[Résolu]Ecrans bleus à répétition

[pkcl]

Bonjour à tous,

 

J'ai depuis quelque temps des écrans bleus plusieurs fois par jour, et pas toujours les mêmes: 0x0000008 / 0x00000050 / 0x000000C2 / 0x0000004E / 0x0000008 / 0x0000007

Je n'arrive pas à comprendre pourquoi. Souvent c'est lorsque j'ouvre des photos, mais pas uniquement. Est ce quelqu'un au vu du rapport HijackThis ci-dessous pourrai m'aider? Merci d'avance.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:23:16, on 23/01/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\ASUS\ATK Media\DMedia.exe

C:\Program Files\ESET\nod32kui.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\PKCL\Application Data\Mozilla\Profiles\default\y3qyls7l.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\PKCL\Application Data\Mozilla\Profiles\default\y3qyls7l.slt\prefs.js)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (disabled by BHODemon)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Startup: CCC.lnk = ?

O4 - Global Startup: Bluetooth Manager.lnk.disabled

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)

O20 - AppInit_DLLs: hplun.dll C:\Windows\system32\guard32.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: ILLWT - Unknown owner - C:\Users\pkcl\AppData\Local\Temp\ILLWT.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: PDAgent - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (file missing)

O23 - Service: PDEngine - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (file missing)

O23 - Service: Privacyware network service (PFNet) - Privacyware/PWI, Inc. - C:\Program Files\Privacyware\Dynamic Security Agent\pfsvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

 

--

End of file - 8095 bytes

Modifié le 9 février 2008 par pkcl

[Gof]

Bonsoir pkcl

 

Messages: 2

Bienvenue sur les forums de Zebulon.

 

Quelques liens pour t'aider à commencer :

• Comment participer à un forum
  
• retrouver ses messages et activer la notification par email
  

~~~~

 

Ton souci ne semble pas à priori d'ordre infectieux. Est ce que les plantages sont également présents en mode sans échec ? On va fouiller un peu, mais je doute pouvoir t'aider efficacement sur un souci non infectieux.

 

Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.

NB : Tu dois être connecté avec des droits d'Administrateur.

1. ferme toutes les applications et fenêtres
   
2. double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
   Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
   
3. s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
   • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
     Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
     
   • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
     main.txt <- ouvert en premier plan et en plein écran
     extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
     

S'il s'agit d'une utilisation supplémentaire de DSS :

• tu n'auras pas de boîte de dialogue (pas de OK)
  
• quand le traitement est terminé, un fichier texte s'affiche :
  main.txt <- ouvert en premier plan et en plein écran
  

[*] copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post

[*] copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)

[*] n'oublie pas de réactiver les protections si elles ont été stoppées.

[pkcl]

Merci Beaucoup GOF, de bien vouloir m'accorder un peu de ton temps pour essayer de solutionner mon problème.

J'ai très fréquemment (plusieurs fois par jour) des écrans bleus. La plupart sont 0x0000007F, mais il m'arrive aussi d'avoir des 0x00000008, et quelques autres plus rares comme 0x0000004E. Le dernier en date étant pendant le scan de DSS. Il m'arrive aussi d'avoir ces écrans bleu, même en mode sans échec, tout particulièrement pendant les scans d'A².

 

De mon coté j'ai déjà beaucoup cherché, et essayé plein de nettoyages de toutes sorte, mais rien n'y fait. C'est la raison pour laquelle je pense que tu dois avoir raison,il ne s'agit probablement pas d'infection. Mais bien sûr, c'est la première chose à laquelle on pense, et certains malwares ou rootkits sont tellements virulants, qu'on pense qu'ils peuvent résister à tous les softs de nettoyage.

Parmis les conflits possibles, j'ai 2 pistes:

1 - Windows update installe une maj de sécurité kb925902 qui provoque des écrans bleus avec certaines imprimantes en wifi. C'est mon cas. Ils ont donc sorti un correctif kb935843 (1Mo) que je n'arrive pas à installer. Windows me dit que je n'ai pas assez de place!!!! Je ne trouve plus non plus trace de la 1ère maj. Lorsque j'essaye de la réinstaller à nouveau, windows me dit que ce n'est pas pour mon système. Or c'est 100% pour mon système!!!

2 - J'ai installé Comodo en Firewall, et je vois qu'il me reste des traces d'Outpost que je n'arrive pas à supprimer

 

Je te poste les 2 résultats DSS, en espérant que tu sauras y comprendre quelque chose. Moi non!

Encore merci pour ton aide.

 

 

 

 

 

 

Deckard's System Scanner v20071014.68

Run by pkcl on 2008-01-26 18:02:24

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- Last 5 Restore Point(s) --

12: 2008-01-26 03:09:50 UTC - RP512 - Deckard's System Scanner Restore Point

11: 2008-01-25 02:22:07 UTC - RP511 - Windows Update

10: 2008-01-24 08:31:11 UTC - RP510 - Opera 9.50 togs bort

9: 2008-01-24 08:30:56 UTC - RP509 - Before uninstall Opera 9.50

8: 2008-01-24 08:29:32 UTC - RP507 - Before uninstall Opera

 

 

-- First Restore Point --

1: 2008-01-20 12:17:20 UTC - RP497 - Windows Update

 

 

Backed up registry hives.

Performed disk cleanup.

 

 

 

-- HijackThis (run as pkcl.exe) ------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:04:43, on 26/01/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ESET\nod32kui.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Users\pkcl\Desktop\dss.exe

C:\Windows\system32\conime.exe

C:\PROGRA~1\Trend Micro\HijackThis\pkcl.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\PKCL\Application Data\Mozilla\Profiles\default\y3qyls7l.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\PKCL\Application Data\Mozilla\Profiles\default\y3qyls7l.slt\prefs.js)

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Startup: CCC.lnk = ?

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Bluetooth Manager.lnk.disabled

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O20 - AppInit_DLLs: hplun.dll C:\Windows\system32\guard32.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Privacyware network service (PFNet) - Privacyware/PWI, Inc. - C:\Program Files\Privacyware\Dynamic Security Agent\pfsvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

 

--

End of file - 5785 bytes

 

-- HijackThis Fixed Entries (C:\PROGRA~1\Trend Micro\HijackThis\backups\) ------

 

backup-20080122-041020-932 O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe

backup-20080124-093615-100 O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

backup-20080124-093615-110 O13 - Gopher Prefix:

backup-20080124-093615-124 O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

backup-20080124-093615-146 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/

backup-20080124-093615-339 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html

backup-20080124-093615-345 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

backup-20080124-093615-370 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

backup-20080124-093615-437 O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

backup-20080124-093615-476 O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (disabled by BHODemon)

backup-20080124-093615-660 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

backup-20080124-093615-694 O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

backup-20080124-093615-737 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

backup-20080124-093615-749 R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

backup-20080124-093615-790 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

backup-20080124-093615-896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

backup-20080124-093615-965 O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

backup-20080124-093634-290 O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)

backup-20080124-093634-364 O23 - Service: PDEngine - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (file missing)

backup-20080124-093634-730 O23 - Service: ILLWT - Unknown owner - C:\Users\pkcl\AppData\Local\Temp\ILLWT.exe (file missing)

backup-20080124-093634-747 O23 - Service: PDAgent - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (file missing)

backup-20080124-093634-792 O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

backup-20080124-093634-796 O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

 

-- File Associations -----------------------------------------------------------

 

All associations okay.

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R3 WCPU - \??\c:\program files\p4g\wcpu.sys

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 ASLDRService (ASLDR Service) - c:\program files\atk hotkey\asldrsrv.exe <Not Verified; ; ADSMSrv>

R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

R2 TOSHIBA Bluetooth Service - c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe <Not Verified; TOSHIBA CORPORATION; Bluetooth Stack for Windows by TOSHIBA>

 

S4 ILLWT - c:\users\pkcl\appdata\local\temp\illwt.exe (file missing)

S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe (file missing)

S4 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe

S4 PDAgent - "c:\program files\raxco\perfectdisk\pdagent.exe" (file missing)

S4 PDEngine - "c:\program files\raxco\perfectdisk\pdengine.exe" (file missing)

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

No disabled devices found.

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2008-01-25 17:17:49 392 --a------ C:\Windows\Tasks\Maintenance en 1 clic.job

2007-11-26 08:07:49 320 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{E620316F-33B5-40B8-8FDA-212DF236024E}.job

 

 

-- Files created between 2007-12-26 and 2008-01-26 -----------------------------

 

2008-01-24 22:03:51 0 d-------- C:\Program Files\Common Files\Skype

2008-01-24 09:01:09 0 d-------- C:\Program Files\SpywareGuard

2008-01-24 08:52:04 0 d-------- C:\Program Files\SpywareBlaster

2008-01-24 00:17:50 0 d-------- C:\Users\pkcl\Application Data\FreeCommander

2008-01-24 00:17:39 0 d-------- C:\Program Files\FreeCommander

2008-01-22 03:53:37 0 d-------- C:\Program Files\Trend Micro

2008-01-22 03:52:53 233472 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>

2008-01-21 03:38:01 0 d-------- C:\Users\pkcl\Application Data\Comodo

2008-01-21 03:38:00 0 d-------- C:\Users\All Users\comodo

2008-01-21 03:37:57 0 d-------- C:\Program Files\COMODO

2008-01-06 18:32:56 0 d-------- C:\Program Files\Intel Corporation

2008-01-04 15:59:49 99736 --a------ C:\Windows\system32\GDIPFONTCACHEV1.DAT

2008-01-04 13:11:27 0 d-------- C:\Program Files\Bluetack

2008-01-04 13:10:41 0 d-------- C:\Windows\Downloaded Installations

2008-01-04 12:20:57 0 d-------- C:\Users\All Users\Privacyware

2008-01-04 12:20:57 0 d-------- C:\Program Files\Privacyware

2007-12-29 06:50:18 0 d-------- C:\Program Files\Foxit Software

2007-12-29 05:27:49 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com

2007-12-29 05:27:35 0 d-------- C:\Users\pkcl\Application Data\SUPERAntiSpyware.com

2007-12-29 05:27:35 0 d-------- C:\Program Files\SUPERAntiSpyware

2007-12-28 12:20:01 0 d-------- C:\Program Files\MSXML 4.0

2007-12-28 10:00:23 0 d-------- C:\Program Files\TuneUp Utilities 2008

2007-12-28 09:44:59 0 d-------- C:\Program Files\Yahoo!

2007-12-28 09:44:47 0 d-------- C:\Program Files\CCleaner

2007-12-28 06:06:07 0 d-------- C:\Users\pkcl\Application Data\WinRAR

2007-12-27 21:40:19 0 d-------- C:\Program Files\a-squared Free(969)

2007-12-27 13:37:50 0 d-------- C:\Users\pkcl\Application Data\Macromedia

2007-12-27 13:37:50 0 d-------- C:\Users\pkcl\Application Data\Adobe(1002)

2007-12-27 13:33:57 0 d-------- C:\Users\pkcl\Application Data\Mozilla(1080)

2007-12-27 13:15:04 0 d-------- C:\Users\pkcl\Application Data\skypePM

2007-12-27 13:14:58 0 d-------- C:\Users\pkcl\Application Data\ATI

2007-12-27 12:53:24 0 d-------- C:\Users\pkcl\Application Data\URSoft(1082)

2007-12-27 12:45:22 0 d-------- C:\Users\pkcl\Application Data\TuneUp Software(1081)

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-01-26 17:58:23 0 d-------- C:\Users\pkcl\AppData\Roaming\Skype

2008-01-26 17:37:32 693588 --a------ C:\Windows\system32\perfh00C.dat

2008-01-26 17:37:32 118450 --a------ C:\Windows\system32\perfc00C.dat

2008-01-26 17:19:25 12 --a------ C:\Windows\bthservsdp.dat

2008-01-26 17:12:18 0 d-------- C:\Users\pkcl\AppData\Roaming\skypePM

2008-01-25 00:36:14 0 d-------- C:\Users\pkcl\AppData\Roaming\utorrent

2008-01-25 00:15:02 9256 --a------ C:\Windows\mozver.dat

2008-01-24 22:03:51 0 d-------- C:\Program Files\Common Files

2008-01-24 15:40:25 0 d-------- C:\Program Files\Opera 9.5 beta

2008-01-24 15:30:21 0 d-------- C:\Program Files\Opera

2008-01-24 00:17:50 0 d-------- C:\Users\pkcl\AppData\Roaming\FreeCommander

2008-01-21 03:38:01 0 d-------- C:\Users\pkcl\AppData\Roaming\Comodo

2008-01-14 15:02:14 0 d-------- C:\Program Files\a-squared Free

2008-01-09 05:11:29 0 d-------- C:\Program Files\Windows Mail

2008-01-09 05:11:28 0 d-------- C:\Program Files\Windows Sidebar

2007-12-30 02:47:00 0 d-------- C:\Users\pkcl\AppData\Roaming\vlc

2007-12-29 20:10:04 0 d-------- C:\Users\pkcl\AppData\Roaming\SUPERAntiSpyware.com

2007-12-29 20:09:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-12-28 22:32:34 0 d-------- C:\Program Files\ATI

2007-12-28 09:36:09 0 d--h----- C:\Users\pkcl\AppData\Roaming\Adobe

2007-12-28 07:58:10 0 d-------- C:\Program Files\Nero

2007-12-28 07:58:10 0 d-------- C:\Program Files\Common Files\Ahead

2007-12-28 06:59:01 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-12-28 06:06:07 0 d-------- C:\Users\pkcl\AppData\Roaming\WinRAR

2007-12-28 05:08:31 0 d-------- C:\Users\pkcl\AppData\Roaming\Winamp

2007-12-28 05:08:26 0 d-------- C:\Users\pkcl\AppData\Roaming\foobar2000

2007-12-28 05:08:26 0 d-------- C:\Users\pkcl\AppData\Roaming\dvdcss

2007-12-28 05:08:12 0 d-------- C:\Program Files\Realtek

2007-12-28 05:07:05 0 d-------- C:\Users\pkcl\AppData\Roaming\URSoft

2007-12-28 05:07:05 0 d--h----- C:\Users\pkcl\AppData\Roaming\TuneUp Software

2007-12-28 05:07:04 0 d-------- C:\Users\pkcl\AppData\Roaming\Systenance

2007-12-28 05:07:01 0 d-------- C:\Users\pkcl\AppData\Roaming\Sun

2007-12-28 05:06:51 0 d-------- C:\Users\pkcl\AppData\Roaming\Opera

2007-12-28 05:06:51 0 d-------- C:\Users\pkcl\AppData\Roaming\NewSoft

2007-12-28 05:06:51 0 d-------- C:\Users\pkcl\AppData\Roaming\Nero

2007-12-28 05:06:50 0 d-------- C:\Users\pkcl\AppData\Roaming\Mozilla

2007-12-28 05:06:25 0 d-------- C:\Users\pkcl\AppData\Roaming\CyberScrub

2007-12-28 05:06:25 0 d-------- C:\Users\pkcl\AppData\Roaming\BinarySense

2007-12-27 14:43:00 0 d-------- C:\Users\pkcl\AppData\Roaming\Adobe(1002)

2007-12-27 13:37:50 0 d-------- C:\Users\pkcl\AppData\Roaming\Macromedia

2007-12-27 13:33:57 0 d-------- C:\Users\pkcl\AppData\Roaming\Mozilla(1080)

2007-12-27 13:14:58 0 d-------- C:\Users\pkcl\AppData\Roaming\ATI

2007-12-27 12:53:24 0 d-------- C:\Users\pkcl\AppData\Roaming\URSoft(1082)

2007-12-27 12:45:22 0 d-------- C:\Users\pkcl\AppData\Roaming\TuneUp Software(1081)

2007-12-18 23:52:24 0 d-------- C:\Program Files\ASUS

2007-12-15 06:01:43 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>

2007-12-09 07:30:09 0 d-------- C:\Program Files\Your Uninstaller 2008

2007-11-19 11:17:26 298104 --a------ C:\Windows\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [01/12/2006 18:37 C:\Windows\RtHDVCpl.exe]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [22/11/2006 12:27]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [19/11/2007 11:17]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11/04/2007 15:32 C:\Windows\KHALMNPR.Exe]

"@"="" []

"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [21/01/2008 03:37]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [19/03/2007 05:05]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09/01/2008 05:00]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 16:46]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 19:36]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [12/11/2007 15:48]

 

C:\Users\pkcl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [29/09/2006 09:57:36]

SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29/08/2003 19:05:35]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk.disabled [10/07/2007 10:35:54]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

"EnableLUA"=0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoInstrumentation"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=hplun.dll C:\Windows\system32\guard32.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

"Mozilla Quick Launch"="C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

"OODefragTray"=C:\Windows\system32\oodtray.exe

"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe

"HControl"=C:\Windows\ATK0100\HControl.exe

"Dynamic Security Agent"=C:\Program Files\Privacyware\Dynamic Security Agent\DSA.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient

LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt

LocalServiceNoNetwork PLA DPS BFE mpssvc

LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg

bthsvcs BthServ

WindowsMobile wcescomm rapimgr

LocalServiceRestricted WcesComm RapiMgr

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

AutoRun\command- E:\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

AutoRun\command- F:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4694ce7b-3e43-11dc-83ea-0018f371fa19}]

AutoRun\command- F:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4694ce7c-3e43-11dc-83ea-0018f371fa19}]

AutoRun\command- F:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cdf660f-17c5-11dc-9f83-0018f371fa19}]

AutoRun\command- F:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{782baacd-43e4-11dc-8b9a-806e6f6e6963}]

AutoRun\command- F:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b62a8b7-4665-11dc-a5aa-0018f371fa19}]

AutoRun\command- F:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dac3c068-3c06-11dc-89bd-0018f371fa19}]

AutoRun\command- F:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dac3c080-3c06-11dc-89bd-0018f371fa19}]

AutoRun\command- F:\AutoRun.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {8BB7F11E-4F20-9E97-0350-0EEDEF3C3D89} /qb

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

 

 

 

-- Hosts -----------------------------------------------------------------------

 

127.0.0.1 localhost

127.0.0.1 123spywar.com

127.0.0.1 www.123spywar.com

127.0.0.1 1clickspyclean.com

127.0.0.1 www.1clickspyclean.com

127.0.0.1 1clicksuite.net

127.0.0.1 www.1clicksuite.net

127.0.0.1 1spyware-removal.com

127.0.0.1 www.1spyware-removal.com

127.0.0.1 1spywarekiller.com

 

10302 more entries in hosts file.

 

 

-- End of Deckard's System Scanner: finished at 2008-01-26 18:16:00 ------------

 

 

 

 

 

 

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft® Windows Vista™ Professionnel (build 6000)

Architecture: X86; Language: French

 

CPU 0: Intel® Core2 CPU T5600 @ 1.83GHz

Percentage of Memory in Use: 33%

Physical Memory (total/avail): 2046.66 MiB / 1356.87 MiB

Pagefile Memory (total/avail): 4328.32 MiB / 3524.55 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1920.45 MiB

 

C: is Fixed (NTFS) - 66.03 GiB total, 21.83 GiB free.

D: is Fixed (NTFS) - 43.89 GiB total, 33.34 GiB free.

E: is CDROM (No Media)

 

\\.\PHYSICALDRIVE0 - Hitachi HTS541612J9SA00 ATA Device - 111.79 GiB - 3 partitions

\PARTITION0 - Unknown - 1906.12 MiB

\PARTITION1 (bootable) - Système de fichiers installable - 66.03 GiB - C:

\PARTITION2 - Étendu avec Inter. 13 étendue - 43.89 GiB - D:

 

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

 

FW: COMODO Firewall Pro v3.0 (COMODO)

FW: Privatefirewall v6.0 (Privacyware) Disabled

FW: Outpost Firewall Pro v6.0 (Agnitum)

AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Disabled

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

AS: Outpost Firewall Pro vASWDB6, VB4.3, VDB9 (Agnitum) Disabled

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\ProgramData

APPDATA=C:\Users\pkcl\AppData\Roaming

CLASSPATH=C:\Program Files\QuickTime\QTSystem\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=PC-DE-PKCL

ComSpec=C:\Windows\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Users\pkcl

LOCALAPPDATA=C:\Users\pkcl\AppData\Local

LOGONSERVER=\\PC-DE-PKCL

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\QuickTime Alternative\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0f06

ProgramData=C:\ProgramData

ProgramFiles=C:\Program Files

PROMPT=$P$G

PUBLIC=C:\Users\Public

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\Users\pkcl\AppData\Local\Temp

TMP=C:\Users\pkcl\AppData\Local\Temp

USERDOMAIN=PC-de-pkcl

USERNAME=pkcl

USERPROFILE=C:\Users\pkcl

windir=C:\Windows

__COMPAT_LAYER=DisableNXShowUI

 

 

-- User Profiles ---------------------------------------------------------------

 

pkcl (admin)

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

--> C:\Windows\IsUninst.exe -fC:\Windows\system32\UninstIPP.isu

--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL

--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL

--> C:\Windows\UNNeroShowTime.exe /UNINSTALL

--> C:\Windows\UNNeroVision.exe /UNINSTALL

--> C:\Windows\UNRecode.exe /UNINSTALL

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{329899E1-CBBA-49BC-9FFE-199E94316727}\setup.exe" -l0x9 -removeonly

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

a-squared Free 3.0 --> "C:\Program Files\a-squared Free\unins000.exe"

Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"

ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9

ASUS Setting Center --> C:\Program Files\InstallShield Installation Information\{6A1AC289-45CD-4561-B666-DB80C72F6DAF}\Setup.exe -runfromtemp -l0x0009 -removeonly

ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATK Hotkey --> C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\setup.exe -runfromtemp -l0x0009 -removeonly

ATK Media --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\setup.EXE" -l0x9

ATK0100 ACPI UTILITY --> C:\Windows\ATK0100\XPunin.exe

ATKOSD2 --> C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\setup.exe -runfromtemp -l0x0009 -removeonly

µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

µTorrent 1.6.1 (Build 490) --> C:\Program Files\utorrent\Uninstal.exe

Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}

Canon CanoScan Toolbox 5.0 --> "C:\Program Files\Canon\CanoScan Toolbox Ver5.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\CanoScan Toolbox Ver5.0\uninst.ini

CanoScan LiDE 70 --> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411 /L0x000c

CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"

CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}

Color LaserJet 2600n --> C:\Program Files\Zenographics\{50B3275F-6D5B-41E5-8BE7-19FFC78856E6}\SETUP.EXE -u "HPCLJKCInstaller.dll=CLJ2600.INF"

COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u

Debugging Tools for Windows --> MsiExec.exe /I{D459A7BB-F85E-4C0E-8AEC-3D90C4549740}

Dynamic Security Agent 2.0 --> MsiExec.exe /X{AD88BB6D-EA59-444B-A8B3-2007F649186A}

foobar2000 v0.9.4.3 --> "C:\Program Files\foobar2000\uninstall.exe"

Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe

Free Games Offer, Desktop Shortcut --> MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66}

FreeCommander 2007.10a --> "C:\Program Files\FreeCommander\unins000.exe"

FxVisor --> MsiExec.exe /I{F691A1F5-2789-46CE-A45A-57763198D384}

Gestionnaire pour appareils Windows Mobile --> MsiExec.exe /I{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}

HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}

Kill Process 5.0.0.5 (désinstaller seulement) --> "C:\Program Files\Kill Process\uninstall.exe"

Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x040c -removeonly

Microsoft Exchange 2007 Management Pack for MOM 2005 --> MsiExec.exe /X{3829A1F7-AF25-463F-9937-1519A4C24611}

Microsoft Office Access MUI (French) 2007 --> MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007 --> MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Language Pack 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}

Microsoft Office Outlook MUI (French) 2007 --> MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007 --> MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Mobile Connect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}\setup.exe" -l0x9 -removeonly

Motorola SM56 Speakerphone Modem --> rundll32.exe sm56co6a.dll,SM56UnInstaller

Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Netscape (7.1) --> C:\Windows\NSUninst.exe /ua "7.1b1 (fr)"

NOD32 Antivirus System --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL

Power4Gear eXtreme --> C:\Program Files\InstallShield Installation Information\{8CFEBE9C-F29F-4C49-80E0-7106970F8734}\setup.EXE -runfromtemp -l0x040c -removeonly

PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.EXE" -uninstall

Real Alternative 1.52 --> "C:\Program Files\Real Alternative\unins000.exe"

Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\SETUP.EXE -runfromtemp -l0x040c -removeonly

Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly

Realtek USB 2.0 Card Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly

Remote Controller --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B802EBE-CDAD-477C-9AD4-069615D377EB}\setup.exe" -l0x9 -removeonly

RocketDock 1.3.1 --> "C:\Program Files\RocketDock\unins000.exe"

Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Snoqualmie 1.0 --> C:\Windows\system32\snounin.exe

Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"

SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"

Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}

Update for Outlook 2007 Junk Email Filter (kb943597) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A751F0DB-8476-4207-956E-20AEBBA4B1DA}

USB2.0 1.3M Web Cam --> C:\Windows\StkUnist.exe

USB2.0 1.3M WebCam --> C:\Windows\StkUnist.exe

Utilitaire Intel® de lecture de la fréquence du processeur --> MsiExec.exe /X{B772E270-02DF-4B70-9FA8-1383BBB81FDD}

VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe

Vista Codec Package --> MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}

Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinFlash --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\Setup.exe" -l0x9

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

Wireless Console 2 --> C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\setup.exe -runfromtemp -l0x040c -removeonly

XNResourceEditor 3.0.0.1 --> "C:\Program Files\XN Resource Editor\unins000.exe"

Your Uninstaller! 2008 Version 6.0 --> "C:\Program Files\Your Uninstaller 2008\unins000.exe"

Your Uninstaller! PRO 2006 5.0.0.345 --> "C:\Program Files\Your Uninstaller 2006\unins000.exe"

 

 

-- Application Event Log -------------------------------------------------------

 

Event Record #/Type58761 / Warning

Event Submitted/Written: 01/26/2008 05:32:57 PM

Event ID/Source: 1001 / MsiInstaller

Event Description:

Échec de détection du produit ‘{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}’, fonctionnalité ‘Phone’ lors de la demande du composant ‘{57FF4446-590E-4894-AE39-D55928DBDE01}’

 

Event Record #/Type58760 / Warning

Event Submitted/Written: 01/26/2008 05:32:56 PM

Event ID/Source: 1004 / MsiInstaller

Event Description:

Échec de détection du produit ‘{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}’, fonctionnalité ‘Phone’, composant ‘{7A702427-1ED2-4768-88B7-F563D4703DDC}. La ressource ‘HKEY_LOCAL_MACHINE\Software\Classes\{327C8820-8DED-4BD2-A7F6-D07B9DD5698F}\’ n’existe pas.

 

Event Record #/Type58755 / Success

Event Submitted/Written: 01/26/2008 05:32:51 PM

Event ID/Source: 5617 / WinMgmt

Event Description:

 

 

Event Record #/Type58751 / Success

Event Submitted/Written: 01/26/2008 05:32:29 PM

Event ID/Source: 5615 / WinMgmt

Event Description:

 

 

Event Record #/Type58747 / Success

Event Submitted/Written: 01/26/2008 05:31:29 PM

Event ID/Source: 902 / Software Licensing Service

Event Description:

Le service de gestion des licences du logiciel a démarré.

 

 

 

-- Security Event Log ----------------------------------------------------------

 

No Errors/Warnings found.

 

 

-- System Event Log ------------------------------------------------------------

 

Event Record #/Type89411 / Error

Event Submitted/Written: 01/26/2008 05:35:00 PM

Event ID/Source: 7001 / Service Control Manager

Event Description:

Service Partage réseau du Lecteur Windows MediaHôte de périphérique UPnP%%1068

 

Event Record #/Type89410 / Error

Event Submitted/Written: 01/26/2008 05:35:00 PM

Event ID/Source: 7001 / Service Control Manager

Event Description:

Hôte de périphérique UPnPDécouverte SSDP%%1058

 

Event Record #/Type89395 / Error

Event Submitted/Written: 01/26/2008 05:33:00 PM

Event ID/Source: 7001 / Service Control Manager

Event Description:

Service Partage réseau du Lecteur Windows MediaHôte de périphérique UPnP%%1068

 

Event Record #/Type89394 / Error

Event Submitted/Written: 01/26/2008 05:33:00 PM

Event ID/Source: 7001 / Service Control Manager

Event Description:

Hôte de périphérique UPnPDécouverte SSDP%%1058

 

Event Record #/Type89375 / Error

Event Submitted/Written: 01/26/2008 05:32:56 PM

Event ID/Source: 7001 / Service Control Manager

Event Description:

Hôte de périphérique UPnPDécouverte SSDP%%1058

 

 

 

-- End of Deckard's System Scanner: finished at 2008-01-26 18:16:00 ------------

[Gof]

Bonjour pkcl

 

En effet, tu as un souci avec les pare-feux :

Windows Internal Firewall is enabled.

 

FW: COMODO Firewall Pro v3.0 (COMODO)

FW: Privatefirewall v6.0 (Privacyware) Disabled

FW: Outpost Firewall Pro v6.0 (Agnitum) (activé, pas activé, on ne sait pas)

 

J'imagine que la version Pro de Outpost que tu avais n'étais pas légale ?

 

Désinstalle

• Dynamic Security Agent 2.0
  Java™ 6 Update 2
  

Je souhaiterais que tu fasses une anayse en ligne, afin d'écarter tout de suite l'origine infectieuse :

 

 

Rends toi sur ESET Online Scanner : http://www.eset.com/onlinescan/

• Coche la case YES, I accept the Terms Of Use
  
• Clique sur le bouton Start
  
• Clique maintenant sur Install button
  
• Clique à nouveau sur Start
  

• Les mises à jour du scan en ligne vont se faire.
  
• Ne coche pas Remove found threats
  
• Clique sur Scan button
  

• Le scan va démarrer, sois patient.
  
• Quand le scan sera terminé, clique sur Details tab
  
• Copie colle en réponse le contenu de C:\Program Files\EsetOnlineScanner\log.txt back
  

[pkcl]

Oui tu as raison pour la version d'Outpost, elle était piratée car j'ai voulu tester plusieurs firewall, donc... J'avais très envie de Comodo, mais les avis un peu négatifs de Clubic m'en avait tout d'abord dissuadé. Cela dit j'ai tout essayé pour en supprimer toutes les traces, mais je n'y suis pas parvenu.

 

Je te remercie de ton aide mais j'aime comprendre ce que je fais. Pourquoi m'as tu demandé de désinstaller Java6 update 2 & Dynamic Sécurity Agent 2.0?

 

Aujourd'hui j'ai eu 2 nouveaux écrans bleus. Le traditionnel 0x0000007F et un nouveau!!! 0x00000024 qui semble confirmer un problème matériel et/ou logiciel.

 

Concernant le scan Nod32, je pense que tu avais raison, il n'a rien trouvé.

 

 

 

# version=4

# OnlineScanner.ocx=1.0.0.56

# OnlineScannerDLLA.dll=1, 0, 0, 51

# OnlineScannerDLLW.dll=1, 0, 0, 51

# OnlineScannerUninstaller.exe=1, 0, 0, 49

# vers_standard_module=2825 (20080127)

# vers_arch_module=1.063 (20080117)

# vers_adv_heur_module=1.060 (20070601)

# EOSSerial=55afd85892bbc243848ce8dc62bba0ec

# end=finished

# remove_checked=false

# unwanted_checked=false

# utc_time=2008-01-27 01:33:05

# local_time=2008-01-27 08:33:05 (+0700, Asie du Sud-Est)

# country="France"

# osver=6.0.6000 NT

# scanned=240041

# found=0

# scan_time=2601

# nod_component=NOD32MOD_WINNT_FRENCH_BASE Build:0x11081627 (NOD32 pour Windows NT/2000/XP/2003/Vista/x64 - base)

# nod_component=NOD32MOD_WINNT_FRENCH_INET Build:0x11081627 (NOD32 pour Windows NT/2000/XP/2003/Vista/x64 - support Internet )

# nod_component=NOD32MOD_WINNT_FRENCH_STANDARD Build:0x11081627 (NOD32 pour Windows NT/2000/XP/2003/Vista/x64 - composant standard)

[pear]

Bonjour Gof ,pkcl,

 

Toutes les erreurs que vous citez dans votre message initial se réfèrent à des pilotes de périphériques inadaptés ou obsolètes.

 

Mettez les à jour.

Modifié le 27 janvier 2008 par pear

[pkcl]

Bonjour Gof ,pkcl,

 

Toutes les erreurs que vous citez dans votre message initial se réfèrent à des pilotes de périphériques inadaptés ou obsolètes.

 

Mettez les à jour.

 

 

Bonjour Pear,

 

J'ai commencé par là. Je tourne sous Vista Business (légal), et je fais toutes les mises à jours windows, ATI, etc... Maintenant, effectivement, peut être en ai-je oublié un, ou peut être que j'ai installé 1 pilote inadapté? Pour le savoir, Driver Genious est t'il l'outil adapté?

Merci

[pear]

Bonjour,

 

Pour le savoir, Driver Genious est t'il l'outil adapté?

 

N'utilisant pas Vista, je suis au regret de ne pas pouvoir vous répondre.

[Gof]

Bonjour tous les 2

 

Pour ton souci bien précis, pas évident de savoir quel en est l'origine. Peut-être peux tu essayer la détection en ligne de la configuration avec suggestion des drivers en conséquence ?

http://config.zebulon.fr/

Le sous-forum dédié à Vista pourra eut-être t'aider aussi :

Windows Vista

Bon courage

[pkcl]

Bonjour tous les 2

 

Pour ton souci bien précis, pas évident de savoir quel en est l'origine. Peut-être peux tu essayer la détection en ligne de la configuration avec suggestion des drivers en conséquence ?

http://config.zebulon.fr/

Le sous-forum dédié à Vista pourra eut-être t'aider aussi :

Windows Vista

Bon courage

 

 

 

Bonjour Gof,

 

J'étais absent quelques jours, et de plus j'ai aussi voulu appliquer tous tes conseils durant quelques jours, pour être bien sur. En ce qui concerne les drivers, ceux installés sur mon ordi sont plus récents que ceux proposés. en revanche, j'ai désinstallé plusieurs drivers, puis réinstallé, ainsi que Java comme tu me l'avais suggéré. J'ai réinstallé la dernière version (Java), et depuis quelques jours.... plus aucun écran bleu!!! Je pense que tu avais vu juste avec Java. Je vais malgré tout attendre le SP1 de Vista, qui je l'espère va enfin stabiliser le système.

En tous les cas, je te remercie énormément pour tes conseils judicieux, ta patience et ton professionnalisme.