alec

C'est Windows Xp tout simple + mise a jours Service Pack 3 juste après le formatage. De mémoire, mon problème est apparus déjà un peu avant, quand j'avais juste le SP1. Donc je pense pas que le sp3 soit en cause. Pour Secuser, j avais en effet lu ça sur leur FAQ, mais rien y fait : y a 1 semaine j'arrivais a lancer leur scan antivirus, et depuis 3 jours, ce message : " Either your browser does not support the object element or an error occurred while downloading the object. Unable to load the HouseCall ActiveX control " rah je sais pas quoi faire ha : ahhh j'ai refais les manup et ca marche !!! Secuser scan en cours ! je vous tiens au courant ! Bonne soirée

Bien le bonsoir Depuis 3 semaines j'ai un gros problème : ma connexion internet est terriblement lente ( divisé par deux ) Orange n'a rien détecté, et avant de les menacer de résiliation pour qu'ils se bouge un peu, j'aimerais être sur que le problème ne vienne pas de mon pc. J'aurais bien voulu faire un scan de virus Secuser, mais il refuse systématiquement de m'installer le truc ActiveX. Voici un rapport HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:16:22, on 26/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Windows\LClock\lclock.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe E:\GTA IV\Rockstar Games Social Club\1_1_3_0\RGSC.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LClock] C:\Windows\LClock\lclock.exe O4 - HKCU\..\Run: [RGSC] E:\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [Win_SP3] %systemroot%\end.cmd (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [Win_SP3] %systemroot%\end.cmd (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [Win_SP3] %systemroot%\end.cmd (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [Win_SP3] %systemroot%\end.cmd (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://E:\suite ADOBE pro\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7811 bytes -------------------------------------------------- merci d'avance !

je n'avais pas vu ton dernier message oui en effet, pas de pare feu ni d'anti virus. Cependant, je me pose la question : si on évite les sites douteux ( les mecs devrait sans doute voir de quoi je parle >_< ) et autres débilités du style les virus MSN, le risque d'infection n'est il pas proche de zéro ? L'accumulation d'anti spy + antivirus n'est elle pas trop gourmande en ressource ? car je suis un joueur PC, et du coup c'est pénible dans les jeux si y a des appli en arrière plan qui pompent bcp de ressources En attendant ta réponse, je vais toutefois installer tout ce que tu me conseilles, merci !

visiblement oui ca roule Vous apportez une aide précieuse a la communauté, je ne peux que vous encourager a continuer dans ce sens Merci sincèrement pour tout !

pas de retour visible rapport hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:21:09, on 21/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\lclock.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\svchost.exe E:\3D Studio max\mentalray\satellite\raysat_3dsmax9_32server.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\mIRC\mirc.exe E:\Half life 2\steam\Steam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LClock] lclock.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\alec\Application Data\Mozilla\Firefox\Profiles\ohp7hjkv.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\alec\Application Data\Mozilla\Firefox\Profiles/ohp7hjkv.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [end] %systemroot%\end.cmd (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [end] %systemroot%\end.cmd (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [end] %systemroot%\end.cmd (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [end] %systemroot%\end.cmd (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - E:\3D Studio max\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe -- End of file - 10326 bytes

edit : ah bon, j'ai rien dis, visiblement après reboot, pas de trace de notre amis. charge dédiée normale ! je laisse tourner ca la nuit et je vous tiens au courant demain matin ! En tout cas un gros merci, j'aime beaucoup cette esprit communautaire de partage et d'entraide =) bonne nuit

voici le " petit " rapport obtenu : C:\WINDOWS\system32\6I8SqPCs.exe moved successfully. < EmptyTemp > Temp folders emptied. IE temp folders emptied. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07212008_011515

option 2 effectué, voici le nouveau rapport SmitFraudFix v2.330 Rapport fait à 1:05:03,14, 21/07/2008 Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\Tasks\At?.job supprimé C:\WINDOWS\Tasks\At??.job supprimé »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D556CFB-7B67-4B02-96DC-E1150190FD8F}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D556CFB-7B67-4B02-96DC-E1150190FD8F}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{9D556CFB-7B67-4B02-96DC-E1150190FD8F}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

voici le rapport SmitFraudFix v2.330 Rapport fait à 0:53:14,12, 21/07/2008 Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\lclock.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Wireless LAN Utility\SiWake.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\svchost.exe E:\3D Studio max\mentalray\satellite\raysat_3dsmax9_32server.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\6I8SqPCs.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Mozilla Firefox\firefox.exe c:\program files\winamp\winamp.exe C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\Tasks\At?.job PRESENT ! C:\WINDOWS\Tasks\At??.job PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\alec »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\alec\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\alec\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D556CFB-7B67-4B02-96DC-E1150190FD8F}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D556CFB-7B67-4B02-96DC-E1150190FD8F}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{9D556CFB-7B67-4B02-96DC-E1150190FD8F}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

merci bcp pour ton aide voici les rapports demandé : MAIN Deckard's System Scanner v20071014.68 Run by alec on 2008-07-21 00:16:16 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2008-07-20 22:16:20 UTC - RP1 - Point de vérification système Backed up registry hives. Performed disk cleanup. System Drive C: has 0.39 GiB (less than 15%) free. -- HijackThis (run as alec.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:17:32, on 21/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\lclock.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Wireless LAN Utility\SiWake.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\svchost.exe E:\3D Studio max\mentalray\satellite\raysat_3dsmax9_32server.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\6I8SqPCs.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Documents and Settings\alec\Bureau\dss.exe C:\WINDOWS\system32\notepad.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\alec.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LClock] lclock.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\alec\Application Data\Mozilla\Firefox\Profiles\ohp7hjkv.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\alec\Application Data\Mozilla\Firefox\Profiles/ohp7hjkv.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [end] %systemroot%\end.cmd (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [end] %systemroot%\end.cmd (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [end] %systemroot%\end.cmd (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [end] %systemroot%\Lend.cmd (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - E:\3D Studio max\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe -- End of file - 11055 bytes -- File Associations ----------------------------------------------------------- .js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2 -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver> R1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver> S3 ATIAVAIW (ATI T200 Unified AVStream service) - c:\windows\system32\drivers\atinavt2.sys <Not Verified; ATI Technologies Inc.; ATI AVStream> S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing) S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing) S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 RivaTuner32 - c:\program files\rivatuner v2.03\rivatuner32.sys S3 SQTECH905C (DualCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c> S3 w800bus (Sony Ericsson W800 driver (WDM)) - c:\windows\system32\drivers\w800bus.sys <Not Verified; MCCI; Sony Ericsson W800> S3 w800mdfl (Sony Ericsson W800 USB WMC Modem Filter) - c:\windows\system32\drivers\w800mdfl.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem Filter Driver> S3 w800mdm (Sony Ericsson W800 USB WMC Modem Drivers) - c:\windows\system32\drivers\w800mdm.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem> S3 w800mgmt (Sony Ericsson W800 USB WMC Device Management Drivers) - c:\windows\system32\drivers\w800mgmt.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Device Management> S3 w800obex (Sony Ericsson W800 USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\w800obex.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Autodesk Licensing Service - "c:\program files\fichiers communs\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service> R2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "e:\3d studio max\mentalray\satellite\raysat_3dsmax9_32server.exe" R2 O&O Defrag - c:\windows\system32\oodag.exe <Not Verified; O&O Software GmbH; O&O Defrag> R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService> R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module> R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service> S3 SandraDataSrv (Sandra Data Service) - c:\program files\sisoftware\sisoftware sandra lite 2005.sr3\rpcdatasrv.exe <Not Verified; SiSoftware; SiSoftware Sandra 2005.SR3> S3 SandraTheSrv (Sandra Service) - c:\program files\sisoftware\sisoftware sandra lite 2005.sr3\rpcsandrasrv.exe <Not Verified; SiSoftware; SiSoftware Sandra 2005.SR3> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-07-21 00:16:12 346 --a------ C:\WINDOWS\Tasks\At25.job 2008-07-21 00:07:02 346 --a------ C:\WINDOWS\Tasks\At1.job 2008-07-20 23:00:02 346 --a------ C:\WINDOWS\Tasks\At24.job 2008-07-20 22:00:12 346 --a------ C:\WINDOWS\Tasks\At47.job 2008-07-20 22:00:02 346 --a------ C:\WINDOWS\Tasks\At23.job 2008-07-20 21:00:12 346 --a------ C:\WINDOWS\Tasks\At46.job 2008-07-20 21:00:02 346 --a------ C:\WINDOWS\Tasks\At22.job 2008-07-20 20:00:12 346 --a------ C:\WINDOWS\Tasks\At45.job 2008-07-20 20:00:02 346 --a------ C:\WINDOWS\Tasks\At21.job 2008-07-20 19:00:12 346 --a------ C:\WINDOWS\Tasks\At44.job 2008-07-20 19:00:02 346 --a------ C:\WINDOWS\Tasks\At20.job 2008-07-20 18:00:12 346 --a------ C:\WINDOWS\Tasks\At43.job 2008-07-20 18:00:02 346 --a------ C:\WINDOWS\Tasks\At19.job 2008-07-20 17:00:12 346 --a------ C:\WINDOWS\Tasks\At42.job 2008-07-20 17:00:02 346 --a------ C:\WINDOWS\Tasks\At18.job 2008-07-20 16:00:12 346 --a------ C:\WINDOWS\Tasks\At41.job 2008-07-20 16:00:02 346 --a------ C:\WINDOWS\Tasks\At17.job 2008-07-20 15:00:12 346 --a------ C:\WINDOWS\Tasks\At40.job 2008-07-20 15:00:02 346 --a------ C:\WINDOWS\Tasks\At16.job 2008-07-20 14:00:12 346 --a------ C:\WINDOWS\Tasks\At39.job 2008-07-20 14:00:02 346 --a------ C:\WINDOWS\Tasks\At15.job 2008-07-20 13:00:12 346 --a------ C:\WINDOWS\Tasks\At38.job 2008-07-20 13:00:02 346 --a------ C:\WINDOWS\Tasks\At14.job 2008-07-20 12:00:12 346 --a------ C:\WINDOWS\Tasks\At37.job 2008-07-20 12:00:02 346 --a------ C:\WINDOWS\Tasks\At13.job 2008-07-20 11:00:12 346 --a------ C:\WINDOWS\Tasks\At36.job 2008-07-20 11:00:02 346 --a------ C:\WINDOWS\Tasks\At12.job 2008-07-20 10:00:12 346 --a------ C:\WINDOWS\Tasks\At35.job 2008-07-20 10:00:02 346 --a------ C:\WINDOWS\Tasks\At11.job 2008-07-20 09:00:12 346 --a------ C:\WINDOWS\Tasks\At34.job 2008-07-20 09:00:02 346 --a------ C:\WINDOWS\Tasks\At10.job 2008-07-20 08:00:12 346 --a------ C:\WINDOWS\Tasks\At33.job 2008-07-20 08:00:02 346 --a------ C:\WINDOWS\Tasks\At9.job 2008-07-20 07:00:12 346 --a------ C:\WINDOWS\Tasks\At32.job 2008-07-20 07:00:02 346 --a------ C:\WINDOWS\Tasks\At8.job 2008-07-20 06:00:12 346 --a------ C:\WINDOWS\Tasks\At31.job 2008-07-20 06:00:02 346 --a------ C:\WINDOWS\Tasks\At7.job 2008-07-20 05:00:12 346 --a------ C:\WINDOWS\Tasks\At30.job 2008-07-20 05:00:02 346 --a------ C:\WINDOWS\Tasks\At6.job 2008-07-20 04:00:12 346 --a------ C:\WINDOWS\Tasks\At29.job 2008-07-20 04:00:02 346 --a------ C:\WINDOWS\Tasks\At5.job 2008-07-20 03:00:12 346 --a------ C:\WINDOWS\Tasks\At28.job 2008-07-20 03:00:02 346 --a------ C:\WINDOWS\Tasks\At4.job 2008-07-20 02:00:12 346 --a------ C:\WINDOWS\Tasks\At27.job 2008-07-20 02:00:02 346 --a------ C:\WINDOWS\Tasks\At3.job 2008-07-20 01:00:12 346 --a------ C:\WINDOWS\Tasks\At26.job 2008-07-20 01:00:02 346 --a------ C:\WINDOWS\Tasks\At2.job 2008-07-18 23:00:02 346 --a------ C:\WINDOWS\Tasks\At48.job 2007-05-22 08:34:34 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-06-21 and 2008-07-21 ----------------------------- 2008-07-20 12:26:48 0 d-------- C:\Cloverfield.FRENCH.DVDRiP.XviD.By.Epliknot.Team.TamZ 2008-07-19 02:55:14 0 d-------- C:\Program Files\SEKILALA 2008-07-17 10:37:52 0 dr-h----- C:\Documents and Settings\alec\Recent 2008-07-17 02:00:21 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia 2008-07-17 02:00:20 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe 2008-07-17 02:00:11 0 d-------- C:\Documents and Settings\NetworkService\Application Data\HPAppData 2008-07-17 02:00:10 0 dr------- C:\Documents and Settings\NetworkService\Favoris 2008-07-17 01:46:32 0 d-------- C:\Documents and Settings\alec\Logs 2008-07-16 17:26:37 0 d-------- C:\Program Files\Trend Micro 2008-07-16 10:01:55 35842 --a------ C:\WINDOWS\system32\6I8SqPCs.exe 2008-07-16 07:56:18 0 d-------- C:\Documents and Settings\Default User\Application Data\HPAppData 2008-07-16 07:53:13 0 d-------- C:\Documents and Settings\alec\.housecall6.6 2008-07-16 01:41:47 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia 2008-07-16 01:41:46 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe 2008-07-16 01:09:37 0 d-------- C:\WINDOWS\report 2008-07-16 01:09:14 71749 --a------ C:\WINDOWS\hcextoutput.dll 2008-07-16 01:09:14 0 d-------- C:\WINDOWS\AU_Backup 2008-07-16 01:06:27 0 d-------- C:\WINDOWS\AU_Temp 2008-07-16 01:06:27 0 d-------- C:\WINDOWS\AU_Log 2008-07-16 01:06:24 507904 --a------ C:\WINDOWS\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module> 2008-07-16 01:06:23 69689 --a------ C:\WINDOWS\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32> 2008-07-16 01:06:23 286720 --a------ C:\WINDOWS\PATCH.EXE <Not Verified; Trend Micro Inc.; ActiveUpdate Module> 2008-07-15 21:36:32 20480 --a------ C:\WINDOWS\system32\6E8OmLXo.dll 2008-07-14 21:23:18 29760 --a------ C:\WINDOWS\system32\1y5AD55h.exe 2008-07-04 07:56:19 0 d-------- C:\Program Files\LETMIN 2008-07-04 07:56:19 0 d-------- C:\Program Files\Icone 2008-06-21 11:38:11 0 d-------- C:\Program Files\Fichiers communs\Autodesk Shared 2008-06-21 11:23:37 0 d-------- C:\Program Files\MagicISO -- Find3M Report --------------------------------------------------------------- 2008-07-17 10:38:56 12928 --a------ C:\WINDOWS\system32\tablet.dat 2008-06-21 11:37:56 476478 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-06-21 11:37:56 79172 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-06-19 15:35:42 81920 --a------ C:\WINDOWS\system32\W32N50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> 2008-06-19 15:35:42 17134 --a------ C:\WINDOWS\system32\PCANDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> 2008-06-19 15:35:30 0 d-------- C:\Program Files\Securitoo 2008-06-17 17:39:56 0 d-------- C:\Program Files\Xara 2008-06-17 17:39:56 0 d-------- C:\Program Files\Common Files 2008-05-27 01:20:34 0 d-------- C:\Program Files\Movie Maker 2008-05-17 18:31:50 158906 --a------ C:\WINDOWS\hpoins15.dat 2008-05-01 03:59:14 46004 --ah----- C:\WINDOWS\system32\mlfcache.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] 02/03/2007 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] 02/03/2007 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [26/09/2006 01:51] "SoundMan"="SOUNDMAN.EXE" [11/01/2006 15:08 C:\WINDOWS\soundman.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [07/12/2005 22:57] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [18/05/2006 11:29] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [15/10/2001 14:28] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [10/12/2004 12:45 C:\WINDOWS\KHALMNPR.Exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [17/08/2007 16:23] "nwiz"="nwiz.exe" [17/08/2007 16:23 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [17/08/2007 16:23] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 14:42] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/03/2007 21:34] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 18:09] "LClock"="lclock.exe" [08/12/2004 18:06 C:\WINDOWS\LClock.exe] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:55] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [07/08/2006 10:06] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [04/04/2007 00:29] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "FFTI"=C:\Documents and Settings\alec\Application Data\Mozilla\Firefox\Profiles\ohp7hjkv.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\alec\Application Data\Mozilla\Firefox\Profiles/ohp7hjkv.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "end"=%systemroot%\end.cmd "tscuninstall"=%systemroot%\system32\tscupgrd.exe C:\Documents and Settings\alec\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 19:16:50] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 19:16:50] BTTray.lnk - C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe [24/08/2005 14:06:54] SiWake.lnk - C:\Program Files\Wireless LAN Utility\SiWake.exe [08/12/2006 15:44:48] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [08/03/2007 11:13:22] TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [29/08/2007 14:42:25] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/03/2007 21:26:24] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"=1 (0x1) "NoLowDiskSpaceChecks"=1 (0x1) "ClearRecentDocsOnExit"=64 (0x40) "NoSMBalloonTip"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^alec^Menu Démarrer^Programmes^Démarrage^Konfabulator.lnk] path=C:\Documents and Settings\alec\Menu Démarrer\Programmes\Démarrage\Konfabulator.lnk backup=C:\WINDOWS\pss\Konfabulator.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^alec^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.2.lnk] path=C:\Documents and Settings\alec\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Privoxy.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Privoxy.lnk backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\alec\OctoshapeClient.exe" -inv:bootrun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "e:\halfli~1\steam\steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b38cc378-4cfe-11db-b99a-806d6172696f}] AutoRun\command- E:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b74b6a4a-1e39-11dd-9166-0016e657011b}] AutoRun\command- I:\AutoTransfer.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff21831a-3246-11dd-916a-0016e657011b}] AutoRun\command- 22wcb21o.exe explore\Command- 22wcb21o.exe open\Command- 22wcb21o.exe -- End of Deckard's System Scanner: finished at 2008-07-21 00:18:21 ------------ Extra : Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professionnel (build 2600) SP 2.0 Architecture: X86; Language: French CPU 0: AMD Athlon 64 X2 Dual Core Processor 3800+ CPU 1: AMD Athlon 64 X2 Dual Core Processor 3800+ Percentage of Memory in Use: 41% Physical Memory (total/avail): 2047.48 MiB / 1194.14 MiB Pagefile Memory (total/avail): 4011.92 MiB / 1399.54 MiB Virtual Memory (total/avail): 2047.88 MiB / 1936.38 MiB A: is Removable (No Media) C: is Fixed (FAT32) - 14.63 GiB total, 0.39 GiB free. D: is Fixed (FAT32) - 31.48 GiB total, 0.15 GiB free. E: is Fixed (NTFS) - 113.34 GiB total, 0.14 GiB free. F: is CDROM (No Media) G: is CDROM (No Media) H: is CDROM (Unformatted) I: is Fixed (FAT32) - 149.01 GiB total, 0.04 GiB free. J: is Removable (No Media) \\.\PHYSICALDRIVE0 - HDS722516VLAT20 - 153.38 GiB - 2 partitions \PARTITION0 (bootable) - Unknown - 14.65 GiB - C: \PARTITION1 - Étendu avec Inter. 13 étendue - 113.34 GiB - E: \\.\PHYSICALDRIVE1 - SAMSUNG SP4002H - 31.49 GiB - 1 partition \PARTITION0 (bootable) - Unknown - 31.49 GiB - D: \\.\PHYSICALDRIVE3 - HP Photosmart C4280 USB Device \\.\PHYSICALDRIVE2 - WD 1600BEV External USB Device - 149.05 GiB - 1 partition \PARTITION0 - Unknown - 149.05 GiB - I: -- Security Center ------------------------------------------------------------- AUOptions is disabled. AUState says computer has updates disabled. Windows Internal Firewall is disabled. FirstRunDisabled is set. [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "E:\\3dsmax\\monitor.exe"="E:\\3dsmax\\monitor.exe:*:Enabled:backburner 2.3 monitor" "E:\\3dsmax\\manager.exe"="E:\\3dsmax\\manager.exe:*:Enabled:backburner 2.3 manager" "E:\\3dsmax\\server.exe"="E:\\3dsmax\\server.exe:*:Enabled:backburner 2.3 server" "E:\\Cod4\\iw3mp.exe"="E:\\Cod4\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare" "E:\\3D Studio max\\3dsmax.exe"="E:\\3D Studio max\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\alec\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Fichiers communs COMPUTERNAME=ALEC ComSpec=C:\WINDOWS\system32\cmd.exe DEVMGR_SHOW_DETAILS=1 FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\alec LOGONSERVER=\\ALEC NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\Mozilla Firefox\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Fichiers communs\GTK\2.0\bin;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;E:\3dsmax\;C:\Program Files\Fichiers communs\Autodesk Shared\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 43 Stepping 1, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=2b01 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\alec\LOCALS~1\Temp TMP=C:\DOCUME~1\alec\LOCALS~1\Temp USERDOMAIN=ALEC USERNAME=alec USERPROFILE=C:\Documents and Settings\alec windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- alec (admin) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x040c --> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x040c --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x040c --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x040c --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x040c --> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x040c --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5} --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057} --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x40c --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x40c /remove --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x40c --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x40c /remove --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x40c --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x40c /remove --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x40c --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x40c /remove --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x40c --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x40c /remove --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x40c --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7} 3dsmax ancillary install --> MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C} 802.11 USB Wireless LAN Adapter --> C:\WINDOWS\system32\unwlsdrv.exe SiS163u Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101} Adobe Photoshop 7.0 --> C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D} Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101} AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5} Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c ATITool Overclocking Utility --> "C:\Program Files\ATITool\Uninstall.exe" Autodesk 3ds Max 9 32-bit --> MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4} Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057} Avatar Muse --> C:\Program Files\Avatar Muse\uninstall.exe Azureus --> C:\Program Files\Azureus\Uninstall.exe Backburner --> MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379} Belkin Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679} BioShock --> C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe -runfromtemp -l0x040c -removeonly Call of Duty® 4 - Modern Warfare --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Condemned - Criminal Origins --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB47D7EA-7EF1-475C-9C14-AF5B8FCA45E2}\setup.exe" -l0x40c -removeonly Corel Painter X --> C:\Program Files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A} C:\DOCUME~1\alec\LOCALS~1\Temp\PainterX.log Corel Painter X --> MsiExec.exe /I{05D60953-9012-44DF-A1A6-9DD97AD6580A} Correctif pour Windows XP (KB893357) --> Correctif Windows XP - KB834707 --> Correctif Windows XP - KB867282 --> Correctif Windows XP - KB873333 --> Correctif Windows XP - KB873339 --> Correctif Windows XP - KB884020 --> Correctif Windows XP - KB884883 --> Correctif Windows XP - KB885222 --> Correctif Windows XP - KB885250 --> Correctif Windows XP - KB885523 --> Correctif Windows XP - KB885626 --> Correctif Windows XP - KB885835 --> Correctif Windows XP - KB885836 --> Correctif Windows XP - KB885894 --> Correctif Windows XP - KB886185 --> Correctif Windows XP - KB886677 --> Correctif Windows XP - KB886716 --> Correctif Windows XP - KB887742 --> Correctif Windows XP - KB888113 --> Correctif Windows XP - KB888302 --> Correctif Windows XP - KB890047 --> Correctif Windows XP - KB890175 --> Correctif Windows XP - KB890831 --> Correctif Windows XP - KB890859 --> Correctif Windows XP - KB890923 --> Correctif Windows XP - KB891781 --> Correctif Windows XP - KB893086 --> Correctif Windows XP - KB896626 --> Counter-Strike --> "E:\HALFLI~1\steam\steam.exe" steam://uninstall/10 Counter-Strike --> MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A} Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x40c /remove Creative System Information --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove Creative ZEN V Series (R2) --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x40c /remove DC++ (remove only) --> "C:\Program Files\DC++\uninstall.exe" DH Driver Cleaner Professional Edition --> C:\Program Files\Driver Cleaner Pro\Uninstall.exe Digital Camera Driver --> C:\PROGRA~1\DIGITA~1\UNWISE.EXE C:\PROGRA~1\DIGITA~1\INSTALL.LOG DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Désinstaller Raveille --> "C:\Program Files\Raveille\unins000.exe" DyynoPlayer 0.8.6e --> C:\Program Files\Dyyno\Dyyno Player\uninstall.exe eMule --> "C:\Program Files\eMule\Uninstall.exe" EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" FairUse Wizard 2 --> "C:\Program Files\FairUse Wizard 2\UnInstall_14333.exe" FantasyTennis --> E:\tennis\FantasyTennis\Uninstall.exe FBX Plugin 2006.08 for Max 9.0 --> C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe FBX Plugin 2006.11.1 for Max 2008 --> C:\Program Files\Autodesk\FBX\FbxPlugins\2006.11.1\Max2008\Uninstall.exe FlashFXP v3 --> "C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u FlashGet 1.9.0.1012 --> C:\Program Files\FlashGet\uninst.exe Fraps (remove only) --> "C:\Fraps\uninstall.exe" Futuremark SystemInfo --> C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe -runfromtemp -l0x0009 -removeonly Gestionnaire de disques amovible Creative --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c /remove Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} GTK+ 2.4.14 runtime environment --> "C:\Program Files\Fichiers communs\GTK\2.0\unins000.exe" GUILD WARS --> "E:\Guild war\GUILD WARS\Gw.exe" -uninstall Half-Life 2 --> "E:\Half life 2\steam\steam.exe" steam://uninstall/220 Half-Life 2: Deathmatch --> "E:\Half life 2\steam\steam.exe" steam://uninstall/320 HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HP Customer Participation Program 9.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP OCR Software 9.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat HP Photosmart All-In-One Software 9.0 --> C:\Program Files\HP\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat HP Photosmart Essential 2.01 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7} HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Update --> MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5} HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3} iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} K-Lite Codec Pack 2.77 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe" Logitech SetPoint --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x40c -removeonly Macromedia Dreamweaver 8 --> MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA} Macromedia Extension Manager --> MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76} Magic ISO Maker v5.5 (build 0261) --> C:\PROGRA~1\MAGICISO\UNWISE.EXE C:\PROGRA~1\MAGICISO\INSTALL.LOG Microsoft Office Access MUI (French) 2007 --> MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9} Microsoft Office InfoPath MUI (French) 2007 --> MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007 --> MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9} Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE} Microsoft Office Professional Plus 2007 --> "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007 --> MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) --> Mise à jour de sécurité pour Windows XP (KB883939) --> Mise à jour de sécurité pour Windows XP (KB890046) --> Mise à jour de sécurité pour Windows XP (KB893066) --> Mise à jour de sécurité pour Windows XP (KB896358) --> Mise à jour de sécurité pour Windows XP (KB896422) --> Mise à jour de sécurité pour Windows XP (KB896428) --> Mise à jour de sécurité pour Windows XP (KB901214) --> Mise à jour de sécurité pour Windows XP (KB903235) --> Mise à jour pour Windows XP (KB894391) --> Mise à jour pour Windows XP (KB898461) --> Mise à jour pour Windows XP (KB900930) --> Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.0) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSXML 6.0 Parser --> MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE} Multi Virus Cleaner 2006 --> "C:\Program Files\AxBx\Multi Virus Cleaner 2006\unins000.exe" Multi Virus Cleaner 2007 --> "C:\Program Files\AxBx\Multi Virus Cleaner 2007\unins000.exe" MultiRes (remove only) --> C:\Program Files\MultiRes\uninstal.exe MyDSC2 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9 Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Nero Recode CE --> C:\WINDOWS\UNRecode.exe /UNINSTALL NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI O&O Defrag Professional Edition --> MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31} Octoshape Streaming Services --> C:\Program Files\Octoshape Streaming Services\alec\uninst.exe Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan PDF Editeur 2 --> C:\WINDOWS\cadkasdeinst01f.exe "C:\Program Files\PDF Editeur 2\" Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" Ping Plotter Freeware --> C:\PROGRA~1\PINGPL~1\UNWISE.EXE C:\PROGRA~1\PINGPL~1\INSTALL.LOG PowerDVD --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall Privoxy 3.0.6 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe" QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121} RealPlayer --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly RivaTuner v2.03 --> "C:\Program Files\RivaTuner v2.03\uninstall.exe" SiSoftware Sandra Lite 2005.SR3 (Win64/32/CE) --> "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\unins000.exe" Sony Media Manager 2.2 --> MsiExec.exe /X{878D2EB2-2D55-42A9-955E-1E08F28529FD} Source SDK --> "E:\Half life 2\steam\steam.exe" steam://uninstall/211 Source SDK Base --> "E:\Half life 2\steam\steam.exe" steam://uninstall/215 SpeechRedist --> MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE} Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe" Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe" Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe" Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe Tablette --> C:\Program Files\Tablet\Remove.exe /u TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe" Tom Clancy's Splinter Cell Chaos Theory --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888DD888-82BE-4D85-BCB2-2E042CD3E844}\setup.exe" -l0x40c -removeonly Tor 0.1.2.19 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe" Tortun 0.76 --> "C:\Program Files\Tortun\unins000.exe" Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} Version d'évaluation de Microsoft Office Professional 2007 --> "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL Vidalia 0.0.16 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe" VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Vista Upgrade Advisor --> MsiExec.exe /I{B79FBFDD-8B0C-4B8E-B70E-499E39978281} Wireless LAN Utility --> "C:\Program Files\Wireless LAN Utility\unWuty.exe" Wireless LAN Utility World of Warcraft --> C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe Wow Cartographe 1.07 --> C:\Program Files\WowCartographe\uninst.exe Wow Web Stats Client --> C:\WINDOWS\system32\javaws.exe -uninstall "http://www.lossendil.com/wwsc/wws.jnlp" WowAceUpdater --> rundll32.exe dfshim.dll,ShArpMaintain WowAceUpdater.application, Culture=neutral, PublicKeyToken=d76ccab02584da8d, processorArchitecture=msil Xara3D6 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64C96428-3A75-4AAE-A538-C450EF68175F}\setup.exe" -l0x9 XnView 1.82.4 --> "C:\Program Files\XnView\unins000.exe" ZENcast Organizer --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x40c /remove -- Application Event Log ------------------------------------------------------- Event Record #/Type2001 / Error Event Submitted/Written: 07/12/2008 11:50:31 AM Event ID/Source: 1000 / Microsoft Office 12 Event Description: Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028, faulting module hpz3r5ha.dll, version 61.71.246.0, stamp 460a27bd, debug? 0, fault address 0x000467e8. Event Record #/Type1945 / Error Event Submitted/Written: 07/03/2008 07:01:43 PM Event ID/Source: 1000 / Microsoft Office 12 Event Description: Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028, faulting module hpz3r5ha.dll, version 61.71.246.0, stamp 460a27bd, debug? 0, fault address 0x000467e8. Event Record #/Type1913 / Error Event Submitted/Written: 06/21/2008 11:43:17 AM Event ID/Source: 11334 / MsiInstaller Event Description: Product: Backburner -- Error 1334. The file 'kMONITORCG0.C1A25C11_EF41_4974_A7D7_2BD12D268199' cannot be installed because the file cannot be found in cabinet file 'backburner.cab'. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package. Event Record #/Type1900 / Warning Event Submitted/Written: 06/21/2008 11:37:55 AM Event ID/Source: 1020 / ASP.NET 2.0.50727.0 Event Description: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type3433 / Error Event Submitted/Written: 07/21/2008 00:17:28 AM Event ID/Source: 1 / sr Event Description: Le filtre de restauration du système à rencontré l'erreur inattendue '0xC000007F' pendant le traitement du fichier 'desktop.ini' sur le volume 'HarddiskVolume4'. Ceci a entraîné l'arrêt de la surveillance du volume. Event Record #/Type3428 / Warning Event Submitted/Written: 07/20/2008 07:26:48 PM Event ID/Source: 2504 / Server Event Description: Le serveur n'a pas pu se lier au transport \Device\NetBT_Tcpip_{9D556CFB-7B67-4B02-96DC-E1150190FD8F}. Event Record #/Type3426 / Warning Event Submitted/Written: 07/20/2008 07:26:42 PM Event ID/Source: 1006 / Dhcp Event Description: Votre ordinateur n'a pas pu configurer automatiquement les paramètres IP pour la carte avec l'adresse réseau 0016E657011B. Il s'est produit l'erreur suivante pendant la configuration : %%4100. Event Record #/Type3425 / Warning Event Submitted/Written: 07/20/2008 07:26:36 PM Event ID/Source: 1003 / Dhcp Event Description: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 0016E657011B. Il s'est produit l'erreur suivante : %%121. Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP). Event Record #/Type3420 / Warning Event Submitted/Written: 07/20/2008 01:44:34 PM Event ID/Source: 1007 / Dhcp Event Description: Votre ordinateur a automatiquement configuré l'adresse IP pour la carte avec l'adresse réseau 0016E657011B. L'adresse IP utilisée est 169.254.40.60. -- End of Deckard's System Scanner: finished at 2008-07-21 00:18:21 ------------

merci pour la réponse, pour la charge dédiée : CTRL + ALT + SUPR -> gestionnaire des tache et ca se voit aussi a la lenteur du pc voila le resultat : Fichier 6I8SqPCs.exe reçu le 2008.07.21 00:06:01 (CET) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.7.17.0 2008.07.18 Win32/NSAnti.suspicious AntiVir 7.8.1.11 2008.07.20 TR/Crypt.ULPM.Gen Authentium 5.1.0.4 2008.07.20 W32/Pws.ANRK Avast 4.8.1195.0 2008.07.20 Win32:Trojan-gen {Other} AVG 8.0.0.130 2008.07.20 Generic10.AOWW BitDefender 7.2 2008.07.20 Trojan.Adclicker.HB CAT-QuickHeal 9.50 2008.07.18 TrojanPSW.OnLineGames.arxy ClamAV 0.93.1 2008.07.20 Trojan.Spy-41149 DrWeb 4.44.0.09170 2008.07.20 Trojan.Click.19260 eSafe 7.0.17.0 2008.07.20 Suspicious File eTrust-Vet 31.6.5966 2008.07.18 Win32/Jaijoi.C Ewido 4.0 2008.07.20 - F-Prot 4.4.4.56 2008.07.20 W32/Pws.ANRK F-Secure 7.60.13501.0 2008.07.20 Trojan-GameThief.Win32.OnLineGames.arxy Fortinet 3.14.0.0 2008.07.20 W32/OnLineGames.ARXY!tr.pws GData 2.0.7306.1023 2008.07.20 Trojan-GameThief.Win32.OnLineGames.arxy Ikarus T3.1.1.34.0 2008.07.20 Trojan-GameThief.Win32.OnLineGames.arxy Kaspersky 7.0.0.125 2008.07.20 Trojan-GameThief.Win32.OnLineGames.arxy McAfee 5342 2008.07.18 New Malware.bl Microsoft 1.3704 2008.07.20 TrojanSpy:Win32/OnLineGames NOD32v2 3282 2008.07.19 Win32/TrojanClicker.Agent.NDQ Norman 5.80.02 2008.07.18 W32/DLoader.HSQD Panda 9.0.0.4 2008.07.20 Generic Malware Prevx1 V2 2008.07.21 Cloaked Malware Rising 20.53.62.00 2008.07.20 Trojan.Win32.Undef.jrw Sophos 4.31.0 2008.07.20 Mal/EncPk-F Sunbelt 3.1.1536.1 2008.07.18 Trojan-GameThief.Win32.OnLineGames.arxy Symantec 10 2008.07.20 Trojan.Patchep TheHacker 6.2.96.385 2008.07.20 Trojan/PSW.OnLineGames.arxy TrendMicro 8.700.0.1004 2008.07.18 TSPY_ONLINEG.FXG VBA32 3.12.8.1 2008.07.20 Trojan-PSW.Win32.OnLineGames.arxy VirusBuster 4.5.11.0 2008.07.20 Trojan.PWS.OnLineGames.MZN Webwasher-Gateway 6.6.2 2008.07.20 Trojan.Crypt.ULPM.Gen Information additionnelle File size: 35842 bytes MD5...: ff8d5dcb0899ef28449977b4736ce35a SHA1..: 4d7049981c91ff807084792f2f70e014486cd766 SHA256: 72d5a7dbd43b135d3e684e721a6d1956eb7dcec6de2acc3a34f028b28cbe512e SHA512: 20557c905d46c5bf4aaa3d52d956515ed3ea650220d8a39dc8a72b91c0004e3e<br>2343f456c098057dcc1eace97794cd824c3e833d2db411b3b06016340cc673f4 PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4141f9<br>timedatestamp.....: 0x485868df (Wed Jun 18 01:46:07 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0xc000 0x9000 0x8400 7.99 3c51c7207149c315d6091a95efaeedec<br>UPX2 0x15000 0x1000 0x400 2.73 af8114c7acc7de4abf32e98010e97503<br><br>( 9 imports ) <br>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br>> ADVAPI32.dll: RegCloseKey<br>> NETAPI32.dll: NetScheduleJobAdd<br>> ole32.dll: CoInitialize<br>> OLEAUT32.dll: -<br>> SHELL32.dll: StrChrA<br>> SHLWAPI.dll: StrDupA<br>> USER32.dll: wsprintfA<br>> WININET.dll: InternetOpenA<br><br>( 0 exports ) <br> Prevx info: http://info.prevx.com/aboutprogramtext.asp...2E59C0070C7E7EF Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.7.17.0 2008.07.18 Win32/NSAnti.suspicious AntiVir 7.8.1.11 2008.07.20 TR/Crypt.ULPM.Gen Authentium 5.1.0.4 2008.07.20 W32/Pws.ANRK Avast 4.8.1195.0 2008.07.20 Win32:Trojan-gen {Other} AVG 8.0.0.130 2008.07.20 Generic10.AOWW BitDefender 7.2 2008.07.20 Trojan.Adclicker.HB CAT-QuickHeal 9.50 2008.07.18 TrojanPSW.OnLineGames.arxy ClamAV 0.93.1 2008.07.20 Trojan.Spy-41149 DrWeb 4.44.0.09170 2008.07.20 Trojan.Click.19260 eSafe 7.0.17.0 2008.07.20 Suspicious File eTrust-Vet 31.6.5966 2008.07.18 Win32/Jaijoi.C Ewido 4.0 2008.07.20 - F-Prot 4.4.4.56 2008.07.20 W32/Pws.ANRK F-Secure 7.60.13501.0 2008.07.20 Trojan-GameThief.Win32.OnLineGames.arxy Fortinet 3.14.0.0 2008.07.20 W32/OnLineGames.ARXY!tr.pws GData 2.0.7306.1023 2008.07.20 Trojan-GameThief.Win32.OnLineGames.arxy Ikarus T3.1.1.34.0 2008.07.20 Trojan-GameThief.Win32.OnLineGames.arxy Kaspersky 7.0.0.125 2008.07.20 Trojan-GameThief.Win32.OnLineGames.arxy McAfee 5342 2008.07.18 New Malware.bl Microsoft 1.3704 2008.07.20 TrojanSpy:Win32/OnLineGames NOD32v2 3282 2008.07.19 Win32/TrojanClicker.Agent.NDQ Norman 5.80.02 2008.07.18 W32/DLoader.HSQD Panda 9.0.0.4 2008.07.20 Generic Malware Prevx1 V2 2008.07.21 Cloaked Malware Rising 20.53.62.00 2008.07.20 Trojan.Win32.Undef.jrw Sophos 4.31.0 2008.07.20 Mal/EncPk-F Sunbelt 3.1.1536.1 2008.07.18 Trojan-GameThief.Win32.OnLineGames.arxy Symantec 10 2008.07.20 Trojan.Patchep TheHacker 6.2.96.385 2008.07.20 Trojan/PSW.OnLineGames.arxy TrendMicro 8.700.0.1004 2008.07.18 TSPY_ONLINEG.FXG VBA32 3.12.8.1 2008.07.20 Trojan-PSW.Win32.OnLineGames.arxy VirusBuster 4.5.11.0 2008.07.20 Trojan.PWS.OnLineGames.MZN Webwasher-Gateway 6.6.2 2008.07.20 Trojan.Crypt.ULPM.Gen Information additionnelle File size: 35842 bytes MD5...: ff8d5dcb0899ef28449977b4736ce35a SHA1..: 4d7049981c91ff807084792f2f70e014486cd766 SHA256: 72d5a7dbd43b135d3e684e721a6d1956eb7dcec6de2acc3a34f028b28cbe512e SHA512: 20557c905d46c5bf4aaa3d52d956515ed3ea650220d8a39dc8a72b91c0004e3e<br>2343f456c098057dcc1eace97794cd824c3e833d2db411b3b06016340cc673f4 PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4141f9<br>timedatestamp.....: 0x485868df (Wed Jun 18 01:46:07 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0xc000 0x9000 0x8400 7.99 3c51c7207149c315d6091a95efaeedec<br>UPX2 0x15000 0x1000 0x400 2.73 af8114c7acc7de4abf32e98010e97503<br><br>( 9 imports ) <br>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br>> ADVAPI32.dll: RegCloseKey<br>> NETAPI32.dll: NetScheduleJobAdd<br>> ole32.dll: CoInitialize<br>> OLEAUT32.dll: -<br>> SHELL32.dll: StrChrA<br>> SHLWAPI.dll: StrDupA<br>> USER32.dll: wsprintfA<br>> WININET.dll: InternetOpenA<br><br>( 0 exports ) <br> Prevx info: http://info.prevx.com/aboutprogramtext.asp...2E59C0070C7E7EF

up ?

Bonjour J'ai un soucis : ma charge dédiée. Elle est anormalement élevé : entre 2000 et 3500 Mo Quand je démarre le PC, étrangement, même avec la connexion internet active, la charge dédié est normale : 200 -300 Mo Après une nuit allumée et un tas de pop up ouverte a mon insu, la charge dédiée passe a 2000+ voici mon rapport Hijack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:31:40, on 18/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\lclock.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Wireless LAN Utility\SiWake.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\svchost.exe E:\3D Studio max\mentalray\satellite\raysat_3dsmax9_32server.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\3D Studio max\3dsmax.exe C:\DOCUME~1\alec\LOCALS~1\Temp\AdskCleanup.0001 C:\Program Files\Fichiers communs\Autodesk Shared\WSCommCntr1.exe C:\WINDOWS\system32\6I8SqPCs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LClock] lclock.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\alec\Application Data\Mozilla\Firefox\Profiles\ohp7hjkv.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\alec\Application Data\Mozilla\Firefox\Profiles/ohp7hjkv.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [end] %systemroot%\end.cmd (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [end] %systemroot%\end.cmd (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [cmd] %systemroot%\end.cmd (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [cmd] %systemroot%\end.cmd (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - E:\3D Studio max\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe -- End of file - 11250 bytes merci

Bonjour Bon, j'ai choppé mon ptit virus / spyware annuel ^^ alors en gros, pop de partout, page d'accueil = proposition d'un logiciel pour desinfecter ( pub bidon quoi ) wallpaper changé en gros " warning ton pc va mourir achete vite notre anti virus a 10000 $ ", impossible de changer le wall.... voici 2 rapport, un de ad-ware SE et l'autre de Hijack, que faut il supprimer ? Avec Hjack Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\Documents and Settings\flo\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [steam] "e:\jeux\half life\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - HKCU\..\Run: [services32] C:\Program Files\Fichiers communs\Windows\mc-110-12-0000228.exe O4 - HKCU\..\Run: [Tenp] "C:\Program Files\dcrb\sere.exe" -vt yazr O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Search - http://kx.bar.need2find.com/KX/menusearch.html?p=KX O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C75AC0ED-79B7-45A1-930C-54D03F2DE3D3}: NameServer = 80.10.246.130 80.10.246.3 O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\ijput.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe __________________________________________________________________________________________________ Ad-ware SE Ad-Aware SE Build 1.05 Logfile Created on:dimanche 22 janvier 2006 07:38:40 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R88 20.01.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adware.Director(TAC index:3):5 total references Adware.Freeprod Toolbar(TAC index:3):50 total references CmdServices(TAC index:4):24 total references MRU List(TAC index:0):32 total references Other(TAC index:5):1 total references Possible Browser Hijack attempt(TAC index:3):5 total references Targetsavers(TAC index::5 total references Tracking Cookie(TAC index:3):12 total references Windows(TAC index:3):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file 22-01-2006 07:38:40 - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 428 ThreadCreationTime : 22-01-2006 06:40:27 BasePriority : Normal #:2 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 972 ThreadCreationTime : 22-01-2006 06:40:36 BasePriority : High #:3 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1016 ThreadCreationTime : 22-01-2006 06:40:37 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Applications Services et Contrôleur InternalName : services.exe LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : services.exe #:4 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1028 ThreadCreationTime : 22-01-2006 06:40:37 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:5 [ati2evxx.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1172 ThreadCreationTime : 22-01-2006 06:40:37 BasePriority : Normal #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1216 ThreadCreationTime : 22-01-2006 06:40:37 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1240 ThreadCreationTime : 22-01-2006 06:40:37 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1604 ThreadCreationTime : 22-01-2006 06:40:38 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:9 [ewidoctrl.exe] FilePath : C:\Program Files\ewido anti-malware\ ProcessID : 1736 ThreadCreationTime : 22-01-2006 06:40:40 BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : ewido control CompanyName : ewido networks FileDescription : ewido control InternalName : ewido control LegalCopyright : Copyright © 2004 OriginalFilename : ewidoctrl.exe #:10 [ewidoguard.exe] FilePath : C:\Program Files\ewido anti-malware\ ProcessID : 1768 ThreadCreationTime : 22-01-2006 06:40:41 BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : guard CompanyName : ewido networks FileDescription : guard InternalName : guard LegalCopyright : Copyright © 2004 OriginalFilename : guard.exe #:11 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1824 ThreadCreationTime : 22-01-2006 06:40:42 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Exécuter une DLL en tant qu'application InternalName : rundll LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : RUNDLL.EXE #:12 [starwindservice.exe] FilePath : C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\ ProcessID : 2020 ThreadCreationTime : 22-01-2006 06:40:44 BasePriority : Normal FileVersion : 2.6.1 Build 0x20050401 ProductVersion : 2.6.1 Build 0x20050401 ProductName : StarWind CompanyName : Rocket Division Software FileDescription : StarWind iSCSI Target (Alcohol Edition) InternalName : StarWind LegalCopyright : Copyright © Rocket Division Software 2003-2005. All rights reserved. OriginalFilename : StarWind #:13 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2036 ThreadCreationTime : 22-01-2006 06:40:44 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:14 [ati2evxx.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 468 ThreadCreationTime : 22-01-2006 06:40:47 BasePriority : Normal #:15 [ustorsrv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 496 ThreadCreationTime : 22-01-2006 06:40:47 BasePriority : Normal FileVersion : 1, 1, 1, 5 ProductVersion : 1, 1, 1, 5 ProductName : OTi Content Service CompanyName : OTi FileDescription : OTi Content Service InternalName : UniCntSrvSvc LegalCopyright : Copyright © 2004 OriginalFilename : UniCntSrvSvc.EXE Comments : Build on 6/10/2003 #:16 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 572 ThreadCreationTime : 22-01-2006 06:40:49 BasePriority : Normal FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Explorateur Windows InternalName : explorer LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : EXPLORER.EXE #:17 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1432 ThreadCreationTime : 22-01-2006 06:41:15 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:18 [dragdiag.exe] FilePath : C:\Program Files\Thomson\SpeedTouch USB\ ProcessID : 1368 ThreadCreationTime : 22-01-2006 06:41:21 BasePriority : Normal FileVersion : 301.0.0.12 ProductVersion : 301.0.0.12 ProductName : SpeedTouch USB CompanyName : THOMSON Telecom Belgium FileDescription : SpeedTouch Statistics LegalCopyright : Copyright© THOMSON Telecom Belgium 1999-2004 LegalTrademarks : SpeedTouch #:19 [nvmixertray.exe] FilePath : C:\Program Files\NVIDIA Corporation\NvMixer\ ProcessID : 1656 ThreadCreationTime : 22-01-2006 06:41:21 BasePriority : Normal #:20 [atiptaxx.exe] FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\ ProcessID : 1796 ThreadCreationTime : 22-01-2006 06:41:22 BasePriority : Normal FileVersion : 6.14.10.5120 ProductVersion : 6.14.10.5120 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe #:21 [hpztsb04.exe] FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\ ProcessID : 1808 ThreadCreationTime : 22-01-2006 06:41:22 BasePriority : Normal FileVersion : 2,80,0,0 ProductVersion : 2,80,0,0 ProductName : HP DeskJet CompanyName : HP LegalCopyright : Copyright © Hewlett-Packard Company 1999-2001 #:22 [daemon.exe] FilePath : C:\Program Files\D-Tools\ ProcessID : 1980 ThreadCreationTime : 22-01-2006 06:41:23 BasePriority : Normal #:23 [vsnpstd.exe] FilePath : C:\WINDOWS\ ProcessID : 1760 ThreadCreationTime : 22-01-2006 06:41:24 BasePriority : Normal FileVersion : 1, 0, 0, 4 ProductVersion : 1, 0, 0, 4 ProductName : CameraMonitor Application FileDescription : CameraMonitor MFC Application InternalName : CameraMonitor LegalCopyright : Copyright © 2003 OriginalFilename : CameraMonitor.EXE #:24 [winampa.exe] FilePath : C:\Program Files\Winamp\ ProcessID : 2016 ThreadCreationTime : 22-01-2006 06:41:24 BasePriority : Normal #:25 [skype.exe] FilePath : C:\Program Files\Skype\Phone\ ProcessID : 1496 ThreadCreationTime : 22-01-2006 06:42:04 BasePriority : Normal #:26 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 3352 ThreadCreationTime : 22-01-2006 06:45:22 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adware.Freeprod Toolbar Object Recognized! Type : Regkey Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{2296428d-c133-4928-b76a-a200ff409572} Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{2296428d-c133-4928-b76a-a200ff409572} Value : Adware.Freeprod Toolbar Object Recognized! Type : Regkey Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} Value : Adware.Freeprod Toolbar Object Recognized! Type : Regkey Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.xbtp07618 Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.xbtp07618 Value : Adware.Freeprod Toolbar Object Recognized! Type : Regkey Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.xbtp07618.1 Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.xbtp07618.1 Value : Adware.Freeprod Toolbar Object Recognized! Type : Regkey Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{5279231e-fabe-4abf-83a8-7c7e17e3ce1a} Adware.Freeprod Toolbar Object Recognized! Type : Regkey Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CLASSES_ROOT Object : xbtb07618.ietoolbar Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CLASSES_ROOT Object : xbtb07618.ietoolbar Value : Adware.Freeprod Toolbar Object Recognized! Type : Regkey Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CLASSES_ROOT Object : xbtb07618.ietoolbar.1 Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CLASSES_ROOT Object : xbtb07618.ietoolbar.1 Value : Adware.Freeprod Toolbar Object Recognized! Type : Regkey Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CLASSES_ROOT Object : xbtb07618.xbtb07618 Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CLASSES_ROOT Object : xbtb07618.xbtb07618 Value : Adware.Freeprod Toolbar Object Recognized! Type : Regkey Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CLASSES_ROOT Object : xbtb07618.xbtb07618.1 Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CLASSES_ROOT Object : xbtb07618.xbtb07618.1 Value : Adware.Director Object Recognized! Type : Regkey Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1614895754-725345543-682003330-1003\software\director Adware.Director Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1614895754-725345543-682003330-1003\software\director Value : Affid Adware.Director Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1614895754-725345543-682003330-1003\software\director Value : BaseURL Adware.Director Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1614895754-725345543-682003330-1003\software\director Value : Uid Adware.Director Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1614895754-725345543-682003330-1003\software\director Value : Request Adware.Freeprod Toolbar Object Recognized! Type : Regkey Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1614895754-725345543-682003330-1003\software\xbtb07618 Windows Object Recognized! Type : RegData Data : explorer.exe "c:\program files\fichiers communs\microsoft shared\web folders\ibm00001.exe" Category : Vulnerability Comment : Shell Possibly Compromised Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows nt\currentversion\winlogon Value : Shell Data : explorer.exe "c:\program files\fichiers communs\microsoft shared\web folders\ibm00001.exe" Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 24 Objects found so far: 24 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Page.findthewebsiteyouneed.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "http://searchbar.findthewebsiteyouneed.com"'>http://searchbar.findthewebsiteyouneed.com"'>http://searchbar.findthewebsiteyouneed.com"'>http://searchbar.findthewebsiteyouneed.com"'>http://searchbar.findthewebsiteyouneed.com"'>http://searchbar.findthewebsiteyouneed.com"'>http://searchbar.findthewebsiteyouneed.com"'>http://searchbar.findthewebsiteyouneed.com"'>http://searchbar.findthewebsiteyouneed.com"'>http://searchbar.findthewebsiteyouneed.com" Category : Vulnerability Comment : Possible Browser Hijack attempt Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Internet Explorer\Main Value : Search Page Data : "http://searchbar.findthewebsiteyouneed.com" Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistant.findthewebsiteyouneed.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "http://searchbar.findthewebsiteyouneed.com" Category : Vulnerability Comment : Possible Browser Hijack attempt Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Internet Explorer\Search Value : SearchAssistant Data : "http://searchbar.findthewebsiteyouneed.com" Possible Browser Hijack attempt : S-1-5-21-1614895754-725345543-682003330-1003\Software\Microsoft\Internet Explorer\MainSearch Page.findthewebsiteyouneed.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "http://searchbar.findthewebsiteyouneed.com" Category : Vulnerability Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : S-1-5-21-1614895754-725345543-682003330-1003\Software\Microsoft\Internet Explorer\Main Value : Search Page Data : "http://searchbar.findthewebsiteyouneed.com" Possible Browser Hijack attempt : S-1-5-21-1614895754-725345543-682003330-1003\Software\Microsoft\Internet Explorer\MainSearch Bar.findthewebsiteyouneed.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "http://searchbar.findthewebsiteyouneed.com" Category : Vulnerability Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : S-1-5-21-1614895754-725345543-682003330-1003\Software\Microsoft\Internet Explorer\Main Value : Search Bar Data : "http://searchbar.findthewebsiteyouneed.com" Possible Browser Hijack attempt : S-1-5-21-1614895754-725345543-682003330-1003\Software\Microsoft\Internet Explorer\MainDefault_Search_URL.findthewebsiteyouneed.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "http://searchbar.findthewebsiteyouneed.com" Category : Vulnerability Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : S-1-5-21-1614895754-725345543-682003330-1003\Software\Microsoft\Internet Explorer\Main Value : Default_Search_URL Data : "http://searchbar.findthewebsiteyouneed.com" Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : ({77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}) Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Internet Explorer\Toolbar Value : {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 6 Objects found so far: 30 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : flo@serving-sys[1].txt Category : Data Miner Comment : Hits:10 Value : Cookie:flo@serving-sys.com/ Expires : 31-12-2037 23:00:00 LastSync : Hits:10 UseCount : 0 Hits : 10 Tracking Cookie Object Recognized! Type : IECache Entry Data : flo@estat[1].txt Category : Data Miner Comment : Hits:2 Value : Cookie:flo@estat.com/ Expires : 16-01-2016 09:14:30 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : flo@bluestreak[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:flo@bluestreak.com/ Expires : 08-01-2016 08:43:44 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : flo@tribalfusion[2].txt Category : Data Miner Comment : Hits:5 Value : Cookie:flo@tribalfusion.com/ Expires : 01-01-2038 01:00:00 LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking Cookie Object Recognized! Type : IECache Entry Data : flo@doubleclick[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:flo@doubleclick.net/ Expires : 21-01-2009 06:37:56 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : flo@2o7[1].txt Category : Data Miner Comment : Hits:29 Value : Cookie:flo@2o7.net/ Expires : 07-12-2010 20:09:28 LastSync : Hits:29 UseCount : 0 Hits : 29 Tracking Cookie Object Recognized! Type : IECache Entry Data : flo@weborama[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:flo@weborama.fr/ Expires : 10-01-2008 15:34:26 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : flo@www.cibleclick[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:flo@www.cibleclick.com/ Expires : 27-09-2037 01:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : flo@www.smartadserver[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:flo@www.smartadserver.com/ Expires : 27-11-2010 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : flo@adtech[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:flo@adtech.de/ Expires : 08-01-2016 13:17:50 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : flo@mediaplex[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:flo@mediaplex.com/ Expires : 22-06-2009 01:00:00 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : flo@cgi-bin[1].txt Category : Data Miner Comment : Hits:14 Value : Cookie:flo@imrworldwide.com/cgi-bin Expires : 17-11-2015 08:50:52 LastSync : Hits:14 UseCount : 0 Hits : 14 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 12 Objects found so far: 42 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 42 CmdServices Object Recognized! Type : File Data : atmtd.dll Category : Possible Browser Hijack attempt Comment : Object : C:\WINDOWS\System32\ CmdServices Object Recognized! Type : File Data : atmtd.dll._ Category : Possible Browser Hijack attempt Comment : Object : C:\WINDOWS\System32\ Targetsavers Object Recognized! Type : File Data : tsuninst.exe Category : Malware Comment : Object : C:\WINDOWS\System32\ Disk Scan Result for C:\WINDOWS\System32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 45 Targetsavers Object Recognized! Type : File Data : tsinstall_4_0_4_0_b4.exe Category : Malware Comment : Object : C:\DOCUME~1\flo\LOCALS~1\Temp\ Disk Scan Result for C:\DOCUME~1\flo\LOCALS~1\Temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 46 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 29 entries scanned. New critical objects:0 Objects found so far: 46 MRU List Object Recognized! Location: : C:\Documents and Settings\flo\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\adobe\photoshop\7.0\visiteddirs Description : adobe photoshop 7 recent work folders MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\mediaplayer\preferences Description : last cd record path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-19\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-20\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1614895754-725345543-682003330-1003\software\winrar\dialogedithistory\extrpath Description : winrar "extract-to" history Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adware.Freeprod Toolbar Object Recognized! Type : Regkey Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CURRENT_USER Object : software\director Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CURRENT_USER Object : software\director Value : Affid Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CURRENT_USER Object : software\director Value : BaseURL Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CURRENT_USER Object : software\director Value : Uid Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CURRENT_USER Object : software\director Value : Request Adware.Freeprod Toolbar Object Recognized! Type : Regkey Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\xbtb07618.xbtb07618toolbar Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\xbtb07618.xbtb07618toolbar Value : DisplayName Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\xbtb07618.xbtb07618toolbar Value : UninstallString Adware.Freeprod Toolbar Object Recognized! Type : Regkey Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} Value : ButtonText Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} Value : CLSID Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} Value : Default Visible Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} Value : HotIcon Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} Value : Icon Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} Value : MenuStatusBar Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} Value : MenuText Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} Value : ClsidExtension Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\extensions\cmdmapping Value : {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} Adware.Freeprod Toolbar Object Recognized! Type : RegValue Data : Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\windows\currentversion\internet settings Value : GlobalUserOffline Adware.Freeprod Toolbar Object Recognized! Type : RegData Data : 0 Category : Possible Browser Hijack attempt Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown Value : iexplore.exe Data : 0 Adware.Freeprod Toolbar Object Recognized! Type : Folder Category : Possible Browser Hijack attempt Comment : Object : C:\Program Files\Freeprod Toolbar Adware.Freeprod Toolbar Object Recognized! Type : Folder Category : Possible Browser Hijack attempt Comment : Object : C:\Program Files\freeprod toolbar\Cache Adware.Freeprod Toolbar Object Recognized! Type : File Data : basis.xml Category : Possible Browser Hijack attempt Comment : Object : C:\Program Files\freeprod toolbar\ Adware.Freeprod Toolbar Object Recognized! Type : File Data : favicon.ico Category : Possible Browser Hijack attempt Comment : Object : C:\Program Files\freeprod toolbar\ Adware.Freeprod Toolbar Object Recognized! Type : File Data : freeprod.crc Category : Possible Browser Hijack attempt Comment : Object : C:\Program Files\freeprod toolbar\ Adware.Freeprod Toolbar Object Recognized! Type : File Data : freeprod.dll Category : Possible Browser Hijack attempt Comment : Object : C:\Program Files\freeprod toolbar\ FileVersion : 1, 0, 0, 4 ProductVersion : 1, 0, 0, 1 ProductName : IE Toolbar CompanyName : IE Toolbar FileDescription : IE Toolbar InternalName : IE Toolbar LegalCopyright : Copyright 2001-2003. All rights reserved. OriginalFilename : toolbar.dll Adware.Freeprod Toolbar Object Recognized! Type : File Data : icons.bmp Category : Possible Browser Hijack attempt Comment : Object : C:\Program Files\freeprod toolbar\ Adware.Freeprod Toolbar Object Recognized! Type : File Data : msvcp60.dll Category : Possible Browser Hijack attempt Comment : Object : C:\Program Files\freeprod toolbar\ FileVersion : 6.00.8972.0 ProductVersion : 6.00.8972.0 ProductName : Microsoft ® Visual C++ CompanyName : Microsoft Corporation FileDescription : Microsoft ® C++ Runtime Library InternalName : MSVCP60.DLL LegalCopyright : Copyright © Microsoft Corp. 1981-1998 OriginalFilename : MSVCP60.DLL Adware.Freeprod Toolbar Object Recognized! Type : File Data : msvcrt.dll Category : Possible Browser Hijack attempt Comment : Object : C:\Program Files\freeprod toolbar\ FileVersion : 6.10.9359.0 ProductVersion : 6.10.9359.0 ProductName : Microsoft ® Visual C++ CompanyName : Microsoft Corporation FileDescription : Microsoft ® C Runtime Library InternalName : MSVCRT.DLL LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : MSVCRT.DLL Adware.Freeprod Toolbar Object Recognized! Type : File Data : version.txt Category : Possible Browser Hijack attempt Comment : Object : C:\Program Files\freeprod toolbar\ Adware.Freeprod Toolbar Object Recognized! Type : File Data : id.id Category : Possible Browser Hijack attempt Comment : Object : C:\DOCUME~1\flo\LOCALS~1\Temp\ CmdServices Object Recognized