [2004-12-08 65536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

C:\Documents and Settings\damien\Menu Démarrer\Programmes\Démarrage
Outil de notification Live Search.lnk - C:\Documents and Settings\damien\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-01-28 10520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=219
"ForceClassicControlPanel"=1
"NoSMBalloonTip"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-03-11 13:42:06 ----D---- C:\Program Files\trend micro
2009-03-11 13:41:59 ----D---- C:\rsit
2009-03-11 10:31:29 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-11 10:30:57 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-03-11 10:30:57 ----D---- C:\Program Files\Adobe
2009-03-11 10:23:27 ----D---- C:\Program Files\NOS
2009-03-11 10:23:27 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-03-10 22:40:41 ----A---- C:\pstrs.exe
2009-03-10 15:40:38 ----A---- C:\gla.exe
2009-03-09 22:02:19 ----A---- C:\kkx.exe
2009-03-09 21:54:57 ----A---- C:\dsfsx.exe
2009-03-09 21:52:26 ----A---- C:\rocks.exe
2009-03-09 21:44:33 ----A---- C:\kk.exe
2009-03-09 16:13:15 ----A---- C:\tps.exe
2009-03-08 10:57:43 ----A---- C:\WINDOWS\system32\Smab.dll
2009-03-08 10:57:41 ----A---- C:\WINDOWS\system32\devil.dll
2009-03-08 10:57:39 ----A---- C:\WINDOWS\system32\avisynth.dll
2009-03-08 10:57:34 ----A---- C:\WINDOWS\MOTA113.exe
2009-03-08 10:57:33 ----A---- C:\WINDOWS\system32\AVSredirect.dll
2009-03-08 10:57:31 ----A---- C:\WINDOWS\system32\i420vfw.dll
2009-03-08 10:57:29 ----A---- C:\WINDOWS\system32\x.264.exe
2009-03-08 10:57:27 ----A---- C:\WINDOWS\x2.64.exe
2009-03-08 10:57:25 ----A---- C:\WINDOWS\meta4.exe
2009-03-08 10:57:23 ----D---- C:\Program Files\AviSynth 2.5
2009-03-08 10:56:41 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2009-03-08 10:56:40 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2009-03-08 10:56:35 ----D---- C:\Program Files\eRightSoft
2009-03-07 12:56:32 ----D---- C:\Documents and Settings\damien\Application Data\JoyBits
2009-03-07 10:56:52 ----D---- C:\Documents and Settings\damien\Application Data\PlayFirst
2009-03-07 10:56:52 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2009-03-07 10:35:36 ----D---- C:\Documents and Settings\damien\Application Data\Boomzap
2009-03-06 10:01:16 ----D---- C:\Documents and Settings\All Users\Application Data\PlayPond
2009-03-06 09:16:02 ----D---- C:\Documents and Settings\damien\Application Data\SecretIslandFraBF
2009-03-06 08:14:03 ----D---- C:\Documents and Settings\damien\Application Data\URSE Games
2009-03-05 20:35:32 ----D---- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
2009-03-05 19:18:51 ----D---- C:\Program Files\Fairies
2009-02-28 09:46:36 ----D---- C:\Documents and Settings\damien\Application Data\Ancient Quest of Saqqarah__bfg
2009-02-28 09:45:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-28 09:42:51 ----D---- C:\Program Files\bfgclient
2009-02-28 09:39:53 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2009-02-25 17:44:56 ----D---- C:\Documents and Settings\damien\Application Data\Sports Interactive
2009-02-25 17:29:27 ----D---- C:\Program Files\Sports Interactive
2009-02-25 17:27:10 ----D---- C:\Program Files\Fichiers communs\InstallShield
2009-02-19 11:29:15 ----D---- C:\Documents and Settings\damien\Application Data\iWin
2009-02-19 11:28:31 ----D---- C:\Program Files\iWin.com Games
2009-02-13 20:39:22 ----D---- C:\Program Files\SurfMusik 3.1
2009-02-13 20:35:13 ----D---- C:\Documents and Settings\damien\Application Data\RapidSolution
2009-02-13 20:33:56 ----D---- C:\Program Files\PixiePack Codec Pack
2009-02-13 20:31:46 ----D---- C:\Program Files\RapidSolution
2009-02-13 20:31:46 ----D---- C:\Documents and Settings\All Users\Application Data\RapidSolution
2009-02-13 20:00:04 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-02-13 20:00:04 ----A---- C:\WINDOWS\system32\wmpasf.dll
2009-02-13 20:00:04 ----A---- C:\WINDOWS\system32\wmerror.dll
2009-02-13 20:00:04 ----A---- C:\WINDOWS\system32\asferror.dll
2009-02-13 20:00:03 ----A---- C:\WINDOWS\system32\wmpui.dll
2009-02-13 20:00:03 ----A---- C:\WINDOWS\system32\wmpshell.dll
2009-02-13 20:00:03 ----A---- C:\WINDOWS\system32\wmpcore.dll
2009-02-13 20:00:03 ----A---- C:\WINDOWS\system32\wmpcd.dll
2009-02-13 20:00:03 ----A---- C:\WINDOWS\system32\wmp.dll

======List of files/folders modified in the last 1 months======

2009-03-11 13:42:06 ----RD---- C:\Program Files
2009-03-11 13:10:44 ----D---- C:\Program Files\Mozilla Firefox
2009-03-11 12:57:42 ----SD---- C:\WINDOWS\Tasks
2009-03-11 12:56:07 ----D---- C:\WINDOWS
2009-03-11 12:53:03 ----D---- C:\WINDOWS\Temp
2009-03-11 12:09:08 ----HD---- C:\$AVG8.VAULT$
2009-03-11 12:01:05 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-11 10:33:24 ----D---- C:\Documents and Settings\damien\Application Data\Adobe
2009-03-11 10:32:25 ----SHD---- C:\WINDOWS\Installer
2009-03-11 10:30:57 ----D---- C:\Program Files\Fichiers communs
2009-03-11 10:30:42 ----D---- C:\WINDOWS\system32
2009-03-11 09:40:50 ----D---- C:\Program Files\eMule
2009-03-11 00:08:34 ----D---- C:\Documents and Settings\damien\Application Data\uTorrent
2009-03-11 00:00:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-10 12:41:55 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-10 08:00:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-09 22:13:30 ----D---- C:\WINDOWS\system32\Setup
2009-03-09 19:32:43 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-03-03 09:11:04 ----D---- C:\Program Files\eChanblard
2009-02-25 19:22:15 ----D---- C:\WINDOWS\inf
2009-02-25 15:42:23 ----SD---- C:\Documents and Settings\damien\Application Data\Microsoft
2009-02-23 09:02:55 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-02-19 11:29:00 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-13 20:00:31 ----D---- C:\WINDOWS\RegisteredPackages
2009-02-13 20:00:21 ----D---- C:\Program Files\Windows Media Player
2009-02-13 20:00:16 ----A---- C:\WINDOWS\win.ini
2009-02-13 20:00:05 ----D---- C:\WINDOWS\Help
2009-02-13 05:30:18 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-28 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-28 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-28 107272]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-19 40320]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-07-21 60800]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2004-08-03 126686]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-07-21 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 Slntamr;Smart Link 56K Modem Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2004-08-03 404990]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2004-08-03 13240]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-07-16 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-07-16 59264]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-07-16 20608]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2004-08-03 1309184]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2004-08-03 180360]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2004-08-03 95424]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-19 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-01-28 903960]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-28 298264]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2004-08-19 73796]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-01-27 603904]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 gupdate1c98b904426dc5e;Google Update Service (gupdate1c98b904426dc5e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-10 182768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-01-27 360192]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Analyseur MSXML 6.0-->MsiExec.exe /I{5903C48B-E953-47B8-A651-B9222C483057}
Ancient Quest of Saqqarah-->"C:\Documents and Settings\damien\Local Settings\Application Data\Microsoft\Messenger\mamanlegentil@hotmail.fr\Sharing Folders\Ancient Quest of Saqqarah\Uninstall.exe"
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2}
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Fairies (gratuit) (remove only)-->"C:\Program Files\Fairies\Uninstall.exe"
Football Manager 2007-->C:\Program Files\Sports Interactive\Football Manager 2007\uninstall\Uninstall FM 2007.exe
Google Chrome-->"C:\Program Files\Google\Chrome\Application\1.0.154.48\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
K-Lite Codec Pack 4.5.3 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Mah Jong Quest II (remove only)-->"C:\Program Files\iWin.com Games\Mah Jong Quest II\Uninstall.exe"
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Nero 7 Essentials-->MsiExec.exe /I{C1E544E5-EF3C-4103-A57B-3A499FD91036}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PixiePack Codec Pack-->MsiExec.exe /I{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}
Radiograbber-->MsiExec.exe /I{8FC2D6F5-CF0E-44F7-8200-335D5B369B3E}
Realtek AC'97 Audio-->Alcrmv.exe -r -m
SUPER © Version 2007.bld.23 (July 4, 2007)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SurfMusik 3.1a-->"C:\Program Files\SurfMusik 3.1\unins000.exe"
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

======Hosts File======

127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.c
190.249.243.16 www.symantec.com
151.239.67.234 symantec.com
245.80.209.237 securityresponse.symantec.com
43.15.192.123 symantecstore.com

======Security center information======

AV: AVG Anti-Virus

System event log

Computer Name: ORDINATEUR
Event Code: 3260
Message: Cet ordinateur a correctement été joint au workgroup 'MSHOME'.

Record Number: 5
Source Name: Workstation
Time Written: 20090127172039.000000+060
Event Type: Informations
User:

Computer Name: ORDINATEUR
Event Code: 6011
Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers ORDINATEUR.

Record Number: 4
Source Name: EventLog
Time Written: 20090127171950.000000+060
Event Type: Informations
User:

Computer Name: MACHINENAME
Event Code: 2
Message: Pendant la validation de \Device\Serial0 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée.

Record Number: 3
Source Name: Serial
Time Written: 20090127181237.000000+060
Event Type: Informations
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 2
Source Name: EventLog
Time Written: 20090127181219.000000+060
Event Type: Informations
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090127181219.000000+060
Event Type: Informations
User:

Application event log

Computer Name: ORDINATEUR
Event Code: 1904
Message:
Record Number: 1394
Source Name: HHCTRL
Time Written: 20090308105734.000000+060
Event Type: Informations
User:

Computer Name: ORDINATEUR
Event Code: 1904
Message:
Record Number: 1393
Source Name: HHCTRL
Time Written: 20090308105734.000000+060
Event Type: Informations
User:

Computer Name: ORDINATEUR
Event Code: 1904
Message:
Record Number: 1392
Source Name: HHCTRL
Time Written: 20090308105734.000000+060
Event Type: Informations
User:

Computer Name: ORDINATEUR
Event Code: 1904
Message:
Record Number: 1391
Source Name: HHCTRL
Time Written: 20090308105733.000000+060
Event Type: Informations
User:

Computer Name: ORDINATEUR
Event Code: 1904
Message:
Record Number: 1390
Source Name: HHCTRL
Time Written: 20090308105732.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEVMGR_SHOW_DETAILS"=1

-----------------EOF-----------------
voila jattend beaucoup de ton aide merci a toi

Répondre à trigo

kamel, le 20 mai 2009 à 22:47:16

Bonjour,
mon pc est doté d'un antivirus kaspersky,mais il n'a pas pu controler le virus sus cité.
priere de m'aider pour l'éradiquer. merci

Répondre à kamel

Ced_King, le 11 mar 2009 à 14:10:38

Ok, LSD ( faudra penser a passer à une version officielle...)

Telecharges Ccleaner : http://www.filehippo.com/download_ccleaner/downloading

- Pendant l'installation, décoches la case proposant la barre Yahoo et celle proposant d'ajouter l'options des mises a jours..
- Une fois installé, fermes toutes les applications en cours et lances Ccleaner
- clic sur mode avancé et décoche la case " effacer les fichiers du....plus vieux que 48h, ne touches pas aux autres parametres
- Clic sur "Nettoyeur " >> " analyse " >> et lances le nettoyage, puis refermes le programme

* telecharge SDFix sur ton bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

- Fermes toutes les applications en cours, puis double clic sur le raccourci de ton bureau
- Clic sur " Install " pour l'extraire dans un dossier dedié

- Redemarres ton pc en mode sans echec :
- Au demarrage du pc, tapotes sur la touche F8 ou F5 du clavier juste aprés le bip du bios et avant le logo " windows "
- Un ecran avec plusieurs choix apparaitra > selectionnes " mode sans echec " et valides par la touche " Entrée " de ton clavier

- Une fois en " mode sans echec " , ouvres le fichier créé, puis double clic sur " Runthis.bat "
- Une fenetre noir apparait, appuies sur la touche " Y " pour lancer le nettoyage
- Le bureau va disparaitre, c'est normal
- L'outil va travailler, patientes jusqu'à la fin du scan
- Une fois terminé, Sdfix te signalera que l'ordi doit redemarrer, acceptes en pressant une touche..
- Le pc va redemarrer en mode normal, une fois ton bureau en place, il va générer un rapport
- Sauvegardes le et poste son contenu ( tu le trouveras aussi à c:\report.txt)
.

Répondre à Ced_King

trigo, le 11 mar 2009 à 14:37:17

Salut

je ne trouve pas: Clic sur " Install " pour l'extraire dans un dossier dedié

je bloc a ce moment la,je ne trouve 'install" quand je clic sur le racourci du bureau

Répondre à trigo

Ced_King, le 11 mar 2009 à 14:43:39

Regardes le tuto ( Merci à bibou0007) :

http://www.bibou0007.com/outils-specifiques-f78/tutorial-sdfix-t1294.htm

Répondre à Ced_King

trigo, le 11 mar 2009 à 14:58:00

Une fois que j'ai enregistrer sur mon bureau et que j'ai double cliquer sur "sdfix" je n'ai pas d'avertissement de securité.

jai ca qui s'ouvre a la place quand je double clic

SDFix has been extracted to %systemdrive%\SDFix\
(Drive that contains the Windows directory - typically C:\SDFix)

Open the SDFix folder in Safe Mode and double click the RunThis.bat file to start the fixtool
If RunThis.bat is started in Normal Mode, options to download and run Anti-Virus command line scanners are displayed

Catchme.exe Stealth Malware Detector by GMER is also included in the SDFix folder

Additional SDFix Instructions & screen shots can be found here - http://www.bleepingcomputer.com/forums/topic131299.html

SDFix a été extrait dans %systemdrive%\SDFix\
(Le disque qui contient le répertoire Windows - typiquement C:\SDFix)

Ouvrez le dossier SDFix en mode sans échec et double cliquez sur le fichier RunThis.bat pour démarrer l'outil.
Si RunThis.bat est lancé en mode normal, les options pour télécharger et lancer les scanners Antivirus en ligne de commande seront affichées

Catchme.exe Stealth Malware Detector de GMER est également inclus dans le dossier SDFix

Instructions supplémentaires pour SDFix & captures d'écran peuvent être trouvées ici - http://www.bleepingcomputer.com/forums/topic131299.html

SDFix wurde nach %systemdrive%\SDFix\ entpackt
(Das ist das laufwerk welches den Windows Ordner enthält - normalerweise c:\SDFix)

Öffe den SDFix Ordner im Abgesicherten Modus und doppelklicke zum starten die RunThis.bat Datei
Sollte die RunThis.bat im normalen Modus gestartet werden, wird einem die Möglichkeiten geboten Antivirenscanner für die Kommandozeile
(Dosbox) downzuloaden.

Das Programm Catchme Malware Detector von Gmer ist auch im SDFix Ordner enthalten.

Zusätzliche SDFix Anleitungen und Screen Shots können hier nach geschaut werden: [url="http://www.bleepingcomputer.com/forums/topic131299.html"]http://www.bleepingcomputer.com/forums/topic131299.html /url

Répondre à trigo

Ced_King, le 11 mar 2009 à 15:08:46

Essayes ceci :

Clic sur Démarrer > Exécuter
*Copies/colles ceci: %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
*Clic sur Ok.
*Redémarres et essaies de relancer SDFix.

Répondre à Ced_King

Posez votre question Répondre