fabou4

Bonjour THANOS Je viens de te poster le lien upload sur ta MP Merci pour tout et bon W. end

Bonsoir THANOS, Des que je clique sur "ouvrir" : il répond (vista) "vous n'avez pas l'autorisation d'ouvrir ce fichier, consulter le propriétaire du fichier ou un administrateur pour obtenir cette autorisation". je ne touche rien j'attends tes indications. Merci bcp de ton aide.

Bonsoir THANOS, Je ne sais pas si c'est la personne qui m'a fait l'installation du PC qui me l'a installé il y a quelques mois, ou si ça été livré avec mon HP. Quand à savoir quelle version de "free download manager" est installée, je suis incapable de le dire. merci bcp de ton aide malgré ces imprécisions.

bonsoir THANOS voici le résultat Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.22 2009.07.14 Riskware.AdWare.Win32.Agent!IK AhnLab-V3 5.0.0.2 2009.07.14 - AntiVir 7.9.0.215 2009.07.14 TR/Skintrim.F.44 Antiy-AVL 2.0.3.1 2009.07.14 AdWare/Win32.Agent.gen Authentium 5.1.2.4 2009.07.14 - Avast 4.8.1335.0 2009.07.14 - AVG 8.5.0.387 2009.07.14 - BitDefender 7.2 2009.07.14 Trojan.Generic.1569237 CAT-QuickHeal 10.00 2009.07.14 AdWare.Agent.lln (Not a Virus) ClamAV 0.94.1 2009.07.14 Adware.Agent-4084 Comodo 1650 2009.07.14 UnclassifiedMalware DrWeb 5.0.0.12182 2009.07.14 - eSafe 7.0.17.0 2009.07.14 - eTrust-Vet 31.6.6612 2009.07.14 - F-Prot 4.4.4.56 2009.07.14 - F-Secure 8.0.14470.0 2009.07.14 AdWare.Win32.Agent.lln Fortinet 3.120.0.0 2009.07.14 Misc/PUP GData 19 2009.07.14 Trojan.Generic.1569237 Ikarus T3.1.1.64.0 2009.07.14 not-a-virus:AdWare.Win32.Agent Jiangmin 11.0.706 2009.07.14 - K7AntiVirus 7.10.792 2009.07.14 - Kaspersky 7.0.0.125 2009.07.14 not-a-virus:AdWare.Win32.Agent.lln McAfee 5676 2009.07.14 potentially unwanted program Generic PUP McAfee+Artemis 5676 2009.07.14 potentially unwanted program Generic PUP McAfee-GW-Edition 6.8.5 2009.07.14 Heuristic.BehavesLike.Win32.Downloader.H Microsoft 1.4803 2009.07.14 Trojan:Win32/Skintrim.F NOD32 4243 2009.07.14 probably a variant of Win32/Adware.Agent Norman 6.01.09 2009.07.14 - nProtect 2009.1.8.0 2009.07.14 - Panda 10.0.0.14 2009.07.14 Trj/CI.A PCTools 4.4.2.0 2009.07.14 - Prevx 3.0 2009.07.14 High Risk Cloaked Malware Rising 21.38.14.00 2009.07.14 - Sophos 4.43.0 2009.07.14 Troj/Wintri-Gen Sunbelt 3.2.1858.2 2009.07.14 Adware.Agent.gen Symantec 1.4.4.12 2009.07.14 - TheHacker 6.3.4.3.366 2009.07.14 - TrendMicro 8.950.0.1094 2009.07.14 - VBA32 3.12.10.8 2009.07.14 AdWare.Win32.Agent.lln ViRobot 2009.7.14.1835 2009.07.14 Adware.Agent.88505.C VirusBuster 4.6.5.0 2009.07.14 - Information additionnelle File size: 88505 bytes MD5 : d5f4221582c61ef9d3fbd1e8d1649df3 SHA1 : 960e7aabe2a9e134b7e6c2430ac59d66bd1d83d5 SHA256: 9a4d522aac4eb54ad1a657c2b2880d8a53633f7f2bfa82b9f594a18e4ec65313 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x3484 timedatestamp.....: 0x499429A1 (Thu Feb 12 14:52:33 2009) machinetype.......: 0x14C (Intel I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x9B76 0x9C00 6.42 9b8638b3b598146628c64b425539705c .rdata 0xB000 0x19D0 0x1A00 5.59 da325a61c9e7eae27fb9fa5eeb5179a4 .data 0xD000 0x23918 0xE00 4.82 c557038879e6a881cbc16a8af580b526 .ndata 0x31000 0xA000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rsrc 0x3B000 0x4268 0x4400 5.83 7d2fb5438d82cc3f388e774c1705b8fb ( 0 imports ) ( 0 exports ) TrID : File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) ssdeep: 1536:0rl+HMtKLhTszE0lvJqgWWIJHN4MWxzNJwCryG/a4S4+/xf80V4G5OFkL4:0rl+HMjAQI9N4tNJwCryGyfJf80v3U Prevx Info: http://info.prevx.com/aboutprogramtext.asp...35BA500A5CABC3B PEiD : - RDS : NSRL Reference Data Set bon, comme ça n'est pas très lisible voici le lien : http://www.virustotal.com/fr/analisis/9a4d...313-1247600500# merci !!!

bonjour depuis ce matin, ANTIVIR me detecte le trojan Dans le fichier 'C:\Users\albert\Free Download Manager\uninst.exe' un virus ou un programme indésirable 'TR/Skintrim.F.44' [trojan] a été détecté. et aussi dans Dans le fichier 'C:\Program Files\Free Download Manager\uninst.exe' un virus ou un programme indésirable 'TR/Skintrim.F.44' [trojan] a été détecté. or je posède ce programme depuis plusieurs mois ! par ailleurs, j'ai fait un scan avec HIJACKTHIS dont voici le log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:36:51, on 14/07/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\DigitalPersona\Bin\DpAgent.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\HP\HP UT\bin\hppusg.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\IDT\WDM\sttray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\mobsync.exe C:\Users\albert\Desktop\HiJackThis.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Users\albert\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe" O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Users\albert\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Users\albert\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Users\albert\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Users\albert\Free Download Manager\dlfvideo.htm O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe -- End of file - 10538 bytes est-ce que c'est un faux positif ??? par ailleurs, si je veux désinstaller FREE DOWNLOAD MANAGER qui ne me sert pas, comment puis-je faire SANS passer par le désinstallateur du logiciel (puisque c'est ce fichier qui semble infecté) ? MERCI BEAUCOUP et BON 14 juillet !!!!

erreur de post...

bonjour pear j'ai essayé CLEAN UP mais sans succès (jv16 ne m'inspirait pas trop) : il n'y avait même pas d'entrée ADOBE je me suis dit que si ce n'était pas ADOBE le fautif alors c'est internet explore 7 ! j'ai donc installé la 8 par dessus et ... ça marche ! (comme vous le présentiez, ce n'était effectivement pas un pb dû au virus) Merci encore pour votre aide cordialement

bonsoir pear ça a l'air d'aller question virus : antivir reste calme ! sauf un petit ennui quand je suis sur mon site de banque laposte.net : dès l'arrivée sur ce site, il me met un message comme quoi il ya eu un probleme avec ACROBAT READER. mais je n'ai PLUS acrobat reader (j'ai mis foxit) et j'ai l'impression que ce message est apparu depuis l'appartion des virus (mais peut-être je me trompe) est-ce un reste de virus ou plutôt un bug d'ie ? a+

bonjour pear (vous êtes à nouveau fidèle au poste ! merci bcp !!!) voici les rapports demandés : Malwarebytes' Anti-Malware 1.36 Version de la base de données: 2153 Windows 5.1.2600 Service Pack 3 19/05/2009 17:09:48 mbam-log-2009-05-19 (17-09-48).txt Type de recherche: Examen rapide Eléments examinés: 112518 Temps écoulé: 6 minute(s), 15 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Delete on reboot. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\kliker.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-6482219463-6376024258-194707431-4970\nissan.exe (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\mr bouazziz\Bureau\WebMediaPlayer.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully. -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Athlon XP 2100+ ) BIOS : Award Modular BIOS v6.00PG USER : mr bouazziz ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:57 Go (Free:16 Go) Q:\ (CD or DVD) R:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 19/05/2009|17:18 ) -----------\\ SUPPRESSION Supprime! - C:\Program Files\AskBarDis\bar Supprime! - C:\Program Files\AskBarDis\PopSwatter Supprime! - C:\Program Files\AskBarDis\unins000.dat Supprime! - C:\Program Files\AskBarDis\unins000.exe Supprime! - C:\Program Files\AskBarDis -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (mr bouazziz) - {1476ff20-0a3c-11db-9cd8-0800200c9a66} => macfox-1.1.5-fx-windows (mr bouazziz) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar (mr bouazziz) - {C1CCF2A6-D735-4817-866A-993A66CF9A3D} => firefox_vista-1.5-fx (mr bouazziz.SN4970687158) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.fr/" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 19/05/2009|17:14 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 19/05/2009|17:20 - Option : [2] -----------\\ Fin du rapport a 17:20:08,25 Avira AntiVir Personal Report file date: mardi 19 mai 2009 17:33 Scanning for 1400180 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: SN4970687158 Version information: BUILD.DAT : 8.2.0.348 16934 Bytes 23/03/2009 13:44:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 26/11/2008 17:36:00 AVSCAN.DLL : 8.1.4.0 40705 Bytes 05/09/2008 15:55:52 LUKE.DLL : 8.1.4.5 164097 Bytes 05/09/2008 15:55:52 LUKERES.DLL : 8.1.4.0 12033 Bytes 05/09/2008 15:55:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 18:58:45 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 15:13:03 ANTIVIR2.VDF : 7.1.3.185 2010112 Bytes 12/05/2009 05:50:25 ANTIVIR3.VDF : 7.1.3.225 174592 Bytes 19/05/2009 07:27:24 Engineversion : 8.2.0.168 AEVDF.DLL : 8.1.1.1 106868 Bytes 01/05/2009 08:37:20 AESCRIPT.DLL : 8.1.2.0 389497 Bytes 16/05/2009 20:38:18 AESCN.DLL : 8.1.2.3 127347 Bytes 16/05/2009 20:38:17 AERDL.DLL : 8.1.1.3 438645 Bytes 09/11/2008 11:40:51 AEPACK.DLL : 8.1.3.16 397686 Bytes 09/05/2009 20:35:11 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 15:13:11 AEHEUR.DLL : 8.1.0.129 1761655 Bytes 16/05/2009 20:38:17 AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 15:13:08 AEGEN.DLL : 8.1.1.44 348532 Bytes 16/05/2009 20:38:14 AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 19:52:00 AECORE.DLL : 8.1.6.9 176500 Bytes 17/04/2009 17:12:03 AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 19:51:58 AVWINLL.DLL : 1.0.0.12 15105 Bytes 05/09/2008 15:55:52 AVPREF.DLL : 8.0.2.0 38657 Bytes 05/09/2008 15:55:52 AVREP.DLL : 8.0.0.3 155688 Bytes 20/04/2009 19:51:26 AVREG.DLL : 8.0.0.1 33537 Bytes 05/09/2008 15:55:52 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 05/09/2008 15:55:52 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 05/09/2008 15:55:52 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 05/09/2008 15:55:47 RCTEXT.DLL : 8.0.52.0 86273 Bytes 05/09/2008 15:55:47 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 19 mai 2009 17:33 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wltuser.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'TeamViewer.exe' - '1' Module(s) have been scanned Scan process 'hposts07.exe' - '1' Module(s) have been scanned Scan process 'hpoevm07.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'WLANUTL.EXE' - '1' Module(s) have been scanned Scan process 'hpobrt07.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'apdproxy.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'WTSrv.exe' - '1' Module(s) have been scanned Scan process 'vcssecs.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SeaPort.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'nhksrv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 45 processes with 45 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '74' files ). Starting the file scan: Begin scan in 'C:\' <HDD> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\mr bouazziz.SN4970687158\Shared\jessie matador [new album].au [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was moved to '4a85d4e0.qua'! C:\Documents and Settings\mr bouazziz.SN4970687158\Shared\le vent de lhiver - best track ever.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was moved to '4a32d4e2.qua'! C:\Documents and Settings\mr bouazziz.SN4970687158\Shared\le vent de lhiver live at private party.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was moved to '4a32d4e3.qua'! C:\Documents and Settings\mr bouazziz.SN4970687158\Shared\le vent de lhiver VBR.mp3 [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit [NOTE] The file was moved to '4a32d4e5.qua'! End of the scan: mardi 19 mai 2009 18:33 Used time: 59:22 Minute(s) The scan has been done completely. 8886 Scanning directories 382927 Files were scanned 4 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 4 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 382921 Files not concerned 7910 Archives were scanned 2 Warnings 4 Notes

et aussi un rapport mbam (avant désinfection) Malwarebytes' Anti-Malware 1.36 Version de la base de données: 2153 Windows 5.1.2600 Service Pack 3 19/05/2009 15:05:01 mbam-log-2009-05-19 (15-04-55).txt Type de recherche: Examen rapide Eléments examinés: 112518 Temps écoulé: 6 minute(s), 15 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> No action taken. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\kliker.exe (Backdoor.Bot) -> No action taken. C:\RECYCLER\S-1-5-21-6482219463-6376024258-194707431-4970\nissan.exe (Backdoor.Bot) -> No action taken. C:\Documents and Settings\mr bouazziz\Bureau\WebMediaPlayer.lnk (Adware.EGDAccess) -> No action taken.

bonjour à tous à peine désinfecté que revoilà plein de virus (antivir crie tous les jours). d'avance , MERCI POUR VOTRE AIDE !!! voici le log hijack this Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:37:57, on 19/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Apps\ActivBoard\nhksrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\System32\Drivers\WTSRV.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\TeamViewer\Version4\TeamViewer.exe C:\Documents and Settings\mr bouazziz.SN4970687158\Bureau\HiJackjack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\MEDIADICO\Dico TV5\MDTV5TB.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [PreAnnotate] C:\WINDOWS\System32\PreAnntt.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?1b899115aa524635ae2c03ac4feee1f2 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?1b899115aa524635ae2c03ac4feee1f2 O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE O24 - Desktop Component 0: (no name) - http://tbn0.google.com/images?q=tbn:KyMK1j...ack%2BWhale.jpg O24 - Desktop Component 1: (no name) - file:///C:/Program%20Files/fond-ecran-wallpaper/fleur/images/image_004.jpg O24 - Desktop Component 2: (no name) - file:///C:/Program%20Files/fond-ecran-wallpaper/fleur/images/image_001.jpg O24 - Desktop Component 3: (no name) - http://www.fond-ecran-wallpaper.com/fleur/.../fleur-0004.jpg -- End of file - 12292 bytes

Bonjour Falkra, Juste pour vous dire merci pour tout. J'utilise désormais Firefox. Puisque c'est encouragé, alors à l'occasion je n'hésiterai pas à re poser des questions.

Bonsoir Falkra J'ai lancé PSI de Sécunia. Ci dessous le résultat du scan, ça m'a interpellé qu'en pensez vous ? Je suis désolé si ces questions vous paraissent basiques. Merci pour vos conseils et votre patience ******************************************************************************** Adobe Flash Player 10.x (ActiveX Control) Adobe Reader 9.x VLC media player 0.x 3 Security Threats, with the worst rated as a: Category 5 Threat 3 solutions should be applied Note. After downloading and installing a solution it may be required to re-scan your system before the entry is removed from the above list. Should it still be listed after applying the solution and re-scanning your system, then please consult our Community Forum for further assistance.

Re Bonsoir, Mieux vaut prévenir que.... Je me suis retrouvé avec "Free download manager" sur le PC. Je ne sais pas si ça été livré avec la machine, où si je l'ai tiré par une manip quelconque du net. Toujours est-il qu'il me harcèle régulièrement pour des mises à jour. Mais je refuse et je refuse désormais toute mise à jour sauf pour les éditeurs connus (de moi) de type HP, Microsoft, Avira antivir. Peut -on faire faire confiance et laisser opérer les mises à jour de "Free download manager" ? Une autre question me vient à l'esprit, je dispose de la version gratuite Avira antivir, cependant cet éditeur propose à chaque connexion une version payante sensée sécuriser davantage. Une telle version m'aurait-elle prémunie contre eorezo ? et sinon existe -il un moyen pour se prémunir de tels traquuenards (à part s'informer en permanence) ? merci.

Bonsoir Falkra, Voici le résultat du dernier Hijack comme demandé. Je suis disposé à porter plainte contre eorezo. Merci de m'indiquer la marche à suivre. J'ai aperçu sur un site internet que cette "société" est basée à Paris 8eme donc à portée d'une action en justice . Reste à voir ce que le legislateur à prévu pour ce type de délit, si rien au moins ça pourrait le sensibiliser aux lacunes actuelles et essayer d'y remédier Merci encore pour tout. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:15:43, on 10/03/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe C:\Program Files\DigitalPersona\Bin\DpAgent.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\HP\HP UT\bin\hppusg.exe C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Users\Josiane\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Users\albert\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe" O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\RunOnce: [softwareHelper] C:\Users\Josiane\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN O4 - HKCU\..\Run: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe -- End of file - 9652 bytes

Bonsoir, Magique ! Eorezo est enfin KO ! votre procédure a pulvérisé avec succès cet intrus. Merci pour votre aide, pour votre patience et tout le temps passé. J'utilise le net au travail, avec une protection efficace qui masque bien l'étendue des dangers de la jungle du Net, mais depuis la maison c'est la jungle au bout de chaque clic. Il n'empêche que se pose un véritable problème juridique avec les eorezo et consorts, car il s'agit bien d'une effraction electronique qui devrait tomber sous le coup d'une loi quelconque, si elle existe. Enfin ceci est un autre dossier. Encore merci et bravo.

Bonsoir, Merci pour votre aide continue. Ci joint le contenu des deux fichiers : log.txt et info.txt Logfile of random's system information tool 1.05 (written by random/random) Run by Josiane at 2009-03-03 22:09:30 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1 System drive C: has 174 GB (77%) free of 227 GB Total RAM: 3069 MB (62% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:09:47, on 03/03/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Users\Josiane\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\DigitalPersona\Bin\DpAgent.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\HP\HP UT\bin\hppusg.exe C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Josiane\Desktop\RSIT.exe C:\Program Files\trend micro\Josiane.exe C:\Windows\System32\mobsync.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Users\albert\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe" O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\RunOnce: [softwareHelper] C:\Users\Josiane\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN O4 - HKCU\..\Run: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe -- End of file - 10558 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-05 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}] AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}] FDMIECookiesBHO Class - C:\Users\albert\Free Download Manager\iefdm2.dll [2008-11-12 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-05 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-13 13584928] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-13 92704] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1033512] "SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-09-11 446556] "DVDAgent"=C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [2008-09-26 1148200] "TSMAgent"=C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [2008-09-25 1152296] "CLMLServer for HP TouchSmart"=C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2008-09-25 189736] "TVAgent"=C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe [2008-09-24 206120] "UCam_Menu"=C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [2008-06-13 210216] "SmartMenu"=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2008-09-23 912688] "UpdateLBPShortCut"=C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-06-13 210216] "UpdatePSTShortCut"=C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-09-26 210216] "DpAgent"=C:\Program Files\DigitalPersona\Bin\dpagent.exe [2008-07-14 814144] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-08-01 202032] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "UpdateP2GoShortCut"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216] "UpdatePDIRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-05 136600] "HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008] "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] ""= [] "HPUsageTracking"=C:\Program Files\HP\HP UT\bin\hppusg.exe [2007-05-04 36864] "Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-10-10 69632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SoftwareHelper"=C:\Users\Josiane\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [2008-12-09 368224] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "HPADVISOR"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-09-30 972080] "ISUSPM"=C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-07-12 226904] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli DPPWDFLT [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8587e1f6-f160-11dd-a699-00235a1facc8}] shell\AutoRun\command - H:\EmDesk.exe shell\EmDesk\command - H:\EmDesk.exe ======List of files/folders created in the last 1 months====== 2009-03-03 22:09:30 ----D---- C:\rsit 2009-03-03 22:09:30 ----D---- C:\Program Files\trend micro 2009-03-01 13:55:07 ----D---- C:\Users\Josiane\AppData\Roaming\Malwarebytes 2009-03-01 13:28:00 ----D---- C:\Users\Josiane\AppData\Roaming\Template 2009-03-01 12:56:42 ----D---- C:\ProgramData\WindowsSearch 2009-02-27 00:50:28 ----D---- C:\_OTMoveIt 2009-02-26 22:15:16 ----D---- C:\ProgramData\Malwarebytes 2009-02-26 22:15:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-02-24 21:58:12 ----D---- C:\Users\Josiane\AppData\Roaming\EoRezo 2009-02-22 20:21:41 ----A---- C:\cleannavi.txt 2009-02-22 12:28:35 ----A---- C:\fixnavi.txt 2009-02-22 12:24:24 ----D---- C:\Program Files\Navilog1 2009-02-17 01:23:18 ----D---- C:\Downloads 2009-02-15 06:50:00 ----A---- C:\Windows\system32\EncDec.dll 2009-02-15 06:49:59 ----A---- C:\Windows\system32\psisdecd.dll 2009-02-14 20:49:13 ----D---- C:\Users\Josiane\AppData\Roaming\Logitech 2009-02-12 23:15:49 ----D---- C:\Program Files\Free Download Manager 2009-02-12 23:00:57 ----D---- C:\ProgramData\LogiShrd 2009-02-12 22:59:56 ----A---- C:\Windows\system32\BtCoreIf.dll 2009-02-12 22:59:51 ----A---- C:\Windows\system32\KemXML.dll 2009-02-12 22:59:51 ----A---- C:\Windows\system32\KemWnd.dll 2009-02-12 22:59:51 ----A---- C:\Windows\system32\KemUtil.dll 2009-02-12 22:59:51 ----A---- C:\Windows\system32\kemutb.dll 2009-02-12 22:59:32 ----D---- C:\ProgramData\Logitech 2009-02-12 22:59:23 ----D---- C:\Program Files\Common Files\Logishrd 2009-02-12 22:59:19 ----D---- C:\Program Files\Logitech 2009-02-11 20:41:35 ----A---- C:\Windows\system32\mshtml.dll 2009-02-11 20:41:34 ----A---- C:\Windows\system32\urlmon.dll 2009-02-11 20:41:34 ----A---- C:\Windows\system32\ieframe.dll 2009-02-11 20:41:33 ----A---- C:\Windows\system32\wininet.dll 2009-02-11 20:41:33 ----A---- C:\Windows\system32\mstime.dll 2009-02-11 20:41:33 ----A---- C:\Windows\system32\msfeeds.dll 2009-02-11 20:41:33 ----A---- C:\Windows\system32\jsproxy.dll 2009-02-11 20:41:33 ----A---- C:\Windows\system32\iertutil.dll 2009-02-10 22:13:38 ----D---- C:\Nouveau dossier 2009-02-05 20:58:37 ----D---- C:\Users\Josiane\AppData\Roaming\Real 2009-02-05 20:58:36 ----D---- C:\Users\Josiane\AppData\Roaming\Media Player Classic 2009-02-05 16:40:21 ----A---- C:\Windows\system32\javaws.exe 2009-02-05 16:40:21 ----A---- C:\Windows\system32\javaw.exe 2009-02-05 16:40:21 ----A---- C:\Windows\system32\java.exe 2009-02-05 16:40:21 ----A---- C:\Windows\system32\deploytk.dll 2009-02-05 16:13:34 ----D---- C:\Users\Josiane\AppData\Roaming\vlc 2009-02-05 15:52:24 ----D---- C:\Users\Josiane\AppData\Roaming\Macromedia 2009-02-05 15:52:17 ----D---- C:\Users\Josiane\AppData\Roaming\Adobe 2009-02-05 15:51:20 ----D---- C:\Users\Josiane\AppData\Roaming\Macrovision 2009-02-05 15:50:58 ----D---- C:\Users\Josiane\AppData\Roaming\Hewlett-Packard 2009-02-05 15:50:20 ----D---- C:\Users\Josiane\AppData\Roaming\DigitalPersona 2009-02-05 15:49:25 ----D---- C:\Users\Josiane\AppData\Roaming\Identities 2009-02-05 15:48:50 ----SD---- C:\Users\Josiane\AppData\Roaming\Microsoft 2009-02-05 15:48:50 ----D---- C:\Users\Josiane\AppData\Roaming\Media Center Programs 2009-02-05 15:38:55 ----D---- C:\Program Files\VideoLAN 2009-02-05 15:38:29 ----A---- C:\Windows\system32\rmoc3260.dll 2009-02-05 15:38:29 ----A---- C:\Windows\system32\pndx5032.dll 2009-02-05 15:38:29 ----A---- C:\Windows\system32\pndx5016.dll 2009-02-05 15:38:29 ----A---- C:\Windows\system32\pncrt.dll 2009-02-05 15:38:28 ----D---- C:\ProgramData\Real 2009-02-05 15:38:28 ----D---- C:\Program Files\Real Alternative 2009-02-05 15:32:18 ----A---- C:\Windows\system32\pdfcmnnt.dll 2009-02-05 15:32:17 ----A---- C:\Windows\system32\VB6FR.DLL 2009-02-05 15:32:17 ----A---- C:\Windows\system32\MSCMCFR.DLL 2009-02-05 15:32:17 ----A---- C:\Windows\system32\MSCC2FR.DLL 2009-02-05 15:32:16 ----D---- C:\Program Files\PDFCreator 2009-02-05 15:32:16 ----A---- C:\Windows\system32\MSMPIDE.DLL 2009-02-05 15:25:44 ----A---- C:\Windows\system32\tzres.dll 2009-02-05 15:15:10 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-02-05 15:15:10 ----A---- C:\Windows\system32\infocardapi.dll 2009-02-05 15:15:09 ----A---- C:\Windows\system32\PresentationHostProxy.dll 2009-02-05 15:15:09 ----A---- C:\Windows\system32\icardres.dll 2009-02-05 15:15:09 ----A---- C:\Windows\system32\icardagt.exe 2009-02-05 15:15:08 ----A---- C:\Windows\system32\PresentationNative_v0300.dll 2009-02-05 15:15:07 ----A---- C:\Windows\system32\PresentationHost.exe 2009-02-05 15:09:55 ----A---- C:\Windows\system32\dfshim.dll 2009-02-05 15:09:53 ----A---- C:\Windows\system32\mscoree.dll 2009-02-05 15:09:52 ----A---- C:\Windows\system32\netfxperf.dll 2009-02-05 15:09:40 ----A---- C:\Windows\system32\mscorier.dll 2009-02-05 15:09:37 ----A---- C:\Windows\system32\mscories.dll 2009-02-05 15:09:10 ----D---- C:\Program Files\MSXML 4.0 2009-02-05 14:33:11 ----D---- C:\Program Files\Common Files\DESIGNER 2009-02-05 14:33:00 ----D---- C:\Windows\PCHEALTH 2009-02-05 14:33:00 ----D---- C:\Program Files\Microsoft.NET 2009-02-05 14:28:11 ----RHD---- C:\MSOCache 2009-02-05 14:23:18 ----D---- C:\ProgramData\HP 2009-02-05 14:14:39 ----D---- C:\ProgramData\HPSSUPPLY 2009-02-05 14:10:02 ----D---- C:\Windows\system32\URTTEMP 2009-02-05 14:09:02 ----HD---- C:\Program Files\Avago-HP 2009-02-05 13:58:08 ----D---- C:\ProgramData\Avira 2009-02-05 13:58:08 ----D---- C:\Program Files\Avira 2009-02-05 13:36:25 ----A---- C:\Windows\system32\PortableDeviceApi.dll 2009-02-05 13:36:18 ----A---- C:\Windows\system32\gdi32.dll 2009-02-05 13:36:14 ----A---- C:\Windows\system32\Apphlpdm.dll 2009-02-05 13:36:13 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2009-02-05 13:35:57 ----A---- C:\Windows\system32\msxml3.dll 2009-02-05 13:35:55 ----A---- C:\Windows\system32\netapi32.dll 2009-02-05 13:35:51 ----A---- C:\Windows\system32\shell32.dll 2009-02-05 13:35:47 ----A---- C:\Windows\explorer.exe 2009-02-05 13:35:24 ----A---- C:\Windows\system32\WindowsCodecsExt.dll 2009-02-05 13:35:24 ----A---- C:\Windows\system32\WindowsCodecs.dll 2009-02-05 13:35:24 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll 2009-02-05 13:35:22 ----A---- C:\Windows\system32\wersvc.dll 2009-02-05 13:35:22 ----A---- C:\Windows\system32\Faultrep.dll 2009-02-05 13:35:21 ----A---- C:\Windows\system32\win32spl.dll 2009-02-05 13:35:19 ----A---- C:\Windows\system32\mf.dll 2009-02-05 13:35:18 ----A---- C:\Windows\system32\WMVCORE.DLL 2009-02-05 13:35:18 ----A---- C:\Windows\system32\WMNetMgr.dll 2009-02-05 13:35:18 ----A---- C:\Windows\system32\logagent.exe 2009-02-05 13:35:17 ----A---- C:\Windows\system32\connect.dll 2009-02-05 13:35:14 ----A---- C:\Windows\system32\ntoskrnl.exe 2009-02-05 13:35:14 ----A---- C:\Windows\system32\ntkrnlpa.exe 2009-02-05 13:35:13 ----A---- C:\Windows\system32\msxml6.dll 2009-02-05 13:33:37 ----D---- C:\Logiciels 2009-02-05 13:25:43 ----A---- C:\Windows\system32\wups2.dll 2009-02-05 13:25:43 ----A---- C:\Windows\system32\wucltux.dll 2009-02-05 13:25:43 ----A---- C:\Windows\system32\wuaueng.dll 2009-02-05 13:25:43 ----A---- C:\Windows\system32\wuauclt.exe 2009-02-05 13:25:24 ----A---- C:\Windows\system32\wups.dll 2009-02-05 13:25:24 ----A---- C:\Windows\system32\wudriver.dll 2009-02-05 13:25:24 ----A---- C:\Windows\system32\wuapi.dll 2009-02-05 13:25:17 ----A---- C:\Windows\system32\wuwebv.dll 2009-02-05 13:25:17 ----A---- C:\Windows\system32\wuapp.exe ======List of files/folders modified in the last 1 months====== 2009-03-03 22:09:42 ----D---- C:\Windows\Prefetch 2009-03-03 22:09:39 ----D---- C:\Windows\Temp 2009-03-03 22:09:30 ----RD---- C:\Program Files 2009-03-02 21:49:04 ----D---- C:\Windows\System32 2009-03-02 21:49:04 ----D---- C:\Windows\inf 2009-03-02 21:49:04 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-03-02 20:20:32 ----SHD---- C:\System Volume Information 2009-03-01 17:50:07 ----D---- C:\Windows 2009-03-01 13:55:10 ----D---- C:\Windows\system32\drivers 2009-03-01 12:56:42 ----HD---- C:\ProgramData 2009-02-27 00:43:00 ----D---- C:\Windows\system32\catroot2 2009-02-25 08:50:10 ----D---- C:\Windows\system32\WDI 2009-02-22 12:02:13 ----SD---- C:\ProgramData\Microsoft 2009-02-15 10:47:38 ----D---- C:\Windows\Microsoft.NET 2009-02-15 10:47:22 ----RSD---- C:\Windows\assembly 2009-02-15 10:35:55 ----D---- C:\Windows\winsxs 2009-02-15 10:35:53 ----D---- C:\Windows\ehome 2009-02-15 06:48:31 ----D---- C:\Windows\system32\catroot 2009-02-12 23:27:55 ----D---- C:\Windows\system32\NDF 2009-02-12 23:00:54 ----SHD---- C:\Windows\Installer 2009-02-12 22:59:26 ----HD---- C:\Program Files\InstallShield Installation Information 2009-02-12 22:59:23 ----D---- C:\Program Files\Common Files 2009-02-12 09:11:58 ----D---- C:\Program Files\Windows Mail 2009-02-08 20:24:12 ----D---- C:\ProgramData\Microsoft Help 2009-02-08 20:22:14 ----D---- C:\Program Files\Common Files\microsoft shared 2009-02-07 20:27:33 ----D---- C:\Windows\Registration 2009-02-07 20:26:47 ----D---- C:\Program Files\Internet Explorer 2009-02-05 20:38:34 ----D---- C:\Program Files\SMINST 2009-02-05 16:45:57 ----D---- C:\Windows\Logs 2009-02-05 16:40:01 ----D---- C:\Program Files\Java 2009-02-05 16:03:27 ----SHD---- C:\$RECYCLE.BIN 2009-02-05 16:03:16 ----RD---- C:\Users 2009-02-05 16:03:05 ----D---- C:\Windows\rescache 2009-02-05 15:42:31 ----D---- C:\Windows\AppPatch 2009-02-05 15:42:30 ----D---- C:\Windows\system32\fr-FR 2009-02-05 15:42:29 ----D---- C:\Windows\system32\migration 2009-02-05 15:42:20 ----D---- C:\Windows\system32\XPSViewer 2009-02-05 15:42:20 ----D---- C:\Windows\system32\wbem 2009-02-05 15:42:20 ----D---- C:\Windows\system32\en-US 2009-02-05 15:08:37 ----D---- C:\Windows\SoftwareDistribution 2009-02-05 15:07:29 ----D---- C:\Windows\Debug 2009-02-05 14:33:20 ----D---- C:\Program Files\Microsoft Works 2009-02-05 14:33:14 ----D---- C:\Program Files\Microsoft Office 2009-02-05 14:33:03 ----D---- C:\Windows\Fonts 2009-02-05 14:29:46 ----D---- C:\Windows\ShellNew 2009-02-05 14:23:15 ----D---- C:\ProgramData\Hewlett-Packard 2009-02-05 14:15:05 ----D---- C:\Program Files\HP 2009-02-05 13:53:29 ----D---- C:\ProgramData\Norton 2009-02-05 13:53:21 ----D---- C:\ProgramData\NortonInstaller 2009-02-04 00:21:12 ----A---- C:\Windows\system32\mrt.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-02-05 75072] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49}; \??\C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 59376] R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2008-03-27 34664] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-04-29 54784] R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-09-26 35472] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-09-26 37392] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-08-29 3664384] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-08-06 44576] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-13 7391392] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-07-22 123904] R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-09-11 389120] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-18 196784] R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] R3 vfs101x;vfs101x; C:\Windows\system32\drivers\vfs101x.sys [2008-09-16 40752] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-10-22 23040] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160] S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-10-22 507904] S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-10-22 30208] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-07-21 100184] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664] S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-10-22 149504] S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe [2008-06-27 77824] R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 DpHost;@C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2008-07-14 322624] R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208] R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2008-03-18 19456] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-13 196608] R2 Recovery Service for Windows;Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [2008-09-23 365904] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-06-30 241734] R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe [2008-09-11 237650] R2 TVCapSvc;TV Background Capture Service (TVBCS); C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-09-24 296320] R2 TVSched;TV Task Scheduler (TVTS); C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-09-24 116096] R2 vfsFPService;Validity Fingerprint Service; C:\Windows\system32\vfsFPService.exe [2008-09-16 599344] R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840] R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-01 165192] S3 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312] S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 165416] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-11-07 121360] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- info.txt logfile of random's system information tool 1.05 2009-03-03 22:09:48 ======Uninstall list====== -->"C:\Program Files\HP Games\5 Card Deluxe\Uninstall.exe" -->"C:\Program Files\HP Games\Agatha Christie - Death on the Nile\Uninstall.exe" -->"C:\Program Files\HP Games\Age of Castles\Uninstall.exe" -->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe" -->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe" -->"C:\Program Files\HP Games\Build-a-lot 2\Uninstall.exe" -->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe" -->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe" -->"C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe" -->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe" -->"C:\Program Files\HP Games\FATE\Uninstall.exe" -->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe" -->"C:\Program Files\HP Games\Gem Shop\Uninstall.exe" -->"C:\Program Files\HP Games\Granny in Paradise\Uninstall.exe" -->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe" -->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe" -->"C:\Program Files\HP Games\Mahjongg Artifacts\Uninstall.exe" -->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe" -->"C:\Program Files\HP Games\Ocean Express\Uninstall.exe" -->"C:\Program Files\HP Games\Peggle\Uninstall.exe" -->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe" -->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe" -->"C:\Program Files\HP Games\Polar Pool\Uninstall.exe" -->"C:\Program Files\HP Games\Puzzle Express\Uninstall.exe" -->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe" -->"C:\Program Files\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe" -->"C:\Program Files\HP Games\Sudoku Quest\Uninstall.exe" -->"C:\Program Files\HP Games\The Treasures of Montezuma\Uninstall.exe" -->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe" -->"C:\Program Files\HP Games\Virtual Villagers - The Secret City\Uninstall.exe" -->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe" 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001} Adobe Shockwave Player-->MsiExec.exe /X{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11} AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A} CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall DigitalPersona Personal 3.1.0-->MsiExec.exe /I{D865F5F2-3C79-4C3C-888A-485AF486E782} eoEngine 9.1-->"C:\Program Files\EoRezo\unins000.exe" ESU for Microsoft Vista-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43} Free Download Manager 2.5 build 758-->C:\Users\albert\Free Download Manager\uninst.exe Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E} Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367} HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409 HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}\setup.exe" -l0x9 -removeonly HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F} HP Help and Support-->MsiExec.exe /I{0054A0F6-00C9-4498-B821-B5C9578F433E} HP LaserJet P1000 series-->C:\Program Files\Avago-HP\{3a27b4da-8566-4779-bf37-b2ec77fafb36}\uninstall.exe SYSTEMHORNET "C:\Program Files\Avago-HP\{3a27b4da-8566-4779-bf37-b2ec77fafb36}" HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall HP MediaSmart Music/Photo/Video-->"C:\Program Files\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall HP MediaSmart Music/Photo/Video-->"C:\Program Files\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall /zMS HP MediaSmart SmartMenu-->MsiExec.exe /I{EFC5939F-470F-454E-B3DA-F51FDD83F6CE} HP MediaSmart TV-->"C:\Program Files\InstallShield Installation Information\{67626E09-5366-4480-8F1E-93FADF50CA15}\setup.exe" /z-uninstall HP MediaSmart TV-->"C:\Program Files\InstallShield Installation Information\{67626E09-5366-4480-8F1E-93FADF50CA15}\setup.exe" /z-uninstall HP MediaSmart Webcam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall HP MediaSmart Webcam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall HP Quick Launch Buttons 6.40 H2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c uninst HP Total Care Advisor-->MsiExec.exe /X{154A4184-1A3D-4BF9-A5AE-4FA1660445F3} HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F} HP User Guides 0129-->MsiExec.exe /X{149BBCB8-674F-48D2-969C-9D0EA88DA7D6} HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50} HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4} HPSSupply-->MsiExec.exe /X{7902E313-FF0F-4493-ACB1-A8147B78DCD0} HPTCSSetup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30D3B7BC-5798-45D9-822D-05CA18F39E99}\setup.exe" -l0x9 -removeonly IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x40c -remove -removeonly Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} JMicron JMB38X Flash Media Controller-->"C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" delpkg KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355} LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x040c -removeonly Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918} Microsoft Works-->MsiExec.exe /I{3B160861-7250-451E-B5EE-8B92BF30A710} Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe MrvlUsgTracking-->MsiExec.exe /I{A82D052A-0806-42DF-80CD-1730A1AC0ED3} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} muvee Reveal-->MsiExec.exe /X{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC} My HP Games-->"C:\Program Files\HP Games\Uninstall.exe" Navilog1 3.7.4-->"C:\Program Files\Navilog1\unins000.exe" Norton Internet Security-->MsiExec.exe /I{7B15D70E-9449-4CFB-B9BC-798465B2BD5C} NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI PDFCreator-->C:\Program Files\PDFCreator\unins000.exe PhotoNow!-->"C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall PhotoNow!-->"C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall ProtectSmart Hard Drive Protection-->MsiExec.exe /X{9D615069-AA8F-4E89-AE9D-77AAE90F529F} Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe" Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2} Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} SoftwareUpdate 1.0-->"C:\Users\Josiane\AppData\Roaming\eoRezo\SoftwareUpdate\unins000.exe" SPORE Creature Creator Trial Edition-->"C:\Program Files\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe" Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498} Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Validity Sensors software-->MsiExec.exe /X{567E8236-C414-4888-8211-3D61608D57AE} VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\enecir.inf_8f2fc366\enecir.inf ======Security center information====== AS: Windows Defender System event log Computer Name: PC-de-albert Event Code: 12 Message: Le périphérique 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30F4103C&REV_00\4&120488ab&0&02E4) a disparu du système sans que sa suppression ait tout d'abord été préparée. Record Number: 60858 Source Name: PlugPlayManager Time Written: 20090303210937.000000-000 Event Type: Erreur User: Computer Name: PC-de-albert Event Code: 12 Message: Le périphérique 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30F4103C&REV_00\4&120488ab&0&03E4) a disparu du système sans que sa suppression ait tout d'abord été préparée. Record Number: 60859 Source Name: PlugPlayManager Time Written: 20090303210937.000000-000 Event Type: Erreur User: Computer Name: PC-de-albert Event Code: 12 Message: Le périphérique 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30F4103C&REV_00\4&120488ab&0&04E4) a disparu du système sans que sa suppression ait tout d'abord été préparée. Record Number: 60860 Source Name: PlugPlayManager Time Written: 20090303210937.000000-000 Event Type: Erreur User: Computer Name: PC-de-albert Event Code: 10029 Message: DCOM a démarré le service upnphost avec les arguments « » de façon à exécuter le serveur : {204810B9-73B2-11D4-BF42-00B0D0118B56} Record Number: 60861 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20090303210939.000000-000 Event Type: Information User: Computer Name: PC-de-albert Event Code: 7036 Message: Le service Hôte de périphérique UPnP est entré dans l'état : en cours d'exécution. Record Number: 60862 Source Name: Service Control Manager Time Written: 20090303210939.000000-000 Event Type: Information User: Application event log Computer Name: PC-de-albert Event Code: 0 Message: Impossible de trouver une partie du chemin d'accès 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. à System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) à System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) à System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize) à System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials) à System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn) à System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext) à System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri) à HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml Record Number: 4396 Source Name: HP AdvisorUpdate Time Written: 20090303210529.000000-000 Event Type: Erreur User: Computer Name: PC-de-albert Event Code: 1 Message: Le client des services de certification a démarré correctement. Record Number: 4397 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20090303210601.452768-000 Event Type: Information User: PC-de-albert\Josiane Computer Name: PC-de-albert Event Code: 1 Message: Le client des services de certification a démarré correctement. Record Number: 4398 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20090303210605.393768-000 Event Type: Information User: AUTORITE NT\SYSTEM Computer Name: PC-de-albert Event Code: 0 Message: Le service a démarré avec succès. Record Number: 4399 Source Name: HP Health Check Service Time Written: 20090303210710.000000-000 Event Type: Information User: Computer Name: PC-de-albert Event Code: 1 Message: Le service Centre de sécurité Windows a démarré. Record Number: 4400 Source Name: SecurityCenter Time Written: 20090303210711.000000-000 Event Type: Information User: Security event log Computer Name: PC-de-albert Event Code: 5038 Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle. Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 7164 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090303210946.698768-000 Event Type: Échec de l'audit User: Computer Name: PC-de-albert Event Code: 5038 Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle. Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 7165 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090303210946.719768-000 Event Type: Échec de l'audit User: Computer Name: PC-de-albert Event Code: 5038 Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle. Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 7166 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090303210946.741768-000 Event Type: Échec de l'audit User: Computer Name: PC-de-albert Event Code: 5038 Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle. Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 7167 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090303210946.762768-000 Event Type: Échec de l'audit User: Computer Name: PC-de-albert Event Code: 5038 Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle. Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 7168 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090303210946.783768-000 Event Type: Échec de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=1706 "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "OnlineServices"=Online Services "Platform"=MCD "PCBRAND"=Pavilion -----------------EOF-----------------

Bonjour, Le navigateur est IE livré avec le PC/vista. et j'avais bien désactivé l'UAC comme indiqué dans la procédure en la démarrant bien du post 8. (je pense/j'espère ne pas m'être trompé dans l'exécution de la procédure) Par contre j'avais réutilisé "OTMoveIt3 by OldTimer" que j'avais téléchargé pour le précédent traitement. Peut-être faudrait -il que je le re télécharge à nouveau et que je recommence toute la procédure ? qu'en pensez vous ? Merci

Bonjour, Tout d'abord merci pour tout. L'opération s'est avérée efficace sur la session vista traitée jeudi soir et eorézo a disparu. Ce n'est qu'aujourdh'ui que j'ai eu l'occasion de la repeter pour l'autre session à traiter, Mais cette fois sans succes, eorezo est toujours la. j'ai répété 3 fois la procédure pour être sur de n'avoir rien oublié. Merci pour votre aide. Ci joint le fichier résultat de OTMoveIT3 et celui de MBAM ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== File/Folder C:\Program Files\EoRezo not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\windows\CurrentVersion\Run\\EoEngine not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}\\ not found. ========== COMMANDS ========== File delete failed. C:\Users\Josiane\AppData\Local\Temp\JETD670.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\Josiane\AppData\Local\Temp\MainFrame.Log.txt scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03012009_174809 Files moved on Reboot... File C:\Users\Josiane\AppData\Local\Temp\JETD670.tmp not found! C:\Users\Josiane\AppData\Local\Temp\MainFrame.Log.txt moved successfully. ===================================== ************************************************ ************************************************ Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1813 Windows 6.0.6001 Service Pack 1 01/03/2009 17:02:47 mbam-log-2009-03-01 (17-02-47).txt Type de recherche: Examen rapide Eléments examinés: 67359 Temps écoulé: 1 minute(s), 1 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Bonsoir Voici le résultat de la procédure. Sur la session admin eorezo semble avoir disparu (il a tendance à revenir après quelques instants _ on verra ). Sur l'autre session il est toujours présent à l'activation d'IE Faudra t-il repeter la procèdure dans son intégralité pour chaque session ? Merci beaucoup pour votre aide ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== C:\Program Files\EoRezo\lang moved successfully. C:\Program Files\EoRezo\EoAdv moved successfully. C:\Program Files\EoRezo moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\windows\CurrentVersion\Run\\EoEngine deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}\\ deleted successfully. ========== COMMANDS ========== File delete failed. C:\Users\albert\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot. File delete failed. C:\Users\albert\AppData\Local\Temp\JETFE0C.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\albert\AppData\Local\Temp\MainFrame.Log.txt scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. File delete failed. C:\Windows\temp\TMP00000058D69AC413C1DAB5B4 scheduled to be deleted on reboot. Windows Temp folder emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02272009_005027 Files moved on Reboot... C:\Users\albert\AppData\Local\Temp\ehmsas.txt moved successfully. File C:\Users\albert\AppData\Local\Temp\JETFE0C.tmp not found! C:\Users\albert\AppData\Local\Temp\MainFrame.Log.txt moved successfully. File C:\Windows\temp\TMP00000058D69AC413C1DAB5B4 not found!

Bonsoir, Sur la session admin, à l'activation de IE eorezo, est désormais au "choix" avec google, mais sur une autre session il est toujours la, dès qu'on invoque IE. Ci dessous le dernier fichier résulat hijackthis Merci pour toute cette aide Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:33:28, on 26/02/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe C:\Program Files\DigitalPersona\Bin\DpAgent.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\HP\HP UT\bin\hppusg.exe C:\Program Files\EoRezo\EoEngine.exe C:\Windows\ehome\ehtray.exe C:\Users\albert\Free Download Manager\fdm.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\conime.exe C:\Users\albert\AppData\Local\Temp\Temp2_GetAttachment.zip\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Users\albert\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe" O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe" O4 - HKLM\..\RunOnce: [softwareHelper] C:\Users\Josiane\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Free Download Manager] "C:\Users\albert\Free Download Manager\fdm.exe" -autorun O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Users\albert\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Users\albert\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Users\albert\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Users\albert\Free Download Manager\dlfvideo.htm O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe -- End of file - 11466 bytes

Bonsoir, voici le rapport d'analyse et merci beaucoup pout tout : Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1807 Windows 6.0.6001 Service Pack 1 26/02/2009 22:20:23 mbam-log-2009-02-26 (22-20-23).txt Type de recherche: Examen rapide Eléments examinés: 66544 Temps écoulé: 2 minute(s), 30 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.

aie, falkra, j'ai re-attrapé une cochonerie : un instant d'égarement et "on" a cliqué sur un lien EoRezo et maintenant : page d'accueil de IE détournée !!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:23:05, on 25/02/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\DigitalPersona\Bin\DpAgent.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\HP\HP UT\bin\hppusg.exe C:\Program Files\EoRezo\EoEngine.exe C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Windows\ehome\ehtray.exe C:\Users\albert\Free Download Manager\fdm.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\explorer.exe C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe C:\Users\albert\AppData\Local\Temp\Temp1_GetAttachment.zip\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Users\albert\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe" O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe" O4 - HKLM\..\RunOnce: [softwareHelper] C:\Users\Josiane\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Free Download Manager] "C:\Users\albert\Free Download Manager\fdm.exe" -autorun O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Users\albert\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Users\albert\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Users\albert\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Users\albert\Free Download Manager\dlfvideo.htm O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe -- End of file - 11448 bytes Que puis-je faire ??? merci !!!!!

Bonsoir Falkra et voici le rapport après désinfection : Clean Navipromo version 3.7.4 commencé le 22/02/2009 à 20:21:41,20 Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 16.02.2009 à 18h00 par IL-MAFIOSO Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU P8600 @ 2.40GHz ) BIOS : Default System BIOS USER : albert ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:221 Go (Free:177 Go) D:\ (Local Disk) - NTFS - Total:232 Go (Free:232 Go) E:\ (Local Disk) - NTFS - Total:11 Go (Free:1 Go) F:\ (CD or DVD) - UDF - Total:4 Go (Free:4 Go) G:\ (USB) - FAT32 - Total:15272 Mo (Free:14 Go) Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\Windows\System32" * * Suppression dans "C:\Users\albert\AppData\Local\Microsoft" * * Suppression dans "C:\Users\albert\AppData\Local\virtualstore\windows\system32" * * Suppression dans "C:\Users\albert\AppData\Local" * * Suppression dans "C:\Users\Josiane\AppData\Local" * * Suppression dans "C:\Users\Rachel\AppData\Local" * *** Suppression dossiers dans "C:\Windows" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" *** *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" *** *** Suppression dossiers dans "C:\ProgramData" *** *** Suppression dossiers dans *** *** Suppression dossiers dans "C:\Users\Josiane\" *** *** Suppression dossiers dans "C:\Users\Rachel\" *** *** Suppression dossiers dans "C:\Users\albert\AppData\Local\virtualstore\Program Files" *** *** Suppression dossiers dans "C:\Users\Josiane\AppData\Local\virtualstore\Program Files" *** *** Suppression dossiers dans "C:\Users\Rachel\AppData\Local\virtualstore\Program Files" *** *** Suppression dossiers dans "C:\Users\albert\AppData\Local" *** *** Suppression dossiers dans "C:\Users\Josiane\AppData\Local" *** *** Suppression dossiers dans "C:\Users\Rachel\AppData\Local" *** *** Suppression dossiers dans "C:\Users\albert\AppData\Roaming" *** *** Suppression dossiers dans "C:\Users\Josiane\" *** *** Suppression dossiers dans "C:\Users\Rachel\" *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\Windows\Temp effectué ! Nettoyage contenu C:\Users\albert\AppData\Local\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\Windows\system32" * dyoecq.dat trouvé ! Copie dyoecq.dat réalisée avec succès ! dyoecq.dat supprimé ! dyoecq_navps.dat trouvé ! Copie dyoecq_navps.dat réalisée avec succès ! dyoecq_navps.dat supprimé ! dyoecq.bat trouvé ! Copie dyoecq.bat réalisée avec succès ! dyoecq.bat supprimé ! * Dans "C:\Users\albert\AppData\Local\Microsoft" * * Dans "C:\Users\albert\AppData\Local\virtualstore\windows\system32" * dyoecq.dat trouvé ! Copie dyoecq.dat réalisée avec succès ! dyoecq.dat supprimé ! dyoecq_navps.dat trouvé ! Copie dyoecq_navps.dat réalisée avec succès ! dyoecq_navps.dat supprimé ! * Dans "C:\Users\albert\AppData\Local" * * Dans "C:\Users\Josiane\AppData\Local" * * Dans "C:\Users\Rachel\AppData\Local" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltdt absent ! *** Recherche autres dossiers et fichiers connus *** *** Nettoyage terminé le 22/02/2009 à 20:28:25,18 *** Bonne soirée.

bonjour Falkra En ce qui concerne le site de meteo, finalement c'est peu probable que ce soit l'origine de l'infection car c'est le site ... de meteo france ! http://france.meteofrance.com/ voici le résultat de navilog Search Navipromo version 3.7.4 commencé le 22/02/2009 à 12:28:35,80 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 16.02.2009 à 18h00 par IL-MAFIOSO Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU P8600 @ 2.40GHz ) BIOS : Default System BIOS USER : albert ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:221 Go (Free:177 Go) D:\ (Local Disk) - NTFS - Total:232 Go (Free:232 Go) E:\ (Local Disk) - NTFS - Total:11 Go (Free:1 Go) F:\ (CD or DVD) - UDF - Total:4 Go (Free:4 Go) G:\ (USB) - FAT32 - Total:15272 Mo (Free:14 Go) Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\Windows" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" *** *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" *** *** Recherche dossiers dans "C:\ProgramData" *** *** Recherche dossiers dans "" *** *** Recherche dossiers dans "C:\Users\albert\AppData\Local\virtualstore\Program Files" *** *** Recherche dossiers dans "C:\Users\Josiane\AppData\Local\virtualstore\Program Files" *** *** Recherche dossiers dans "C:\Users\Rachel\AppData\Local\virtualstore\Program Files" *** *** Recherche dossiers dans "C:\Users\albert\AppData\Local" *** *** Recherche dossiers dans "C:\Users\Josiane\AppData\Local" *** *** Recherche dossiers dans "C:\Users\Rachel\AppData\Local" *** *** Recherche dossiers dans "C:\Users\albert\AppData\Roaming" *** *** Recherche dossiers dans "C:\Users\Josiane\" *** *** Recherche dossiers dans "C:\Users\Rachel\" *** *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\Windows\system32" * * Recherche dans "C:\Users\albert\AppData\Local\Microsoft" * * Recherche dans "C:\Users\albert\AppData\Local\virtualstore\windows\system32" * * Recherche dans "C:\Users\albert\AppData\Local" * * Recherche dans "C:\Users\Josiane\AppData\Local" * * Recherche dans "C:\Users\Rachel\AppData\Local" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** !! Les clés trouvées ne sont pas forcément infectées !! [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dyoecq"="\"c:\\windows\\system32\\dyoecq.exe\" dyoecq" *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\Windows\system32" : dyoecq.dat trouvé ! dyoecq_navps.dat trouvé ! dyoecq.bat trouvé ! * Dans "C:\Users\albert\AppData\Local\Microsoft" : * Dans "C:\Users\albert\AppData\Local\virtualstore\windows\system32" : dyoecq.dat trouvé ! dyoecq_navps.dat trouvé ! * Dans "C:\Users\albert\AppData\Local" : * Dans "C:\Users\Josiane\AppData\Local" : * Dans "C:\Users\Rachel\AppData\Local" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche autres dossiers et fichiers connus : *** Analyse terminée le 22/02/2009 à 12:29:20,18 *** j'ai à peine surfé depuis l'achat du PC; j'ai juste installé qq logiciels (irfan, etc..) mais rien de bien méchant ! D'où peut bien sortir cette infection ??? MERCI ET BONNE JOURNEE !