Aller au contenu

abidou

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    72

  • Inscription

  • Dernière visite

À propos de abidou

  • Date de naissance 17/07/1974

Contact Methods

  • Website URL
    http://awbeditions.blogspot.com
  • ICQ
    0

Profile Information

  • Sexe
    Male
  • Localisation
    Rabat - Maroc

Autres informations

  • Mes langues
    français

abidou's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. abidou
    C'est mieux. J'ai toujours par contre le message en rapport avec avira au démarrage et l'absence de la barre des langues. Mais niveau vitesse c'est mieux.
  2. abidou
    A ma connaissance je n'ai pas installé de serveur ! Par contre, j'ai récemment utilisé un VPN pour faire fonctionner Google earth depuis mon pays (le maroc) où il est vérouillé par mon fournisseur d'accès : ça vient peut-etre de là voici le nouveau rapport : Rapport de ZHPFix 1.3.07 par Nicolas Coolman, Update du 13/11/2012 Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-20-11-2012-17-03-19.txt Run by Abdelwouhab at 20-11-2012 17:03:17 Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002) ========== Clé(s) du Registre ========== SUPPRIME Key: CLSID ASIC: \SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} SUPPRIME Key: CLSID ASIC: \SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} SUPPRIME Key: HKCU\Software\Softonic SUPPRIME CLSID MPSK: {01ea584d-ace6-11de-91ef-00235a238e02} SUPPRIME CLSID MPSK: {1bb299df-c941-11de-b275-00235a238e02} SUPPRIME CLSID MPSK: {4102b163-3846-11e0-b4c1-00235a238e02} SUPPRIME CLSID MPSK: {43966477-8c1f-11df-a7e8-00235a238e02} SUPPRIME CLSID MPSK: {4885a858-f640-11de-ab8a-00235a238e02} SUPPRIME CLSID MPSK: {4a6c2fdb-ee22-11de-be24-00235a238e02} SUPPRIME CLSID MPSK: {60df8629-5cb9-11de-93bd-00235a238e02} SUPPRIME CLSID MPSK: {66156bd1-316f-11de-a0d8-00235a238e02} SUPPRIME CLSID MPSK: {6aa85ef0-438a-11de-8804-8000600fe800} SUPPRIME CLSID MPSK: {6aa86326-438a-11de-8804-00235a238e02} SUPPRIME CLSID MPSK: {807330e7-52ca-11df-a4c4-00235a238e02} SUPPRIME CLSID MPSK: {80733100-52ca-11df-a4c4-00235a238e02} SUPPRIME CLSID MPSK: {807332df-52ca-11df-a4c4-00235a238e02} SUPPRIME CLSID MPSK: {9d75b39c-e27e-11df-9847-00235a238e02} SUPPRIME CLSID MPSK: {9d75b3a0-e27e-11df-9847-00235a238e02} SUPPRIME CLSID MPSK: {9d75b3d0-e27e-11df-9847-00235a238e02} SUPPRIME CLSID MPSK: {a6090d37-e176-11e0-a9f4-900771c2c30f} SUPPRIME CLSID MPSK: {ad5fb3bc-3fe9-11df-93a7-00235a238e02} SUPPRIME CLSID MPSK: {c87fc4cb-f5da-11df-9c13-00235a238e02} SUPPRIME CLSID MPSK: {cf1451ca-3c17-11e0-aa6c-00235a238e02} SUPPRIME CLSID MPSK: {d2acc7eb-5108-11e1-a213-cfe8106ade7b} SUPPRIME CLSID MPSK: {e05b7e0d-3696-11de-8a5a-00235a238e02} SUPPRIME CLSID MPSK: {e05b7ebb-3696-11de-8a5a-00235a238e02} SUPPRIME CLSID MPSK: {e9537158-396c-11de-8604-00235a238e02} SUPPRIME CLSID MPSK: {ef969887-8cf7-11de-a4cc-00235a238e02} SUPPRIME CLSID MPSK: {f02fa3f8-b3c0-11de-b6cc-00235a238e02} SUPPRIME CLSID MPSK: {f02fa51b-b3c0-11de-b6cc-00235a238e02} SUPPRIME CLSID MPSK: {f62bdc88-bb95-11de-a4ca-00235a238e02} SUPPRIME CLSID MPSK: {f80e6d48-30b8-11de-a6c6-00235a238e02} ERREUR Key: Service Legacy: LEGACY_GAMECONSOLESERVICE SUPPRIME Key: HKLM\Software\Classes\axmetastream.metastreamctl SUPPRIME Key: HKLM\Software\Classes\axmetastream.metastreamctl.1 SUPPRIME Key: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary SUPPRIME Key: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1 ABSENT Key: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} ABSENT Key: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} ========== Valeur(s) du Registre ========== ABSENT Valeur Standard Profile: FirewallRaz : ABSENT Valeur Domain Profile: FirewallRaz : Aucune valeur présente dans la clé d'exception du registre (FirewallRaz) ========== Elément(s) de donnée du Registre ========== SUPPRIME R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page SUPPRIME R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy SUPPRIME R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 ========== Dossier(s) ========== SUPPRIME Reboot Folder**: C:\Program Files\Emoticon SUPPRIME Reboot Folder**: C:\Program Files\Family Toolbar SUPPRIME Folder: C:\Users\Abdelwouhab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emoticon SUPPRIME Flash Cookies: SUPPRIME Temporaires Windows: ========== Fichier(s) ========== ABSENT File: c:\windows\tasks\facebookupdatetaskusers-1-5-21-1166402973-847651922-843378175-1001core1cd6102857b955f.jo SUPPRIME File: c:\windows\tasks\facebookupdatetaskusers-1-5-21-1166402973-847651922-843378175-1001ua.job ABSENT File: c:\program files\viewpoint\viewpoint experience technology\axmetastream.dll SUPPRIME Flash Cookies: SUPPRIME Temporaires Windows: ========== Tache planifiée ========== SUPPRIME Task: {9FB61F58-741C-4DDF-B3EE-369EAFCFE603} ========== Récapitulatif ========== 39 : Clé(s) du Registre 3 : Valeur(s) du Registre 3 : Elément(s) de donnée du Registre 5 : Dossier(s) 5 : Fichier(s) 1 : Tache planifiée End of clean in 01mn 40s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 20-11-2012 17:03:19 [4438]
  3. abidou
    Bonjour bernard53, désolé, hier je n'ai pas pu me connecter. je n'ai pas vraiment ressenti du mieux : en fait, si effectivement le pc démarre plus vite, l'exécution des tâches après est toujours aussi lente en fait. voici le nouveau rapport : Téléchargement de fichier merci
  4. abidou
    Bonsoir, Finalement chkdsk est allé jusqu'au bout et plusieurs erreurs ont été détectées et réparées. J'ai fini toutes les étapes, que dois-je faire ?
  5. abidou
    Bonjour bernard53 Merci pour ta réponse et pour le temps que tu veuwx bien consacré à mon problème. Je n'arrive pas à finir l'étape 2 de ta solution : à chaque fois, chkdsk arrive à 23% puis l'ordinateur redémarre tout seul et reprend l'analyse à 0. Que dois-je faire ?
  6. abidou
    Bonjour à tous, cela fait longtemps que je ne me suis pas adressé à vous et pour cause : j'ai suivi tous vos conseils et j'ai longtemps été préservé. Aujourd'hui, plusieurs petits problèmes m'empêchent de correctement utiliser ma machine : Le démarrage de ma machine est très lent et avira ne s'exécute plus correctement. je reçois systématiquement ce message : "l'exception unknown software exception (0xc0000417) s'est produite dans l'application à l'emplacement 0x732a7256, cliquez sur ok pour terminer le programme" et lorsque je clique, le programme s'arrête et je suis obligé de relancer avira. La barre des langues disparaît systématiquement de ma barre à outils à chaque démarrage et pour la réactiver je suis obligé de passer par démarrer/exécuter/ctfmon.exe Certains programmes refusent de s'ouvrir si je ne redémarre pas ma machine (principalement google chrome) Il arrive que sans raison mon ordinateur s'emballe (UC à 100%) puis s'éteint tout seul Mon ordi est devenu très lent au point que pour juste voir une phrase tapée s'affichée sur word ou sur un autre programme ça prend 3 ou 4 minutes. J'espère que vous pourrez m'aider et vous en remercie par avance. Voici mon log hijackthis : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:18:06, on 16-11-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\iTunes\iTunesHelper.exe D:\Program Files\Mindjet\MindManager 10\MmReminderService.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\ehome\ehtray.exe C:\Users\Abdelwouhab\AppData\Local\Facebook\Update\FacebookUpdate.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe C:\Users\Abdelwouhab\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Abdelwouhab\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\rundll32.exe C:\Users\Abdelwouhab\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\trend micro\HiJackThis\HiJackThis.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail.fr, Messenger, Skype, Actualité, Sport, People, Femmes - MSN France R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Portail inwi R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail.fr, Messenger, Skype, Actualité, Sport, People, Femmes - MSN France R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail.fr, Messenger, Skype, Actualité, Sport, People, Femmes - MSN France R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - D:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MMReminderService] D:\Program Files\Mindjet\MindManager 10\MMReminderService.exe O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Abdelwouhab\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Ajouter au fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send Image To MindManager - res://D:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201 O8 - Extra context menu item: Send Link To MindManager - res://D:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203 O8 - Extra context menu item: Send Page To MindManager - res://D:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204 O8 - Extra context menu item: Send Text To MindManager - res://D:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - D:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CFA87AC5-335B-4633-8AF5-F6DDB9C2E1B3}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (BthServ) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Easybits Shared Services for Windows (ezSharedSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Accès du périphérique d'interface utilisateur (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\WindowsMobile\rapimgr.dll,-104 (RapiMgr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe O23 - Service: @%windir%\WindowsMobile\wcescomm.dll,-40079 (WcesComm) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 27331 bytes
  7. abidou
    juste un petit up
  8. abidou
    Bonsoir Thanos et merci pour ta réponse. Voici les trois rapports dans l'ordre : Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Version de la base de données: 3980 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 12/04/2010 19:06:47 mbam-log-2010-04-12 (19-06-47).txt Type d'examen: Examen complet (C:\|D:\|E:\|) Elément(s) analysé(s): 563894 Temps écoulé: 4 heure(s), 56 minute(s), 34 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) -------- Logfile of random's system information tool 1.06 (written by random/random) Run by Abdelwouhab at 2010-04-12 20:27:27 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 125 GB (55%) free of 229 GB Total RAM: 3069 MB (43% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:27:57, on 12/04/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Windows Defender\MSASCui.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Users\Abdelwouhab\AppData\Local\Google\Update\GoogleUpdate.exe C:\Windows\ehome\ehtray.exe C:\Program Files\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\REVAService.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe D:\Program Files\Extensis\Extensis Suitcase 11\Suitcase.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\wuauclt.exe C:\Program Files\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\IEUM.exe C:\Users\Abdelwouhab\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Abdelwouhab\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\Explorer.exe C:\Users\Abdelwouhab\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Abdelwouhab\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Abdelwouhab\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Users\Abdelwouhab\Desktop\RSIT.exe C:\Program Files\trend micro\Abdelwouhab.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Google Update] "C:\Users\Abdelwouhab\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [REVAService] C:\Program Files\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\REVAService.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe O4 - Global Startup: Suitcase 11.0.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Ajouter au fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://www.visiogood.com/jalss/cfweb_activ..._instmodule.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{780A1129-D75A-4668-9811-94D00D94E706}: NameServer = 192.168.60.55 192.168.50.55 O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- End of file - 16038 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1166402973-847651922-843378175-1001Core1ca5af79fc5dad5.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1166402973-847651922-843378175-1001UA.job C:\Windows\tasks\Norton Internet Security - Effectuer une analyse complète du système - adil.job C:\Windows\tasks\User_Feed_Synchronization-{EBD7EB76-308E-49E8-B948-C61F6122560A}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [2009-03-31 357744] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-07-29 116088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-02 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2009-03-31 357744] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800] "UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-12-24 222504] "QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-06-25 468264] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048] "QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-14 202032] "OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-11-01 554288] "HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912] "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-22 185632] "Acrobat Assistant 8.0"=D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992] ""= [] "Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552] "RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-06-08 236016] "SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-07-21 458844] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-10-03 13826664] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-30 437584] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-02-26 2289664] "Google Update"=C:\Users\Abdelwouhab\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-22 133104] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "REVAService"=C:\Program Files\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\REVAService.exe [2008-10-12 23040] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-22 39408] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2009-08-16 955392] "A
  9. abidou
    rebonsoir à tous, juste un petit clin d'oeil pour ne pas être oublié. merci à tous
  10. abidou
    Bonjour à toutes et à tous Depuis quelques semaines maintenant, mon ordinateur à un comportement vraiment anormal qui me laisse penser qu'il est peut-être infecté. Ce qui est vraiment notable comme problèmes rencontrés c'est : - Au démarrage, je reçois des notifications de mises à jour de logiciel (Adobe et Windows principalement) mais lorsque je clic sur mettre à jour, il n'y a rien à installer et le seul bouton que je peux cliquer c'est mettre à jour ultérieurement. - Certains programmes, liés principalement à internet (comme outlook ou mon gestionnaire de connexion) refuse de se fermer si je ne redémarre pas ma machine. - De temps en temps, sans que je ne fasse rien, les fichiers cachés réapparaissent tous seuls. voilà mon rapport hijackthis en comptant sur votre aide précieuse : ------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:33:31, on 08/04/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Windows Defender\MSASCui.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Users\Abdelwouhab\AppData\Local\Google\Update\GoogleUpdate.exe C:\Windows\ehome\ehtray.exe C:\Program Files\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\REVAService.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe D:\Program Files\Extensis\Extensis Suitcase 11\Suitcase.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\IEUM.exe C:\Windows\system32\wuauclt.exe C:\Users\Abdelwouhab\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Abdelwouhab\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Abdelwouhab\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Abdelwouhab\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Abdelwouhab\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Abdelwouhab\Documents\Downloads\hijackthis-2.0.2.75917.exe C:\Users\ABDELW~1\AppData\Local\Temp\hijackthis-2.0.2.75917.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Google Update] "C:\Users\Abdelwouhab\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [REVAService] C:\Program Files\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\REVAService.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe O4 - Global Startup: Suitcase 11.0.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Ajouter au fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://www.visiogood.com/jalss/cfweb_activ..._instmodule.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{780A1129-D75A-4668-9811-94D00D94E706}: NameServer = 192.168.60.55 192.168.50.55 O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- End of file - 15875 bytes
  11. abidou
    Bonjour Pear, Cela fait deux jours que je n'ai pas de nouvelles de vous concernant mon problème. J'espère que vous vous portez bien. Je tenais à vous à dire que malgré toutes les actions déjà effectuées, antivir continue de manière régulière à m'indiquer une infection par VundoGen. J'ai téléchargé VundoFix de Atribune et j'ai effectué un scan. Au début, j'ai fait le scan sans désactivé l'antivirus. l'utilitaire n'a rien détecté mais en scannant le répertoire System32 de windows, antivir s'est déchaîné et pas moins de 15 fenêtres se sont ouvertes pour m'indiquer que VundoGen Trojan a été détecté. Pourtant, à la fin du scan, VundoFix m'a indiqué qu'il n'avait trouvé aucun fichier infecté. Je me suis dit que cela était du à l'antivirus. j'ai donc refait le scan en désactivant antivir mais, idem, aucun fichier infecté. merci et à bientôt j'espère
  12. abidou
    Bonjour, je n'arrive pas à lancer l'update de JavaRa. lorsque je clic sur search, je reçois un message qui m'indique que je ne peux effectuer l'update avec les paramètres de connexion internet actifs de mon système. voici le rapport ComboFix: ComboFix 08-11-21.02 - abdelwouhab 2008-11-24 8:05:32.10 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1508 [GMT 0:00] Lancé depuis: c:\documents and settings\abdelwouhab.AWB.000\Bureau\Combo-Fix.exe Commutateurs utilisés :: c:\documents and settings\abdelwouhab.AWB.000\Bureau\CFScript.txt * Un nouveau point de restauration a été créé FILE :: C:\_OTMoveIt C:\lky.exe C:\ToolBar SD C:\whi.com . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\lky.exe C:\whi.com . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-24 au 2008-11-24 )))))))))))))))))))))))))))))))))))) . 2008-11-21 15:09 . 2008-11-21 15:09 <REP> d-------- c:\program files\Avira 2008-11-21 14:23 . 2008-11-21 14:23 <REP> d-------- C:\_OTMoveIt 2008-11-20 16:41 . 2008-11-20 16:42 <REP> d-------- C:\rsit 2008-11-20 16:41 . 2008-11-04 13:56 401,720 --a------ C:\abdelwouhab.exe 2008-11-13 21:27 . 2008-11-21 14:28 85,504 --------- c:\windows\system32\gasretyw1.dll 2008-11-04 19:07 . 2008-11-04 19:07 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-04 19:07 . 2008-11-04 19:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-04 19:07 . 2008-11-04 19:07 <REP> d-------- c:\documents and settings\abdelwouhab.AWB.000\Application Data\Malwarebytes 2008-11-04 19:07 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-04 19:07 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-04 13:56 . 2008-11-04 13:56 401,720 --a------ C:\HiJackThis.exe 2008-11-03 15:27 . 2008-11-21 14:44 <REP> d-------- C:\ToolBar SD 2008-11-03 15:19 . 2008-11-03 15:19 <REP> d-------- c:\documents and settings\Administrateur.AWB\Application Data\Thunderbird 2008-11-03 15:19 . 2008-11-03 15:19 <REP> d-------- c:\documents and settings\Administrateur.AWB\Application Data\Talkback 2008-11-03 14:55 . 2008-11-03 14:55 <REP> d-------- c:\documents and settings\Administrateur.AWB\Application Data\Bitdefender 2008-11-03 14:18 . 2008-11-03 14:18 <REP> d-------- c:\documents and settings\abdelwouhab.AWB.000\Application Data\MSNInstaller 2008-11-03 14:10 . 2008-11-03 14:10 <REP> d-------- c:\documents and settings\abdelwouhab.AWB.000\Application Data\Talkback 2008-11-03 12:28 . 2008-11-03 12:28 <REP> d-------- c:\documents and settings\abdelwouhab.AWB.000\Application Data\vlc 2008-11-03 11:53 . 2008-11-03 15:22 <REP> d-------- c:\program files\Mozilla Thunderbird 2008-11-03 11:53 . 2008-11-03 11:53 <REP> d-------- c:\documents and settings\abdelwouhab.AWB.000\Application Data\Thunderbird 2008-10-29 10:55 . 2008-10-29 10:56 <REP> d-------- c:\program files\McDonaldsFairies 2008-10-29 10:47 . 2008-10-29 10:48 <REP> d-------- c:\program files\McDonaldsDragons . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-24 08:04 81,984 ----a-w c:\windows\system32\bdod.bin 2008-11-21 15:09 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2008-11-11 05:25 --------- d-----w c:\documents and settings\abdelwouhab.AWB.000\Application Data\LimeWire 2008-11-03 14:21 --------- d-----w c:\program files\Planning Manager 2008-11-03 14:19 --------- d-----w c:\program files\Zelda Return of the Hylian 2008-11-03 14:19 --------- d-----w c:\program files\ZC2.10 2008-11-03 14:19 --------- d-----w c:\program files\solarus 2008-11-03 14:18 --------- d-----w c:\program files\AEBBadge 2008-11-03 14:15 --------- d-----w c:\program files\Sony 2008-11-03 14:07 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-11-03 14:01 --------- d-----w c:\program files\Awbgest2007 2008-11-03 13:02 --------- d-----w c:\program files\Fichiers communs\Adobe 2008-10-07 16:01 --------- d-----w c:\program files\Sun 2008-10-07 16:00 410,976 ----a-w c:\windows\system32\deploytk.dll 2008-10-07 16:00 --------- d-----w c:\program files\Java 2008-09-29 01:21 --------- d-----w c:\documents and settings\abdelwouhab.AWB.000\Application Data\Azureus 2007-12-06 01:32 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2007-02-12 19:10 2,682,880 ------w c:\documents and settings\All Users\VCREDI~3.EXE 2007-05-22 19:14 8,784 ----a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll 2007-05-22 19:17 245,408 ----a-w c:\program files\mozilla firefox\plugins\unicows.dll . ((((((((((((((((((((((((((((( snapshot@2008-11-03_18.31.39.71 ))))))))))))))))))))))))))))))))))))))))) . + 2008-05-09 13:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys + 2008-01-21 18:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys + 2008-06-27 15:03:55 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys + 2007-03-01 10:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys - 2008-10-21 14:12:16 3,297,576 ----a-w c:\windows\system32\FNTCACHE.DAT + 2008-11-21 15:27:56 3,315,008 ----a-w c:\windows\system32\FNTCACHE.DAT - 2008-11-03 18:20:29 215,230 ----a-w c:\windows\system32\inetsrv\MetaBase.bin + 2008-11-24 08:14:36 215,237 ----a-w c:\windows\system32\inetsrv\MetaBase.bin - 2008-11-03 14:57:56 90,496 ----a-w c:\windows\system32\perfc009.dat + 2008-11-18 13:58:29 90,496 ----a-w c:\windows\system32\perfc009.dat - 2008-11-03 14:57:56 106,198 ----a-w c:\windows\system32\perfc00C.dat + 2008-11-18 13:58:29 106,198 ----a-w c:\windows\system32\perfc00C.dat - 2008-11-03 14:57:56 490,688 ----a-w c:\windows\system32\perfh009.dat + 2008-11-18 13:58:29 490,688 ----a-w c:\windows\system32\perfh009.dat - 2008-11-03 14:57:56 564,264 ----a-w c:\windows\system32\perfh00C.dat + 2008-11-18 13:58:29 564,264 ----a-w c:\windows\system32\perfh00C.dat + 2008-11-24 08:14:23 16,384 ----atw c:\windows\temp\Perflib_Perfdata_71c.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-07 144792] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "atwtusb"="atwtusb.exe" [2005-09-21 c:\windows\system32\ATWTUSB.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-05-23 25214] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll [HKLM\~\startupfolder\C:^Documents and Settings^Abdelwouhab^Menu Démarrer^Programmes^Démarrage^CCC.lnk] path=c:\documents and settings\Abdelwouhab\Menu Démarrer\Programmes\Démarrage\CCC.lnk backup=c:\windows\pss\CCC.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Desktop Manager.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Desktop Manager.lnk backup=c:\windows\pss\Desktop Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DVD Check.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DVD Check.lnk backup=c:\windows\pss\DVD Check.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] --a------ 2008-04-23 02:08 483328 c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon] --a------ 2007-05-25 19:55 290816 c:\progra~1\Softwin\BITDEF~1\bdmcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 12:00 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-08-08 12:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-09-25 08:42 133104 c:\documents and settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWQTOOLBOX] --a------ 2005-06-03 05:18 335872 c:\program files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-04-27 09:25 257088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 16:24 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-04-27 07:41 282624 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2005-05-20 07:11 925696 c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 11:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 01:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2007-01-12 12:36 827392 c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2004-11-04 16:40 98394 c:\program files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-05-26 10:29 185896 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] --a------ 2006-03-31 11:58 184320 c:\program files\InterVideo\DVD Check\DVDCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LIVESRV"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Research In Motion\\BlackBerry\\DesktopMgr.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\Hewlett-Packard\\HP Deskjet 9800 Series\\Toolbox\\HPWQTBX.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "d:\\Football Manager 2005\\fm2005.exe"= R3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2007-05-23 88192] S1 aiptektp;HyperPen;c:\windows\system32\DRIVERS\aiptektp.sys [2008-02-26 22272] S3 HPFXBULK;HPFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [2006-06-12 9344] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{859a03a3-86fc-11dc-b93b-001a6b2a1035}] \Shell\AutoRun\command - F:\LaunchU3.exe . Contenu du dossier 'Tâches planifiées' 2008-11-24 c:\windows\Tasks\GoogleUpdateTaskUser.job - c:\documents and settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-25 08:42] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-24 08:14:59 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\scardsvr.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe c:\program files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe c:\program files\Softwin\BitDefender10\vsserv.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe . ************************************************************************** . Heure de fin: 2008-11-24 8:20:36 - La machine a redémarré ComboFix-quarantined-files.txt 2008-11-24 08:20:28 ComboFix2.txt 2008-11-21 19:15:23 ComboFix3.txt 2008-11-04 17:05:00 ComboFix4.txt 2008-11-04 16:46:13 ComboFix5.txt 2008-11-24 08:04:26 Avant-CF: 7,756,488,704 octets libres Après-CF: 7,741,558,784 octets libres 212
  13. abidou
    voilà le rapport : ComboFix 08-11-21.02 - abdelwouhab 2008-11-21 19:02:23.9 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1484 [GMT 0:00] Lancé depuis: c:\documents and settings\abdelwouhab.AWB.000\Bureau\Combo-Fix.exe * Un nouveau point de restauration a été créé * Resident AV is active . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\windows\system32\gasretyw0.dll D:\Autorun.inf D:\nq0cq.cmd . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-21 au 2008-11-21 )))))))))))))))))))))))))))))))))))) . 2008-11-21 15:09 . 2008-11-21 15:09 <REP> d-------- c:\program files\Avira 2008-11-21 14:23 . 2008-11-21 14:23 <REP> d-------- C:\_OTMoveIt 2008-11-20 16:41 . 2008-11-20 16:42 <REP> d-------- C:\rsit 2008-11-20 16:41 . 2008-11-04 13:56 401,720 --a------ C:\abdelwouhab.exe 2008-11-13 21:28 . 2008-11-11 17:58 109,736 -r-hs---- C:\lky.exe 2008-11-13 21:27 . 2008-11-21 14:28 85,504 --------- c:\windows\system32\gasretyw1.dll 2008-11-10 08:46 . 2008-11-10 08:46 110,031 -r-hs---- C:\whi.com 2008-11-04 19:07 . 2008-11-04 19:07 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-04 19:07 . 2008-11-04 19:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-04 19:07 . 2008-11-04 19:07 <REP> d-------- c:\documents and settings\abdelwouhab.AWB.000\Application Data\Malwarebytes 2008-11-04 19:07 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-04 19:07 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-04 13:56 . 2008-11-04 13:56 401,720 --a------ C:\HiJackThis.exe 2008-11-03 15:27 . 2008-11-21 14:44 <REP> d-------- C:\ToolBar SD 2008-11-03 15:19 . 2008-11-03 15:19 <REP> d-------- c:\documents and settings\Administrateur.AWB\Application Data\Thunderbird 2008-11-03 15:19 . 2008-11-03 15:19 <REP> d-------- c:\documents and settings\Administrateur.AWB\Application Data\Talkback 2008-11-03 14:55 . 2008-11-03 14:55 <REP> d-------- c:\documents and settings\Administrateur.AWB\Application Data\Bitdefender 2008-11-03 14:18 . 2008-11-03 14:18 <REP> d-------- c:\documents and settings\abdelwouhab.AWB.000\Application Data\MSNInstaller 2008-11-03 14:10 . 2008-11-03 14:10 <REP> d-------- c:\documents and settings\abdelwouhab.AWB.000\Application Data\Talkback 2008-11-03 12:28 . 2008-11-03 12:28 <REP> d-------- c:\documents and settings\abdelwouhab.AWB.000\Application Data\vlc 2008-11-03 11:53 . 2008-11-03 15:22 <REP> d-------- c:\program files\Mozilla Thunderbird 2008-11-03 11:53 . 2008-11-03 11:53 <REP> d-------- c:\documents and settings\abdelwouhab.AWB.000\Application Data\Thunderbird 2008-10-29 10:55 . 2008-10-29 10:56 <REP> d-------- c:\program files\McDonaldsFairies 2008-10-29 10:47 . 2008-10-29 10:48 <REP> d-------- c:\program files\McDonaldsDragons . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-21 19:07 81,984 ----a-w c:\windows\system32\bdod.bin 2008-11-21 15:09 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2008-11-11 05:25 --------- d-----w c:\documents and settings\abdelwouhab.AWB.000\Application Data\LimeWire 2008-11-03 14:21 --------- d-----w c:\program files\Planning Manager 2008-11-03 14:19 --------- d-----w c:\program files\Zelda Return of the Hylian 2008-11-03 14:19 --------- d-----w c:\program files\ZC2.10 2008-11-03 14:19 --------- d-----w c:\program files\solarus 2008-11-03 14:18 --------- d-----w c:\program files\AEBBadge 2008-11-03 14:15 --------- d-----w c:\program files\Sony 2008-11-03 14:07 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-11-03 14:01 --------- d-----w c:\program files\Awbgest2007 2008-11-03 13:02 --------- d-----w c:\program files\Fichiers communs\Adobe 2008-10-07 16:01 --------- d-----w c:\program files\Sun 2008-10-07 16:00 410,976 ----a-w c:\windows\system32\deploytk.dll 2008-10-07 16:00 --------- d-----w c:\program files\Java 2008-09-29 01:21 --------- d-----w c:\documents and settings\abdelwouhab.AWB.000\Application Data\Azureus 2007-12-06 01:32 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2007-02-12 19:10 2,682,880 ------w c:\documents and settings\All Users\VCREDI~3.EXE 2007-05-22 19:14 8,784 ----a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll 2007-05-22 19:17 245,408 ----a-w c:\program files\mozilla firefox\plugins\unicows.dll . ((((((((((((((((((((((((((((( snapshot@2008-11-03_18.31.39.71 ))))))))))))))))))))))))))))))))))))))))) . + 2008-05-09 13:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys + 2008-01-21 18:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys + 2008-06-27 15:03:55 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys + 2007-03-01 10:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys - 2008-10-21 14:12:16 3,297,576 ----a-w c:\windows\system32\FNTCACHE.DAT + 2008-11-21 15:27:56 3,315,008 ----a-w c:\windows\system32\FNTCACHE.DAT - 2008-11-03 18:20:29 215,230 ----a-w c:\windows\system32\inetsrv\MetaBase.bin + 2008-11-21 19:09:17 215,241 ----a-w c:\windows\system32\inetsrv\MetaBase.bin - 2008-11-03 14:57:56 90,496 ----a-w c:\windows\system32\perfc009.dat + 2008-11-18 13:58:29 90,496 ----a-w c:\windows\system32\perfc009.dat - 2008-11-03 14:57:56 106,198 ----a-w c:\windows\system32\perfc00C.dat + 2008-11-18 13:58:29 106,198 ----a-w c:\windows\system32\perfc00C.dat - 2008-11-03 14:57:56 490,688 ----a-w c:\windows\system32\perfh009.dat + 2008-11-18 13:58:29 490,688 ----a-w c:\windows\system32\perfh009.dat - 2008-11-03 14:57:56 564,264 ----a-w c:\windows\system32\perfh00C.dat + 2008-11-18 13:58:29 564,264 ----a-w c:\windows\system32\perfh00C.dat + 2008-11-21 19:09:05 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6f8.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-07 144792] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-05 160768] "atwtusb"="atwtusb.exe" [2005-09-21 c:\windows\system32\ATWTUSB.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-05-23 25214] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll [HKLM\~\startupfolder\C:^Documents and Settings^Abdelwouhab^Menu Démarrer^Programmes^Démarrage^CCC.lnk] path=c:\documents and settings\Abdelwouhab\Menu Démarrer\Programmes\Démarrage\CCC.lnk backup=c:\windows\pss\CCC.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Desktop Manager.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Desktop Manager.lnk backup=c:\windows\pss\Desktop Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DVD Check.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DVD Check.lnk backup=c:\windows\pss\DVD Check.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] --a------ 2008-04-23 02:08 483328 c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon] --a------ 2007-05-25 19:55 290816 c:\progra~1\Softwin\BITDEF~1\bdmcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 12:00 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-08-08 12:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-09-25 08:42 133104 c:\documents and settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWQTOOLBOX] --a------ 2005-06-03 05:18 335872 c:\program files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-04-27 09:25 257088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 16:24 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-04-27 07:41 282624 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2005-05-20 07:11 925696 c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 11:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 01:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2007-01-12 12:36 827392 c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2004-11-04 16:40 98394 c:\program files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-05-26 10:29 185896 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] --a------ 2006-03-31 11:58 184320 c:\program files\InterVideo\DVD Check\DVDCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LIVESRV"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Research In Motion\\BlackBerry\\DesktopMgr.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\Hewlett-Packard\\HP Deskjet 9800 Series\\Toolbox\\HPWQTBX.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "d:\\Football Manager 2005\\fm2005.exe"= R3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2007-05-23 88192] S1 aiptektp;HyperPen;c:\windows\system32\DRIVERS\aiptektp.sys [2008-02-26 22272] S3 HPFXBULK;HPFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [2006-06-12 9344] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{859a03a3-86fc-11dc-b93b-001a6b2a1035}] \Shell\AutoRun\command - F:\LaunchU3.exe . Contenu du dossier 'Tâches planifiées' 2008-11-21 c:\windows\Tasks\GoogleUpdateTaskUser.job - c:\documents and settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-25 08:42] . . ------- Examen supplémentaire ------- . FireFox -: Profile - c:\documents and settings\abdelwouhab.AWB.000\Application Data\Mozilla\Firefox\Profiles\ow11qawf.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/default FF -: plugin - c:\documents and settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll FF -: plugin - c:\progra~1\MOZILL~1\plugins\np32dsw.dll FF -: plugin - c:\progra~1\MOZILL~1\plugins\npdeploytk.dll FF -: plugin - c:\progra~1\MOZILL~1\plugins\npdivx32.dll FF -: plugin - c:\progra~1\MOZILL~1\plugins\npDivxPlayerPlugin.dll FF -: plugin - c:\progra~1\MOZILL~1\plugins\npnul32.dll FF -: plugin - c:\progra~1\MOZILL~1\plugins\NPOFF12.DLL FF -: plugin - c:\progra~1\MOZILL~1\plugins\nppdf32.dll FF -: plugin - c:\progra~1\MOZILL~1\plugins\nppl3260.dll FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin.dll FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin2.dll FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin3.dll FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin4.dll FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin5.dll FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin6.dll FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin7.dll FF -: plugin - c:\progra~1\MOZILL~1\plugins\npRACtrl.dll FF -: plugin - c:\progra~1\MOZILL~1\plugins\nprjplug.dll FF -: plugin - c:\progra~1\MOZILL~1\plugins\nprpjplug.dll FF -: plugin - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-21 19:09:28 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\scardsvr.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe c:\program files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe c:\program files\Softwin\BitDefender10\vsserv.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe . ************************************************************************** . Heure de fin: 2008-11-21 19:15:17 - La machine a redémarré ComboFix-quarantined-files.txt 2008-11-21 19:15:09 ComboFix2.txt 2008-11-04 17:05:00 ComboFix3.txt 2008-11-04 16:46:13 ComboFix4.txt 2008-11-04 15:26:15 ComboFix5.txt 2008-11-21 19:00:27 Avant-CF: 7,832,936,448 octets libres Après-CF: 7,822,278,656 octets libres 241
  14. abidou
    Bonsoir et ouffff !!! J'ai eu beaucoup de mal à faire tous ce que vous m'avez demandé. Alors, pour résumé, il m'est impossible de redémarrer en mode sans échec. Quand je veux le faire, je me retrouve avec un écran noir et un petit curseur blanc qui clignote en haut à gauche. j'ai télécharger avira et je suis passé par msconfig pour désactiver bit defender au démarrage, j'ai redémarré en mode normal et j'ai voulu mettre à jour avira mais à chaque fois mon ordinateur a planté après m'avoir signalé la présence d'un trojan. comme j'ai vu que la définition des virus ne datait que de 3 jours, j'ai quand-même décidé de faire 1 scan en mode normal. alors voilà les rapports demandés : Rapport OTMoveIt3 : ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== FILES ========== File/Folder G:\lky.exe not found. File/Folder G:\nq0cq.cmd not found. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4abedad8-af0f-11dd-ba2f-0016d4c31e3a}\\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4abedad9-af0f-11dd-ba2f-0016d4c31e3a}\\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ee07ec1-a7f1-11dc-b952-0016d4c31e3a}\\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7a7b4a1-aabb-11dd-ba2c-0016d4c31e3a}\\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2e510d1-9442-11dc-b948-0016d4c31e3a}\\ deleted successfully. ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_734.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11212008_142404 Files moved on Reboot... File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File C:\WINDOWS\temp\Perflib_Perfdata_734.dat not found! Rapports Toolbar-S&D 1 : -----------\\ ToolBar S&D 1.2.4 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Intel® Core2 CPU T7200 @ 2.00GHz ) BIOS : KBC Version 54.3C USER : abdelwouhab ( Administrator ) BOOT : Normal boot Antivirus : Bitdefender Antivirus 8.0 (Activated) Firewall : Bitdefender Firewall 8.0 (Activated) C:\ (Local Disk) - NTFS - Total:40 Go (Free:6 Go) D:\ (Local Disk) - NTFS - Total:71 Go (Free:7 Go) E:\ (CD or DVD) F:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 ) Option : [1] ( 2008-11-21|14:39 ) -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (Abdelwouhab.AWB) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (Abdelwouhab.AWB) - {a8dd47cf-239f-48c4-8379-e6b4cbafdcfa} => blue_ice-1.2.4-fx -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.daemon-search.com/default"'>http://www.daemon-search.com/default" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/"'>http://www.msn.com/" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\ABDELW~1.000\Mes documents\Azureus Downloads\Top2000.2007.1801-2000\1893 Neil Diamond - Cracklin' Rosie.mp3 C:\DOCUME~1\ALLUSE~1\Menu D‚marrer\Programmes\AbuAzmy&Medo_Illustrator\Uninstall Adobe Illustrator CS2 ME Crack.lnk 1 - "C:\ToolBar SD\TB_1.txt" - 03/11/2008|15:33 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 03/11/2008|15:40 - Option : [2] 3 - "C:\ToolBar SD\TB_3.txt" - 2008-11-21|14:33 - Option : [1] 4 - "C:\ToolBar SD\TB_4.txt" - 2008-11-21|14:36 - Option : [2] 5 - "C:\ToolBar SD\TB_5.txt" - 2008-11-21|14:40 - Option : [1] -----------\\ Fin du rapport a 14:40:56.53 Rapports Toolbar-S&D 2 : -----------\\ ToolBar S&D 1.2.4 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Intel® Core2 CPU T7200 @ 2.00GHz ) BIOS : KBC Version 54.3C USER : abdelwouhab ( Administrator ) BOOT : Normal boot Antivirus : Bitdefender Antivirus 8.0 (Activated) Firewall : Bitdefender Firewall 8.0 (Activated) C:\ (Local Disk) - NTFS - Total:40 Go (Free:6 Go) D:\ (Local Disk) - NTFS - Total:71 Go (Free:7 Go) E:\ (CD or DVD) F:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 ) Option : [2] ( 2008-11-21|14:33 ) -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (Abdelwouhab.AWB) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (Abdelwouhab.AWB) - {a8dd47cf-239f-48c4-8379-e6b4cbafdcfa} => blue_ice-1.2.4-fx -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.daemon-search.com/default" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\ABDELW~1.000\Mes documents\Azureus Downloads\Top2000.2007.1801-2000\1893 Neil Diamond - Cracklin' Rosie.mp3 C:\DOCUME~1\ALLUSE~1\Menu D‚marrer\Programmes\AbuAzmy&Medo_Illustrator\Uninstall Adobe Illustrator CS2 ME Crack.lnk 1 - "C:\ToolBar SD\TB_1.txt" - 03/11/2008|15:33 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 03/11/2008|15:40 - Option : [2] 3 - "C:\ToolBar SD\TB_3.txt" - 2008-11-21|14:33 - Option : [1] 4 - "C:\ToolBar SD\TB_4.txt" - 2008-11-21|14:36 - Option : [2] -----------\\ Fin du rapport a 14:36:26.06 Rapport Avira : Avira AntiVir Personal Report file date: vendredi 21 novembre 2008 15:40 Scanning for 1369550 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: DIRECTEUR Version information: BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 10:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 09:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 14:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 09:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 12:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 15:54:15 ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 07:20:53 ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 11:24:47 Engineversion : 8.2.0.4 AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 12:05:56 AESCRIPT.DLL : 8.1.1.8 319866 Bytes 16/10/2008 13:43:34 AESCN.DLL : 8.1.1.3 123252 Bytes 14/10/2008 12:05:56 AERDL.DLL : 8.1.1.2 438644 Bytes 12/09/2008 08:06:02 AEPACK.DLL : 8.1.2.4 369014 Bytes 14/10/2008 12:05:56 AEOFFICE.DLL : 8.1.0.28 196987 Bytes 14/10/2008 12:05:56 AEHEUR.DLL : 8.1.0.59 1438071 Bytes 18/09/2008 11:07:50 AEHELP.DLL : 8.1.1.2 115062 Bytes 14/10/2008 12:05:56 AEGEN.DLL : 8.1.0.41 319861 Bytes 14/10/2008 12:05:56 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 12:05:56 AECORE.DLL : 8.1.2.6 172406 Bytes 14/10/2008 12:05:56 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 12:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 10:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 11:28:01 AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 16:35:20 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 13:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 10:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 14:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 19:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 14:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 14:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 15:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 15:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: repair Secondary action.................: delete Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: vendredi 21 novembre 2008 15:40 Starting search for hidden objects. '54172' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'vsserv.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'ATWTUSB.EXE' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'bdss.exe' - '1' Module(s) have been scanned Scan process 'xcommsvr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'mdm.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'inetinfo.exe' - '1' Module(s) have been scanned Scan process 'btwdins.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'scardsvr.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 33 processes with 33 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '47' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP10\A0007201.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] A backup was created as '4956e4d6.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4956e4d7.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0007242.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] A backup was created as '4956e4db.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4bd40874.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0008242.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] A backup was created as '4956e4e1.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4bd4084a.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0008243.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e4e4.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4bd4084d.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0009244.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e4e6.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4bd4084f.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0009246.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e4ea.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4bd30843.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0010243.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e4ed.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4bd30846.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0010246.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e4f0.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4bd30859.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0010250.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e4f2.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4bd3085b.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0010251.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e4f8.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4bd30851.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP12\A0010272.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e4ff.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4bd309a8.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP13\A0010276.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e507.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4bd309a0.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP14\A0010280.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e50d.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4bd309a6.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP14\A0012358.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e514.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4bd309bd.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP14\A0012360.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e519.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4bd309b2.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP15\A0012512.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e524.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b29098d.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012675.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e52b.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b290984.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012679.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] A backup was created as '4956e530.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b290999.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012680.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] A backup was created as '4956e535.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b29099e.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012681.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] A backup was created as '4956e53b.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b290994.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012682.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] A backup was created as '4956e540.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b2909e9.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012683.cmd [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] A backup was created as '4956e545.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b2909ee.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012692.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e54b.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b2909e4.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012693.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e550.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b2909f9.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012699.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e556.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b2909ff.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0013706.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e574.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b2909dd.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0013708.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4876e55d.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4956e576.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0013712.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e575.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b2909de.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0013713.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] A backup was created as '4876e55f.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b2909df.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0015709.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] A backup was created as '4956e577.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b2909d0.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0015714.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] A backup was created as '4956e57c.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b2909d5.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0015715.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e57d.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b2909d6.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0015805.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] A backup was created as '4956e583.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b29092c.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0015806.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e585.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b29092e.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP17\A0015916.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e596.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4956e597.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP17\A0015933.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] A backup was created as '4956e599.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b290932.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP17\A0015935.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e59c.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b290935.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP17\A0015939.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e59e.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b290937.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP17\A0015940.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] A backup was created as '4956e5a0.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b290909.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP18\A0015956.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e5a4.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b29090d.qua' ( QUARANTINE ) C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP18\A0015960.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956e5a6.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b29090f.qua' ( QUARANTINE ) C:\WINDOWS\system32\gasretyw0.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] A backup was created as '4999e810.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4be70d19.qua' ( QUARANTINE ) C:\WINDOWS\system32\gasretyw1.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] A backup was created as '4999e816.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4be70d1f.qua' ( QUARANTINE ) C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <AWB-DOCS> D:\nq0cq.cmd [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted) [NOTE] A backup was created as '4956e91f.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4956e920.qua' ( QUARANTINE ) D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0008245.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956f01e.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4956f01f.qua' ( QUARANTINE ) D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0009248.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956f024.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b291c8d.qua' ( QUARANTINE ) D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0010248.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956f02a.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b291c83.qua' ( QUARANTINE ) D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP12\A0010274.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956f02f.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b291c98.qua' ( QUARANTINE ) D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP13\A0010278.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956f035.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b291c9e.qua' ( QUARANTINE ) D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP14\A0010282.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956f038.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b291c91.qua' ( QUARANTINE ) D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP14\A0012362.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956f03f.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4956f040.qua' ( QUARANTINE ) D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP15\A0012514.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956f047.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b291ce0.qua' ( QUARANTINE ) D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012677.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956f05a.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b291cf3.qua' ( QUARANTINE ) D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012695.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956f05c.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b291cf5.qua' ( QUARANTINE ) D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0013710.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956f05e.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b291cf7.qua' ( QUARANTINE ) D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0015717.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956f060.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b291cc9.qua' ( QUARANTINE ) D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0015808.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956f064.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b291ccd.qua' ( QUARANTINE ) D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP17\A0015918.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956f068.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b291cc1.qua' ( QUARANTINE ) D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP17\A0015937.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956f06a.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4956f06b.qua' ( QUARANTINE ) D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP18\A0015958.bat [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '4956f06d.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b291cc6.qua' ( QUARANTINE ) End of the scan: vendredi 21 novembre 2008 17:33 Used time: 1:52:43 Hour(s) The scan has been done completely. 14528 Scanning directories 444257 Files were scanned 60 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 120 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 444195 Files not concerned 9296 Archives were scanned 2 Warnings 60 Notes 54172 Objects were scanned with rootkit scan 0 Hidden objects were found
  15. abidou
    > bonsoir, désolé pour l'attente, j'étais entrain de vérifier la mémoire avec memtest. A ce propos tout est ok de ce côté là. > pour bit defender, dois-je le réinstaller ? puis-je en réinstaller un autre à la place : Mc Afee ? que me conseillez-vous ? > je n'ai pas très bien compris pour le truc ubcd. dois-je installer un utilitaire et l'exécuter ? > voici les deux rapports demandés.... pendant le scan, une fenêtre est apparue me demandant d'autoriser l'exécution d'un fichier nommé avec mon prénom et suivi de l'extension .exe. j'ai refusé. aurais-je du accepter ? log.txt : Logfile of random's system information tool 1.04 (written by random/random) Run by abdelwouhab at 2008-11-20 16:41:20 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 697 MB (2%) free of 41 GB Total RAM: 2047 MB (72% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:33, on 2008-11-20 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\WINDOWS\system32\atwtusb.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wuauclt.exe C:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/default R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179924545062 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = awb.editions O17 - HKLM\Software\..\Telephony: DomainName = awb.editions O17 - HKLM\System\CCS\Services\Tcpip\..\{299BE4D7-CB42-4306-9DF3-EDABD8425578}: NameServer = 212.217.0.1,212.217.0.12 O17 - HKLM\System\CCS\Services\Tcpip\..\{637022E5-9147-4173-8EBD-396F77D4EB2D}: NameServer = 192.168.1.100,212.217.0.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = awb.editions O17 - HKLM\System\CS1\Services\Tcpip\..\{299BE4D7-CB42-4306-9DF3-EDABD8425578}: NameServer = 212.217.0.1,212.217.0.12 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = awb.editions O17 - HKLM\System\CS2\Services\Tcpip\..\{299BE4D7-CB42-4306-9DF3-EDABD8425578}: NameServer = 212.217.0.1,212.217.0.12 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 8770 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUser.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-07 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-07 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-07 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624] "BDMCon"=C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe [2007-05-25 290816] "atwtusb"=atwtusb.exe beta [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-07 144792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952] "Google Update"=C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-25 133104] "kamsoft"=C:\WINDOWS\system32\kamsoft.exe [2008-11-20 106626] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWQTOOLBOX] C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe [2005-06-03 335872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2007-04-27 257088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-12 827392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-11-04 98394] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2007-05-26 185896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2006-03-31 184320] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Abdelwouhab^Menu Démarrer^Programmes^Démarrage^CCC.lnk] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\CCC.exe [2006-09-29 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk] C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-05-12 25214] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk] C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk] C:\PROGRA~1\WIDCOMM\LOGICI~1\BTTray.exe [2006-02-15 581693] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Desktop Manager.lnk] C:\PROGRA~1\RESEAR~1\BLACKB~1\DESKTO~1.EXE [2006-08-27 1114217] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DVD Check.lnk] C:\PROGRA~1\INTERV~1\DVDCHE~1\DVDCheck.exe [2006-03-31 184320] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="sockspy.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe"="C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe:*:Enabled:Handheld Tools Desktop Manager" "C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer" "C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe"="C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe:*:Enabled:Toolbox for HP Printing System for Windows" "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus" "C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "D:\Football Manager 2005\fm2005.exe"="D:\Football Manager 2005\fm2005.exe:*:Enabled:Football Manager 2005" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4abedad8-af0f-11dd-ba2f-0016d4c31e3a}] shell\AutoRun\command - G:\lky.exe shell\explore\command - G:\lky.exe shell\open\command - G:\lky.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4abedad9-af0f-11dd-ba2f-0016d4c31e3a}] shell\AutoRun\command - G:\lky.exe shell\explore\command - G:\lky.exe shell\open\command - G:\lky.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ee07ec1-a7f1-11dc-b952-0016d4c31e3a}] shell\AutoRun\command - G:\lky.exe shell\explore\command - G:\lky.exe shell\open\command - G:\lky.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{859a03a3-86fc-11dc-b93b-001a6b2a1035}] shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7a7b4a1-aabb-11dd-ba2c-0016d4c31e3a}] shell\AutoRun\command - G:\nq0cq.cmd shell\explore\command - G:\nq0cq.cmd shell\open\command - G:\nq0cq.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2e510d1-9442-11dc-b948-0016d4c31e3a}] shell\AutoRun\command - G:\lky.exe shell\explore\command - G:\lky.exe shell\open\command - G:\lky.exe ======File associations====== .js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" ======List of files/folders created in the last 1 months====== 2008-11-20 16:41:22 ----A---- C:\abdelwouhab.exe 2008-11-20 16:41:20 ----D---- C:\rsit 2008-11-19 22:11:24 ----RSH---- C:\abk.bat 2008-11-19 22:10:11 ----RSH---- C:\WINDOWS\system32\kamsoft.exe 2008-11-13 21:28:09 ----RSH---- C:\lky.exe 2008-11-13 21:27:41 ----RSH---- C:\WINDOWS\system32\gasretyw1.dll 2008-11-10 08:46:59 ----RSH---- C:\whi.com 2008-11-10 08:46:32 ----RSH---- C:\WINDOWS\system32\gasretyw0.dll 2008-11-06 12:28:43 ----SHD---- C:\RECYCLER 2008-11-04 19:07:16 ----D---- C:\Documents and Settings\abdelwouhab.AWB.000\Application Data\Malwarebytes 2008-11-04 19:07:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-11-04 19:07:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-11-04 17:05:00 ----A---- C:\ComboFix.txt 2008-11-04 16:50:22 ----D---- C:\WINDOWS\temp 2008-11-04 13:56:17 ----A---- C:\HiJackThis.exe 2008-11-03 18:08:59 ----A---- C:\Boot.bak 2008-11-03 18:08:48 ----RASHD---- C:\cmdcons 2008-11-03 18:05:39 ----A---- C:\WINDOWS\zip.exe 2008-11-03 18:05:39 ----A---- C:\WINDOWS\SWREG.exe 2008-11-03 18:05:39 ----A---- C:\WINDOWS\NIRCMD.exe 2008-11-03 18:05:39 ----A---- C:\WINDOWS\grep.exe 2008-11-03 18:05:38 ----A---- C:\WINDOWS\VFIND.exe 2008-11-03 18:05:38 ----A---- C:\WINDOWS\SWSC.exe 2008-11-03 18:05:38 ----A---- C:\WINDOWS\sed.exe 2008-11-03 18:05:38 ----A---- C:\WINDOWS\fdsv.exe 2008-11-03 18:05:37 ----A---- C:\WINDOWS\SWXCACLS.exe 2008-11-03 18:05:26 ----D---- C:\WINDOWS\ERDNT 2008-11-03 18:05:26 ----AD---- C:\Qoobox 2008-11-03 15:27:57 ----A---- C:\TB.txt 2008-11-03 15:27:36 ----D---- C:\ToolBar SD 2008-11-03 14:54:31 ----A---- C:\WINDOWS\OEWABLog.txt 2008-11-03 14:42:14 ----A---- C:\WINDOWS\ntbtlog.txt 2008-11-03 14:18:17 ----D---- C:\Documents and Settings\abdelwouhab.AWB.000\Application Data\MSNInstaller 2008-11-03 14:10:54 ----D---- C:\Documents and Settings\abdelwouhab.AWB.000\Application Data\Talkback 2008-11-03 12:28:24 ----D---- C:\Documents and Settings\abdelwouhab.AWB.000\Application Data\vlc 2008-11-03 11:53:21 ----D---- C:\Documents and Settings\abdelwouhab.AWB.000\Application Data\Thunderbird 2008-11-03 11:53:04 ----D---- C:\Program Files\Mozilla Thunderbird 2008-10-29 10:55:36 ----D---- C:\Program Files\McDonaldsFairies 2008-10-29 10:47:35 ----D---- C:\Program Files\McDonaldsDragons ======List of files/folders modified in the last 1 months====== 2008-11-20 16:42:14 ----D---- C:\WINDOWS\system32\inetsrv 2008-11-20 16:41:26 ----D---- C:\WINDOWS\Prefetch 2008-11-20 16:38:21 ----D---- C:\WINDOWS\system32 2008-11-20 16:38:15 ----D---- C:\WINDOWS\system32\drivers 2008-11-20 14:59:57 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-20 14:59:43 ----D---- C:\Outlook 2008-11-20 14:29:52 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-20 10:10:20 ----SD---- C:\WINDOWS\Tasks 2008-11-20 10:04:38 ----D---- C:\WINDOWS 2008-11-19 21:58:49 ----D---- C:\WINDOWS\security 2008-11-19 21:51:50 ----RD---- C:\Program Files 2008-11-19 19:35:55 ----RSD---- C:\WINDOWS\Fonts 2008-11-18 18:57:48 ----D---- C:\Documents and Settings\abdelwouhab.AWB.000\Application Data\Adobe 2008-11-18 18:43:35 ----D---- C:\Program Files\Mozilla Firefox 2008-11-18 13:58:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-11-11 05:25:55 ----D---- C:\Documents and Settings\abdelwouhab.AWB.000\Application Data\LimeWire 2008-11-11 03:29:35 ----D---- C:\WINDOWS\system32\Restore 2008-11-06 15:16:25 ----A---- C:\WINDOWS\win.ini 2008-11-04 16:58:15 ----A---- C:\WINDOWS\system.ini 2008-11-04 16:50:09 ----D---- C:\WINDOWS\AppPatch 2008-11-04 16:50:09 ----D---- C:\Program Files\Fichiers communs 2008-11-03 18:08:59 ----RASH---- C:\boot.ini 2008-11-03 18:05:34 ----SHD---- C:\System Volume Information 2008-11-03 14:54:44 ----SHD---- C:\WINDOWS\Installer 2008-11-03 14:54:44 ----SHD---- C:\Config.Msi 2008-11-03 14:26:16 ----D---- C:\Inetpub 2008-11-03 14:21:44 ----D---- C:\Program Files\Planning Manager 2008-11-03 14:19:35 ----D---- C:\Program Files\ZC2.10 2008-11-03 14:19:20 ----D---- C:\Program Files\Zelda Return of the Hylian 2008-11-03 14:19:05 ----D---- C:\Program Files\solarus 2008-11-03 14:18:43 ----D---- C:\Program Files\AEBBadge 2008-11-03 14:18:22 ----D---- C:\Program Files\MSN 2008-11-03 14:15:01 ----D---- C:\Program Files\Sony 2008-11-03 14:07:02 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-11-03 14:04:05 ----A---- C:\WINDOWS\ODBC.INI 2008-11-03 14:01:51 ----D---- C:\Program Files\eMule 2008-11-03 14:01:08 ----D---- C:\Program Files\Awbgest2007 2008-11-03 13:02:03 ----D---- C:\Program Files\Fichiers communs\Adobe 2008-11-03 11:53:26 ----D---- C:\Documents and Settings\abdelwouhab.AWB.000\Application Data\Mozilla 2008-10-26 19:11:17 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 bdpredir;bdpredir; \??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys [] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832] R2 BDRSDRV;BDRSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys [] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-01-09 22016] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128] R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-03-02 1972224] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-01-12 142720] R3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys [] R3 BDFSDRV;BDFSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys [] R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-02-15 1342570] R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2006-04-06 88192] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-04-26 988032] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-04-26 210816] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-08-11 14604] R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-06-30 26752] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-05 5888] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-05 67584] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-01-12 201856] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-07-06 168448] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-04-26 731136] S1 aiptektp;HyperPen; C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 22272] S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128] S3 aq1azmbd;aq1azmbd; C:\WINDOWS\system32\drivers\aq1azmbd.sys [] S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800] S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912] S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2006-02-15 401664] S3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-02-15 30363] S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-02-15 148168] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-15 57096] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-06-12 9344] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 NETw4x32;Pilote de carte Intel® Wireless WiFi Link pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-03-01 2203520] S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824] S3 RimUsb;Appareil BlackBerry; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-07-13 22528] S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-05 11136] S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-05 10240] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-02-20 27936] S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS [] S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-04 611664] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-03-02 446464] R2 bdss;BitDefender Scan Server; C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe [2007-05-25 81920] R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2006-02-15 258103] R2 IISADMIN;Administration IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-07 147456] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872] R2 VSSERV;BitDefender Virus Shield; C:\Program Files\Softwin\BitDefender10\vsserv.exe [2007-10-26 462848] R2 W3SVC;Publication World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872] R2 XCOMM;BitDefender Communicator; C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe [2006-11-09 86016] S2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe /service [] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-05-23 72704] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376] S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2007-04-27 500800] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880] -----------------EOF----------------- info.txt : info.txt logfile of random's system information tool 1.04 2008-11-20 16:42:40 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} -->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} -->msiexec /i {46548E80-0409-0000-7E8A-45000F855001} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf A9Converter-->MsiExec.exe /I{0D71EC64-26F3-4622-B01C-8311DB5303A8} Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103} Adobe Common File Installer-->MsiExec.exe /I{0CDCBF14-0BAE-45D6-8985-E48F66F22C81} Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=e:\adobe creative suite 2.0/lang=0409 Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903} Adobe Illustrator CS2 ME Crack 1.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Adobe\Adobe Illustrator CS2 Tryout\Support Files\Contents\Windows\irunin.ini" Adobe Illustrator CS2-->msiexec /I {AD05F1FF-F284-402D-952A-ABCA6A6063FB} Adobe InDesign CS2 Trial-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101} Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110} Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A} Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant Publication de sites Web Microsoft 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0 ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe BitDefender Antivirus Plus v10-->MsiExec.exe /I{66307F14-2FD2-4BCD-AA0B-F0E0BC60B044} BlackBerry Desktop Software 4.2-->MsiExec.exe /I{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA} BlackBerry Desktop Software 4.2-->MsiExec.exe /i{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA} ccc-Branding-->MsiExec.exe /I{426C7CC1-5AC3-4758-A40C-6446F2CEA8C9} Client Windows Rights Management avec Service Pack 2-->MsiExec.exe /X{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2} Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Correctif Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Correctif Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe Dia (supprimer uniquement)-->C:\Program Files\Dia\dia-0.96.1-7-uninstall.exe DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Easy Clean 2007 v3.00-->"C:\Program Files\Emjysoft\EasyClean\unins000.exe" EasyPHP 1.8-->"C:\Program Files\EasyPHP1-8\unins000.exe" FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe" HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA_hpq0033m\UIU32m.exe -U -Ihpq0033m.inf HijackThis 2.0.2-->"C:\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows XP (KB890927)-->"C:\WINDOWS\$NtUninstallKB890927$\spuninst\spuninst.exe" Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe" Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe" HP BatteryCheck 1.00 A7-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69DAC00A-7665-4E9B-B441-093D40736429}\setup.exe" -l0x9 -removeonly uninst HP Deskjet 9800 Series-->C:\Program Files\Hewlett-Packard\hp deskjet 9800 series\Installer\setup.exe /x HP Deskjet 9800-->msiexec /x{CE33EC58-5DFB-4560-9D33-1E7942E0554F} HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679} InterVideo DVD Check-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL iTunes-->MsiExec.exe /I{3592F5CB-B524-43AA-92F2-2377268199CC} Java 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe" Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA} Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MaxiCompte-->"C:\Program Files\MaxiCompte\unins000.exe" McDonald's Dragons-->C:\Program Files\McDonaldsDragons\uninstall.exe McDonald's Fairies-->C:\Program Files\McDonaldsFairies\uninstall.exe Microplus Manager 2007-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Manager\ST6UNST.LOG" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659} Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE} Microsoft Office Visio Professional 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL Microsoft Office Visio Professional 2007-->MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual Basic 6.0 Édition Entreprise (Français)-->"C:\Program Files\Microsoft Visual Studio\VB98\Setup\1036\Setup.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour de sécurité pour Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe Montpellier Business Plan Classic-->MsiExec.exe /I{EDA1C1F7-F27E-4B20-B9BC-39964452DBB1} Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MP3 WAV Converter 3.26-->C:\PROGRA~1\MP3WAV~1\UNWISE.EXE C:\PROGRA~1\MP3WAV~1\INSTALL.LOG MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44} OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74} Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" PixiePack Codec Pack-->MsiExec.exe /I{61E3FE32-07B9-4563-A3E0-2DE2D620FE10} QALITEL logigramme-->C:\SCOQI\QLOGIG~1\UNWISE.EXE C:\SCOQI\QLOGIG~1\INSTALL.LOG QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328} RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Security Update for Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} Security Update pour Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sony Noise Reduction Plug-In 2.0e-->MsiExec.exe /X{D533C9D4-ED96-4191-B9C3-279C0DD6BABA} SP2 de compatibilité descendante du client Windows Rights Management-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}\setup.exe -runfromtemp -l0x040c VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494} Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836} Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} Wireless Tablet Series-->Rmtablet KNL XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" X'nBeep 1.1-->"C:\Program Files\X'nBeep 1.1\unins000.exe" ======Security center information====== AV: Bitdefender Antivirus (outdated) FW: Bitdefender Firewall ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Adobe\AGL "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=0f06 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SonicCentral"=C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\ "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip -----------------EOF-----------------
×
×
  • Créer...