Aller au contenu

desdemona

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    117

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par desdemona

  1. desdemona
    Hélas oui toujours là!!! Voilà le résultat OTmoveIt ========== PROCESSES ========== Process explorer.exe killed successfully. Unable to kill process: C:\WINDOWS\system32\cont_adzgalore-remove.exe ========== SERVICES/DRIVERS ========== ========== FILES ========== File/Folder C:\WINDOWS\system32\drivers\a8p526sc.sys not found. DllUnregisterServer procedure not found in C:\Program Files\Mozilla Firefox\components\nsadzgalore.dll C:\Program Files\Mozilla Firefox\components\nsadzgalore.dll NOT unregistered. C:\Program Files\Mozilla Firefox\components\nsadzgalore.dll moved successfully. C:\WINDOWS\system32\cont_adzgalore-remove.exe moved successfully. C:\Program Files\Messenger Plus! Live\Scripts\BlockPrank\BlockPrank.js moved successfully. ========== REGISTRY ========== Registry value HKEY_USERS\S-1-5-21-427403600-254994093-1133982494-1007\Software\Microsoft\Internet Explorer\SearchScopes\\{7CF2267D-3C44-45BE-A5AA-93307CBC05A19} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7CF2267D-3C44-45BE-A5AA-93307CBC05A19}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\cont_adzgalore\\ deleted successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\etilqs_dzfUmxaSSHK0jePqQfUN scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\~DF95A7.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\~DF960C.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9s85brb.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12092008_142626 Files moved on Reboot... File C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\etilqs_dzfUmxaSSHK0jePqQfUN not found! File C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\~DF95A7.tmp not found! File C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\~DF960C.tmp not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9s85brb.default\XUL.mfl moved successfully.
  2. desdemona
    Alors avec l'assistant de recherche des dossiers-fichiers..etc de windows en cochant les options avanées de tous les dossiers meme les cachés j'ai trouvé : cont_adzgalore-remove.exe C:\WINDOWS\system32 53 Ko Application nsadzgalore.dll C:\Program Files\Mozilla Firefox\components 625 Ko Extension de l'application Et avec le logiciel Vilma j'ai trouvé : Nom 000 HKEY-USERS\S-1-5-21-427403600-254994093-1133982494-1007\Software\Microsoft\Search Assistant\ACMru\5603 000 HKEY-USERS\S-1-5-21-427403600-254994093-1133982494-1007\Software\Microsoft\Search Assistant\ACMru\5604 find0 HKEY-USERS\S-1-5-21-427403600-254994093-1133982494-1007\Software\Vilma\RegExp\Search cont_adzgalore HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\cont_adzgalore DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_adzgalore UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_adzgalore cont_adzgalore HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_adzgalore Est ce que c'est bien ça qu'il fallait que je fasse pour trouver les dossiers dans C??
  3. desdemona
    bonjour, Je viens de faire la manip avec reg.bat mais pas moyen le rapport qui s'ouvre et toujours vide.. j'ai essayé avec le nom complet mais aussi sans le numéro de la fin. Je vous le copie ci dessous Display name HKEY_USERS\S-1-5-21-427403600-254994093-1133982494-1007\Software\Microsoft\Internet Explorer\SearchScopes\{7CF2267D-3C44-45BE-A5AA-93307CBC05A19} Et ci dessous les infos contenu dans la partie droite de l'écran Registry Explorer Nom Propriétaire Valeur Par défaut Valeur non déterminée Display name Marie Christine Duny Yoog Search Url Marie Christine Duny http://www3.yoog.com/search.php?q={searchTerms} Je vais faire votre dernier post... parce que pour l'instant la manip avec Combofix me fait un peu peur et me parait trés trés compliqué. Mais si vraiment nécessaire je m'y mettrais à un moment où j'aurais un peu plus de temps! Merci
  4. desdemona
    Bonsoir, Je viens de voir vos post.. il est trop tard pour la manip combofix je verrais un autre jour. Par contre j'ai effectivement trouvé des clefs qui correspondent grace à l'outil Vilma. Par contre comment je fais pour coller ce résultat en post. Le clic copier coller ne fonctionne pas dans le programme et je suis pas une pro! Ou sinon que dois je vous copier juste la clef ou toutes les infos qui me sont données (display name, URL..) Apparemment c'est une clef de Software\Microsoft\InternetExplorer\SearchScopes et je trouve Yoog Search comme valeur. Pour la trouver j'ai du passer par les avancées du programme sinon ça n'apparaissait pas. Bonne nuit
  5. desdemona
    J'ai désinstallé FF et supprimé le profil. J'ai réinstallé et ... Yoog search est toujours là! Pour ce qui est des modules d I.E.. il y en a beaucoup.. pas moyen de les sortir avec un script comme pour F.F ? Parce que tout copié à la main me parait fastidieux! Que dois je faire d'autre maintenant?
  6. desdemona
    Le rapport OtMoveIt3 ========== PROCESSES ========== Process explorer.exe killed successfully. Error: Unable to interpret <:Files.> in the current context! Error: Unable to interpret <C:\Program Files\Messenger Plus! Live\Scripts\BlockPrank\BlockPrank.js> in the current context! ========== COMMANDS ========== File delete failed. C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\etilqs_GgrvuiSTMohwO4eYs6pL scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12082008_143738 Files moved on Reboot... File C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\etilqs_GgrvuiSTMohwO4eYs6pL not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\XUL.mfl moved successfully. Heu..Nouvelle valeur ou modifier? Modifier j'ai fait ça la change mais n'enleve pas Yoog search et quand je ferme Modzilla et le reouvre là chaine est redevenu Yoo Search. si nouvelle valeur boléenne ou numérique? aprés ça redemande une valeur de chaine??!!
  7. desdemona
    LE scan avec superantispyware ne m'ayant pas ouvert de rapport je copie la liste via le journal de bord! Apparemment tout a été mis en quarantaine. Dois je les supprimer de la quarantaine maintenant? Yoog search est toujours présent! En attendant votre réponse je continue suivant vos instructions du dernier post! SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/08/2008 at 02:10 PM Application Version : 4.22.1014 Core Rules Database Version : 3666 Trace Rules Database Version: 1645 Scan type : Complete Scan Total Scan Time : 00:46:30 Memory items scanned : 448 Memory threats detected : 0 Registry items scanned : 6751 Registry threats detected : 7 File items scanned : 26147 File threats detected : 3 Trojan.TrafficNinjaBiz HKU\S-1-5-21-427403600-254994093-1133982494-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{266A3562-AB67-480E-9F09-D54604FD817B} Adware.Vundo Variant HKU\S-1-5-21-427403600-254994093-1133982494-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1079574-5D98-4990-9ECB-36AE259CB2C8} Adware.Tracking Cookie C:\Documents and Settings\Marie Christine Duny\Cookies\marie_christine_duny@aolfr.122.2o7[1].txt C:\Documents and Settings\Marie Christine Duny\Cookies\marie_christine_duny@adserver.aol[1].txt Rogue.Component/Trace HKLM\Software\Microsoft\78D64B61 HKLM\Software\Microsoft\78D64B61#78d64b61 HKLM\Software\Microsoft\78D64B61#Version HKLM\Software\Microsoft\78D64B61#red_srv HKLM\Software\Microsoft\78D64B61#red_srv_bckp Trojan.Unknown Origin C:\WINDOWS\SYSTEM32\NWCSMADEDOJMZNJBW.DLL-UNINST.EXE
  8. desdemona
    La copie de tous les browser dans About:config et effectivement il y a une ligne qui correspond à votre description. browser.search.defaultenginename;Google browser.search.defaulturl;http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q='>http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= browser.search.defaulturl;http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= browser.search.distributionID;com.google browser.search.log;false browser.search.openintab;false browser.search.order.1;Google browser.search.order.2;Yahoo browser.search.order.extra.google;Google browser.search.param.yahoo-f-CN;D3_g browser.search.param.yahoo-fr;moz2 browser.search.param.yahoo-fr-cjkt;moz2 browser.search.searchEnginesURL;https://%LOCALE%.add-ons.mozilla.com/%LOCALE%/firefox/%VERSION%/search-engines/ browser.search.selectedEngine;Yoog Search browser.search.suggest.enabled;true browser.search.update;true browser.search.update.log;false browser.search.updateinterval;6 browser.search.useDBForOrder;true
  9. desdemona
    REbonjour Bon voilà le résultat du scan Kapersky : -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, December 8, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, December 08, 2008 04:06:46 Records in database: 1443363 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics: Files scanned: 69423 Threat name: 2 Infected objects: 2 Suspicious objects: 0 Duration of the scan: 01:10:32 File name / Threat name / Threats count C:\Documents and Settings\Marie Christine Duny\Bureau\OTMoveIt3.exe Infected: Backdoor.Win32.SubSeven.asu 1 C:\Program Files\Messenger Plus! Live\Scripts\BlockPrank\BlockPrank.js Infected: Backdoor.JS.Agent.a 1 The selected area was scanned. Ensuite les pluggins Firefox : ----- Listing des modules complémentaires et des moteurs de recherche dans Firefox ----- Dossier utilisateur : Modules complémentaire trouvés : ---------------------------------- Dossier des plugin de recherche : C:\Program Files\mozilla firefox\searchplugins\ Plugin de recherche trouvé : Formulaire de recherche configuré dans le plugin : ---------- C:\PROGRAM FILES\MOZILLA FIREFOX\SEARCHPLUGINS\AMAZON-FRANCE.XML <SearchForm>http://www.amazon.fr/</SearchForm> ---------- C:\PROGRAM FILES\MOZILLA FIREFOX\SEARCHPLUGINS\EBAY-FRANCE.XML <SearchForm>http://search.ebay.fr/</SearchForm> ---------- C:\PROGRAM FILES\MOZILLA FIREFOX\SEARCHPLUGINS\GOOGLE.XML <SearchForm>http://www.google.com/firefox</SearchForm> ---------- C:\PROGRAM FILES\MOZILLA FIREFOX\SEARCHPLUGINS\MEDIADICO-FR.XML <SearchForm>http://www.dictionnaire-mediadico.com/dictionnaires.asp</SearchForm> ---------- C:\PROGRAM FILES\MOZILLA FIREFOX\SEARCHPLUGINS\WIKIPEDIA-FR.XML <SearchForm>http://fr.wikipedia.org/wiki/Special:Recherche</SearchForm> ---------- C:\PROGRAM FILES\MOZILLA FIREFOX\SEARCHPLUGINS\YAHOO-FRANCE.XML <SearchForm>http://fr.search.yahoo.com/</SearchForm> Je vais faire le reste et je post aprés! Pour les pluggins d'internet explorer la question est la meme, et sinon où les trouver?
  10. desdemona
    Bonjour Pear! D'accord je vous remercie je vais me faire plus patiente! Et merci aussi à toutes les personnes qui s'attellent au problème. Bon je vais m'y mettre mais avant deux petites questions : - y a t il un moyen de sortir une liste des pluggins pour la copier directement ou suis je obligée de tous les taper à la main!! (un peu fainéante moi peut être?!) - Heu? je le trouve où ce About : config??
  11. desdemona
    Rhaaaaaaaa!!! Toujours rien!! Le résultat "look.text" est vide! Un rapport s'ouvre mais il n'y a rien d'écrit dedans! Et pour la deuxiéme manip ça donne rien! ça efface bien le moteur et quand on restaure les pâramétres il n'y est plus mais dés que je ferme firefox et que je le remets en route.. il revient !!! J'ai peut être mal fait la manip? Dois je reessayer?
  12. desdemona
    Houps... pardon j'ai fait une fausse manip.. en fait quand l'ordi à redémarrer il m'a demandé de confirmer l'ouverture d'un fichier et moi j'ai fait "annulé" donc.. il n'a pas pris les infos de suppression aprés démarrage. J'ai donc remis en route OTMoveIt et là il m'a recréer de suuite un nouveau log.. Le voici: ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== Unable to stop service Bonjour Service . ========== FILES ========== C:\WINDOWS\system32\cjvsytqi.ini moved successfully. C:\WINDOWS\system32\mxjdfrxy.ini moved successfully. C:\WINDOWS\system32\vpoorqxp.ini moved successfully. C:\Program Files\Bonjour\mDNSResponder.exe moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\(32099AAC-C132-4136-9E9A-4E364A424E17) not found. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\etilqs_WopUrESoQnrbOUP7T2CZ scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12052008_162648 Files moved on Reboot... File C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\etilqs_WopUrESoQnrbOUP7T2CZ not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_001_ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_002_ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_003_ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_MAP_ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\urlclassifier3.sqlite scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\XUL.mfl scheduled to be moved on reboot.
  13. desdemona
    Voilà c'est fait je post le log OTMoveIt (heu pour info.. le moteur Yoog Search est toujours présent!) ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== Unable to stop service Bonjour Service . ========== FILES ========== C:\WINDOWS\system32\cjvsytqi.ini moved successfully. C:\WINDOWS\system32\mxjdfrxy.ini moved successfully. C:\WINDOWS\system32\vpoorqxp.ini moved successfully. C:\Program Files\Bonjour\mDNSResponder.exe moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\(32099AAC-C132-4136-9E9A-4E364A424E17) not found. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp\etilqs_WopUrESoQnrbOUP7T2CZ scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Marie Christine Duny\Local Settings\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12052008_162648
  14. desdemona
    C'est parti!! Heu.. j'ai fait les deux premieres manip en mode sans échec. Le passage en mode normal n'étant pas précisé pour la partie suppression! J'espère ne pas mettre trompée! Voici donc les deux rapport : -----------\\ ToolBar S&D 1.2.6 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 2.80GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : Marie Christine Duny ( Administrator ) BOOT : Fail-safe boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated) C:\ (Local Disk) - NTFS - Total:146 Go (Free:69 Go) D:\ (CD or DVD) E:\ (CD or DVD) F:\ (USB) G:\ (USB) H:\ (USB) I:\ (USB) "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 ) Option : [1] ( 2008-12-05|16:11 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\WINDOWS\system32\ninjaext-uninstall.exe -----------\\ Extensions (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (Invité) - {6C4BAFB6-2AC2-4405-A98D-546B55B3AE92} => nautipolis (Marie Christine Duny) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\pchealth\\helpctr\\System\\panels\\blank.htm" "Start Page"="http://home.neuf.fr/"'>http://home.neuf.fr/" "Search Page"="http://recherche.neuf.fr/"'>http://recherche.neuf.fr/"'>http://recherche.neuf.fr/"'>http://recherche.neuf.fr/" "Search Bar"="http://recherche.neuf.fr/ie/default.html"'>http://recherche.neuf.fr/ie/default.html" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://recherche.neuf.fr/" "Search Page"="http://www.google.com"'>http://www.google.com" "Start Page"="http://www.live.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 2008-12-05|16:08 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 2008-12-05|16:11 - Option : [1] -----------\\ Fin du rapport a 16:11:58.12 -----------\\ ToolBar S&D 1.2.6 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 2.80GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : Marie Christine Duny ( Administrator ) BOOT : Fail-safe boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated) C:\ (Local Disk) - NTFS - Total:146 Go (Free:69 Go) D:\ (CD or DVD) E:\ (CD or DVD) F:\ (USB) G:\ (USB) H:\ (USB) I:\ (USB) "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 ) Option : [2] ( 2008-12-05|16:13 ) -----------\\ SUPPRESSION Supprime! - C:\WINDOWS\system32\ninjaext-uninstall.exe -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (Invité) - {6C4BAFB6-2AC2-4405-A98D-546B55B3AE92} => nautipolis (Marie Christine Duny) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\pchealth\\helpctr\\System\\panels\\blank.htm" "Start Page"="http://home.neuf.fr/" "Search Page"="http://recherche.neuf.fr/" "Search Bar"="http://recherche.neuf.fr/ie/default.html" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://recherche.neuf.fr/" "Search Page"="http://www.google.com" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 2008-12-05|16:08 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 2008-12-05|16:11 - Option : [1] 3 - "C:\ToolBar SD\TB_3.txt" - 2008-12-05|16:13 - Option : [2] -----------\\ Fin du rapport a 16:13:59.98 Voilà je post déja ça et je fais la dernière manip.. Ha au fait pour ce qui est de cocher la ligne 23 dans hijack this j'ai pas pu, vu que j'avais déja enlevé le service en suivant les conseils de Winx! Donc plus de ligne 23 service bonjour! Bon je continue.. A plus tard!
  15. desdemona
    Voici le log.text Logfile of random's system information tool 1.04 (written by random/random) Run by Marie Christine Duny at 2008-12-05 11:38:09 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 71 GB (48%) free of 150 GB Total RAM: 958 MB (57% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:38, on 2008-12-05 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Marie Christine Duny\Bureau\RSIT.exe C:\Documents and Settings\Marie Christine Duny\Bureau\Marie Christine Duny.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.bitdefender.fr O15 - Trusted Zone: http://webscanner.kaspersky.fr O15 - Trusted Zone: http://forum.zebulon.fr O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/World%20Mosaics/Images/stg_drm.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179576006578 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://desdemona07.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} - http://securite.neuf.fr/Ols/fscax.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/World%20Mosaics/Images/armhelper.ocx O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe -- End of file - 9753 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\User_Feed_Synchronization-{6BD73113-753B-4132-8A0D-168786F76F6C}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-18 652784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {32099AAC-C132-4136-9E9A-4E364A424E17} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-11-11 90112] "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992] "LVCOMSX"=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe [2007-02-06 252704] "MULTIMEDIA KEYBOARD"=C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe [2002-06-19 180224] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-08-24 266497] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 360448] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE" "C:\Program Files\Infogrames\Tactical Ops\System\TacticalOps.exe"="C:\Program Files\Infogrames\Tactical Ops\System\TacticalOps.exe:*:Enabled:TacticalOps" "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime" "C:\Program Files\Maxis\SimCity 3000 World Edition\Apps\Updater\UPDATER.EXE"="C:\Program Files\Maxis\SimCity 3000 World Edition\Apps\Updater\UPDATER.EXE:*:Enabled:SC3UpdaterMFC" "C:\Program Files\Ratajik Software\StationRipper\StationRipperConsole.exe"="C:\Program Files\Ratajik Software\StationRipper\StationRipperConsole.exe:*:Enabled:StationRipperConsole" "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus" "C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1738568061F344A1A4CB20704FFEDA01\MessengerForSkype.exe"="C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1738568061F344A1A4CB20704FFEDA01\MessengerForSkype.exe:*:Enabled:Messenger for Skype" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Neoact\Carom3D\carom.exe"="C:\Program Files\Neoact\Carom3D\carom.exe:*:Enabled:Carom" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======File associations====== .reg - open - regedit.exe "%1" %* ======List of files/folders created in the last 1 months====== 2009-07-22 22:46:58 ----SH---- C:\WINDOWS\system32\cjvsytqi.ini 2009-07-22 21:36:45 ----SH---- C:\WINDOWS\system32\mxjdfrxy.ini 2008-12-05 11:38:09 ----D---- C:\rsit 2008-12-04 10:14:43 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-24 20:25:36 ----D---- C:\Documents and Settings\All Users\Application Data\Google 2008-11-15 14:18:59 ----D---- C:\Documents and Settings\Marie Christine Duny\Application Data\uTorrent 2008-11-11 20:08:56 ----D---- C:\Program Files\uTorrent 2008-11-10 21:20:41 ----D---- C:\Program Files\PokerStars ======List of files/folders modified in the last 1 months====== 2009-07-22 21:34:30 ----SH---- C:\WINDOWS\system32\vpoorqxp.ini 2008-12-05 11:37:56 ----D---- C:\WINDOWS\Prefetch 2008-12-05 11:36:17 ----D---- C:\Program Files\Mozilla Firefox 2008-12-05 10:58:37 ----A---- C:\WINDOWS\Msiosd.ini 2008-12-05 10:58:26 ----D---- C:\WINDOWS\Temp 2008-12-05 10:51:01 ----AD---- C:\WINDOWS 2008-12-04 18:15:49 ----D---- C:\WINDOWS\system32\CatRoot2 2008-12-04 02:04:31 ----A---- C:\WINDOWS\lexstat.ini 2008-12-03 20:16:41 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-12-03 14:48:54 ----D---- C:\WINDOWS\system32 2008-12-02 19:26:26 ----A---- C:\WINDOWS\system32\cont_adzgalore-remove.exe 2008-12-01 19:12:29 ----D---- C:\Documents and Settings\Marie Christine Duny\Application Data\Filmotech_prefs 2008-12-01 17:43:04 ----A---- C:\WINDOWS\NeroDigital.ini 2008-11-30 20:53:39 ----D---- C:\temp 2008-11-30 18:41:55 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-11-29 16:26:17 ----D---- C:\Program Files\Lexmark X1100 Series 2008-11-25 17:41:21 ----AD---- C:\Program Files 2008-11-25 17:41:20 ----D---- C:\WINDOWS\system32\drivers 2008-11-22 03:14:04 ----RDC---- C:\WINDOWS\system32\dllcache 2008-11-21 16:24:28 ----HD---- C:\WINDOWS\inf 2008-11-21 16:24:28 ----D---- C:\WINDOWS\Help 2008-11-17 18:57:56 ----A---- C:\WINDOWS\system32\nwcsmadedojmznjbw.dll-uninst.exe 2008-11-17 12:24:36 ----D---- C:\Program Files\LimeWire 2008-11-15 20:34:34 ----D---- C:\Program Files\DivX 2008-11-14 09:28:29 ----D---- C:\Program Files\Fichiers communs 2008-11-13 18:36:34 ----D---- C:\Documents and Settings\Marie Christine Duny\Application Data\OpenOffice.org2 2008-11-13 00:54:50 ----D---- C:\WINDOWS\Debug 2008-11-12 21:23:08 ----D---- C:\Program Files\Windows Live Safety Center 2008-11-12 12:28:39 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-12 12:27:56 ----SHD---- C:\WINDOWS\Installer 2008-11-12 12:27:56 ----SHD---- C:\Config.Msi 2008-11-12 12:27:55 ----D---- C:\WINDOWS\WinSxS 2008-11-12 01:16:57 ----D---- C:\Program Files\CyberLink 2008-11-12 01:16:56 ----HD---- C:\Program Files\InstallShield Installation Information ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys [] R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-25 75072] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 msikbd2k;Multimedia Keyboard Filter Driver; C:\WINDOWS\System32\DRIVERS\msikbd2k.sys [2001-12-20 6656] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS [] R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys [] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-11-22 3804416] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2007-02-06 25632] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2007-02-03 490784] R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2004-01-01 69504] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-06-02 227712] S3 a016bus;Sony Ericsson Device A016 driver (WDM); C:\WINDOWS\system32\DRIVERS\a016bus.sys [2008-01-18 83880] S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter; C:\WINDOWS\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016] S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\a016mdm.sys [2008-01-18 110504] S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488] S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\a016obex.sys [2008-01-18 100648] S3 a8p526sc;a8p526sc; C:\WINDOWS\system32\drivers\a8p526sc.sys [] S3 catchme;catchme; C:\WINDOWS\system32\drivers\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-18 66591] S3 GMSIPCI;GMSIPCI; C:\WINDOWS\system32\drivers\GMSIPCI.sys [] S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-09-29 1036928] S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-09-29 219136] S3 Lvckap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064] S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-18 16128] S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680] S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944] S3 MSICPL;MSICPL; C:\WINDOWS\system32\drivers\MSICPL.sys [] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NTACCESS;NTACCESS; C:\WINDOWS\system32\drivers\NTACCESS.sys [] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbser;Motorola A1000 USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112] S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2007-08-08 22768] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-09-29 702592] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2004-08-11 18944] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865] R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040] R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880] R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2007-01-21 54784] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-18 168432] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-18 303104] R2 LVPrcSrv;Logitech Process Monitor; c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344] R2 nhksrv;Netropa NHK Server; C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-09-01 532264] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040] S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe [2007-10-09 72704] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- Et info.text info.txt logfile of random's system information tool 1.04 2008-12-05 11:38:24 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001} Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} CamStudio 2.0 Fr-->"C:\Program Files\CamStudio\unins000.exe" Carom3D-->C:\WINDOWS\NeoUninstall.exe "C:\Program Files\Neoact\Carom3D\Uninstall.ini" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Contextual Tool Adzgalore-->C:\WINDOWS\system32\cont_adzgalore-remove.exe Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Dream Chronicles-->"C:\Program Files\Dream Chronicles\Uninstall.exe" DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe" DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe" EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu" Fairies (gratuit) (remove only)-->"C:\Program Files\Fairies\Uninstall.exe" Filmotech v2.35-->"C:\Program Files\Filmotech\unins000.exe" HijackThis 2.0.2-->"C:\Documents and Settings\Marie Christine Duny\Bureau\HijackThis.exe" /uninstall iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Lexmark X1100 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870} Logitech QuickCam-->MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C} Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2} Macromedia Flash Player 8-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MaxiCompte-->"C:\Program Files\MaxiCompte\unins000.exe" Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MS Access 97 SP2-->C:\Program Files\Microsoft Office\setup\setup.exe MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Nero 7-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301036} Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe OpenOffice.org 2.0-->MsiExec.exe /I{E2055AB2-D1C7-4147-A384-2B4B1C04282B} Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" PCI SoftV92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1\HXFSETUP.EXE -U -IPSCRCTR5K.INF Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe" PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} Rainbow Web II-->"C:\Program Files\Rainbow Web II\Uninstall.exe" Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x40c -removeonly Registry First Aid-->"C:\Program Files\RFA\unins000.exe" RON Tool Cpmsky-->C:\WINDOWS\system32\eirbtvlmdghfzu.exe SafeCast Shared Components-->C:\Program Files\Fichiers communs\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall Search Assistant Mysidesearch-->C:\WINDOWS\system32\nwcsmadedojmznjbw.dll-uninst.exe Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Smart Office Keyboard-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0208A7E3-0D30-11D4-A1FC-00508B9D1BA2}\Setup.exe" -l0x40c Sony Ericsson PC Suite 3.209.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x040c -removeonly Tactical Ops-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Infogrames\Tactical Ops\Uninst.isu" -c"C:\Program Files\Infogrames\Tactical Ops\Uninst.dll" TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" Text Express 2 Deluxe-->"C:\Program Files\Zylom Games\Text Express 2 Deluxe\GameInstlr.exe" --uninstall UnInstall.log The legend of El Dorado Deluxe-->"C:\Program Files\Zylom Games\The legend of El Dorado Deluxe\GameInstlr.exe" --uninstall UnInstall.log VIA Gestionnaire de périphériques de plate-forme-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live Sign-in Assistant-->MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D} Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494} Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" ======Security center information====== AV: Avira AntiVir PersonalEdition ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 2, GenuineIntel "PROCESSOR_REVISION"=0602 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip -----------------EOF-----------------
  16. desdemona
    Ok merci à tous.. J'ai fait tout ça mais pour le moteur de recherche ça n'a rien changé par contre ça m'a changé ma page de démarrage qui n'était pas une page d'info mais juste la page avec la barre google! Peut etre me suis je mal expliquée.. la page de démarrage quand j'ouvrais firefox était bonne mais c'est dans la petite barre en haut à droite que le nom "Yoog search" apparait et il fait parti de la liste déroulante des moteurs de recherche et réapparait aprés chaque suppression lorsque je relance firefox. De plus je viens aussi de le trouver dans mon internet explorer et là il se met carrément en moteur de recherche par défaut (mais toujours dans la petite barre en haut et pas en page de démarrage). La aussi je le supprime et il revient quand je relance internet explorer. Pour ceci merci, c'est fait!
  17. desdemona
    Désolée mais comme dit dans mon post.. je le supprime et il revient au redémarrage de firefox!! Il se met tout seul à la place du moteur google!!
  18. desdemona
    Bonjour, bonjour le forum zébulon et tous les utilisateurs! Un petit probléme a vous soumettre.. J'utilise firefox et depuis hier quand j'ouvre le programme il passe la petite barre de recherche en haut à droite sur un moteur de recherche que je ne connais pas, que je n'ai pas téléchargé, dont je ne trouve aucune trace sur internet. Pas d'icone associé à cette bestiole et quand je fais "gérer les moteurs de recherche " et que je le supprime par là.. bin ... il réapparait au redemarrage de firefox!! Donc récalcitrant ce qui me fait penser à une saleté! J'ai nettoyé un peu avec atf cleaner, Ccleaner, puis AVG antispyware (quelques traces de cookies de suivis mais rien de graveet ils se sont supprimés sans problème). MAis ce moteur de recherche est toujours présent! Donc je post un log Hijack et si par la meme occasion vous pouviez me dire s'il y a des lignes que je peux fixer pour que mon PC démarre un peu plus vite (genre des programmes qu'il ne serait pas nécessaire de mettre en route à chaque démarrage) ça m'aiderait aussi. D'avance Merci! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:43, on 2008-12-04 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\Marie Christine Duny\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.bitdefender.fr O15 - Trusted Zone: http://webscanner.kaspersky.fr O15 - Trusted Zone: http://forum.zebulon.fr O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/World%20Mosaics/Images/stg_drm.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179576006578 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://desdemona07.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} - http://securite.neuf.fr/Ols/fscax.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/World%20Mosaics/Images/armhelper.ocx O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe -- End of file - 9785 bytes Ha oui! Et c'est quoi ce programme "Bonjour" ? ça sert à quoi et en ais je bien l'utilité??
  19. desdemona
    Bonjour!! :P Désolée j'ai ouvert un sujet et puis, petit probléme familial oblige, je n'ai pas suivi le déroulement des posts. Bon je viens de tout lire et je pense que par sécurité je vais faire comme tu le dis.. ouvrir un compte limité.. ça sera plus sûr! Du coup je n'ai pas testé l'astuce du virus.. Si je trouve un peu de temps j'essaierai. En attendant je peux laisser le sujet ouvert? ou je marque résolu? Merci de m'avoir aidé et surtout encore pardon pour mon absence!
  20. desdemona
    Bonjour! Et bien comme signalé dans mon premier post dans la fenetre principale la ligne antivir guard marque "unknown"et heu...merci pour le lien mais .. je ne lis ni ne parle anglais !! Alors? un lien en français peut être?
  21. desdemona
    Bonjour à tous les membres du forum zebulon! J'ai un petit souci avec mon antivirus (Avira antivir personal- free antivirus). Il fonctionne parfaitement sur ma session utilisateur ainsi que sur la session de mon fils qui est aussi en mode utilisateur mais lorsque j'ouvre la session invité l'icone de l'antivirus est fermée. Sur la configuration l'antivir guard est en rouge est noté comme "unknow"!! Par contre si je vais dans le panneau du centre de sécurité depuis la session invité l'antivirus semble être en marche!! Est ce normal?? Que dois je faire? J'ai vraiment besoin d'ouvrir cette session pour mon ami. Merci d'avance de prendre de votre temps pour m'aider! A trés vite et bonne journée!
  22. desdemona
    Merci beaucoup Falkra pour toute ton aide (net, précis et rapide!! ) et encore Bravo pour ce forum sans lequel on se sentirait bien démuni devant notre clavier!!
  23. desdemona
    Bonjour!! Voilà c'est bon! La ligne est partie! Je te poste un log Hijack pour vérification : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:50, on 2008-07-28 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Marie Christine Duny\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.bitdefender.fr O15 - Trusted Zone: http://webscanner.kaspersky.fr O15 - Trusted Zone: http://forum.zebulon.fr O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - file:///C:/Documents%20and%20Settings/Marie%20Christine%20Duny/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/PiratePoppers.1.0.0.39.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179576006578 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://desdemona07.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} - http://securite.neuf.fr/Ols/fscax.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe -- End of file - 9636 bytes J'attends ton verdict pour enlever tous les programmes chargés pendant ce nettoyage (au fait en référence à un de tes post j'ai bien eu dossier backups.. je dois en faire quoi?
  24. desdemona
    OK! Voilà le rapport (main text) Deckard's System Scanner v20071014.68 Run by Marie Christine Duny on 2008-07-28 01:42:47 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Marie Christine Duny.exe) -------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:42, on 2008-07-28 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Marie Christine Duny\Bureau\dss.exe C:\DOCUME~1\MARIEC~1\Bureau\Marie Christine Duny.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services] ftps.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.bitdefender.fr O15 - Trusted Zone: http://webscanner.kaspersky.fr O15 - Trusted Zone: http://forum.zebulon.fr O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - file:///C:/Documents%20and%20Settings/Marie%20Christine%20Duny/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/PiratePoppers.1.0.0.39.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179576006578 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://desdemona07.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} - http://securite.neuf.fr/Ols/fscax.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe -- End of file - 9752 bytes -- Files created between 2008-06-28 and 2008-07-28 ----------------------------- 2009-07-23 00:31:10 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-07-28 00:29:07 0 d-------- C:\SAINT_ANGE 2008-07-27 15:41:00 0 d-------- C:\WINDOWS\Prefetch 2008-07-27 14:54:27 0 d-------- C:\WINDOWS\l2schemas 2008-07-27 14:54:26 0 d-------- C:\WINDOWS\system32\fr 2008-07-27 14:54:26 0 d-------- C:\WINDOWS\system32\bits 2008-07-27 14:52:24 0 d-------- C:\WINDOWS\ServicePackFiles 2008-07-27 14:45:25 0 d-------- C:\WINDOWS\EHome 2008-07-27 13:33:36 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\Malwarebytes 2008-07-27 13:33:28 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-27 13:33:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-27 03:22:54 0 dr-h----- C:\Documents and Settings\Marie Christine Duny\Recent 2008-07-26 23:11:55 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\Grisoft 2008-07-26 23:11:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-07-26 22:54:18 0 dr-h----- C:\Documents and Settings\Black Dream\Recent 2008-07-22 13:45:17 91136 --a------ C:\WINDOWS\system32\gvxyiueo.dll 2008-07-19 23:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes 2008-07-19 23:41:32 0 d-------- C:\Program Files\Elaborate Bytes 2008-07-19 23:22:19 157 --a------ C:\WINDOWS\system32\Monitored3.dat 2008-07-19 23:22:17 10 --a------ C:\WINDOWS\system32\ciadvss.exe 2008-07-19 23:22:17 10 --a------ C:\WINDOWS\system32\ciadvs.exe 2008-07-10 19:37:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Oberon Media 2008-07-09 21:51:33 0 d-------- C:\Program Files\iPod 2008-07-07 08:46:25 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\SprillBermudeEng 2008-07-07 08:44:35 0 d-------- C:\WINDOWS\Logs 2008-07-07 08:13:19 0 d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games 2008-07-07 04:23:28 0 d-------- C:\Program Files\Evil Islands 2008-07-06 23:08:57 0 d-------- C:\WINDOWS\cache-cache 2008-07-04 13:27:39 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\skypePM 2008-07-04 03:18:28 0 d-------- C:\Program Files\Common Files 2008-07-02 08:14:57 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\Skype 2008-07-01 23:31:30 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-07-01 23:28:27 0 d-------- C:\Program Files\Skype 2008-07-01 23:28:27 0 d-------- C:\Program Files\Fichiers communs\Skype 2008-07-01 23:28:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype -- Find3M Report --------------------------------------------------------------- 2009-07-23 00:19:49 0 d-------- C:\Program Files\Windows Live Safety Center 2008-07-27 15:45:42 510736 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-07-27 15:45:42 84818 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-07-27 14:54:44 0 d-------- C:\Program Files\Messenger 2008-07-27 14:54:26 0 d-------- C:\Program Files\Movie Maker 2008-07-27 14:52:10 0 d-------- C:\Program Files\Windows NT 2008-07-27 02:27:19 0 d-------- C:\Program Files\LimeWire 2008-07-20 14:54:06 0 d-------- C:\Program Files\SolidWorks Installation Manager 2008-07-20 12:59:47 0 d-------- C:\Program Files\Zylom Games 2008-07-20 11:46:42 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\Identities 2008-07-20 11:20:47 0 d-------- C:\Program Files\DivX 2008-07-19 23:40:47 0 d-------- C:\Program Files\SlySoft 2008-07-19 23:25:48 37888 --a------ C:\WINDOWS\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System> 2008-07-19 21:39:29 0 d-------- C:\Program Files\SolidWorks 2008-07-19 21:36:52 0 d-------- C:\Program Files\Fichiers communs 2008-07-19 21:36:51 0 d-------- C:\Program Files\Fichiers communs\SolidWorks Shared 2008-07-16 20:45:49 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\OpenOffice.org2 2008-07-10 01:08:38 0 d-------- C:\Program Files\Apple Software Update 2008-07-09 21:51:48 0 d-------- C:\Program Files\iTunes 2008-07-09 21:50:02 0 d-------- C:\Program Files\QuickTime 2008-07-08 22:35:01 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\Wildfire 2008-07-07 08:12:50 98 --a----c- C:\WINDOWS\popcinfo.dat 2008-07-07 04:23:27 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-07-04 11:57:05 0 d-------- C:\Program Files\Windows Media Connect 2 2008-07-04 03:19:31 0 d-------- C:\Program Files\Motorola Phone Tools 2008-07-04 03:16:16 0 d-------- C:\Program Files\LiveUpdate 2008-06-25 01:18:46 0 d-------- C:\Program Files\iWin.com 2008-06-25 00:26:37 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\iWin 2008-06-25 00:14:31 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\iWinArcade 2008-06-24 12:50:27 0 d-------- C:\Program Files\Lexmark X1100 Series 2008-06-22 09:23:36 0 d-------- C:\Program Files\RapidSolution 2008-06-22 08:53:56 0 d-------- C:\Program Files\RFA 2008-06-20 15:35:49 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\MythicPearls 2008-06-20 03:27:46 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\cerasus.media 2008-06-20 02:26:53 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\MysteryStudio 2008-06-18 07:21:49 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\Mozilla 2008-06-15 01:41:05 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\Flood Light Games 2008-06-12 01:56:41 0 d-------- C:\Program Files\Neoact 2008-06-11 02:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-06-11 02:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2008-06-11 02:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-06-11 02:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2008-06-11 02:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2008-06-11 02:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®> 2008-06-11 02:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2008-06-11 02:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2008-06-06 10:08:53 0 d-------- C:\Program Files\BankPerfect 2008-05-31 13:41:57 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\WinRAR 2008-05-23 00:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2005-03-08 11:33 C:\WINDOWS\system32\VTTimer.exe] "SoundMan"="SOUNDMAN.EXE" [2005-11-11 15:07 C:\WINDOWS\soundman.exe] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 21:42] "LVCOMSX"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 17:43] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-07-17 20:17] "MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-06-19 12:50] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "DisableTaskMgr"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] "NT Printing Services"=ftps.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\78d659ef] rundll32.exe "C:\WINDOWS\system32\rreqwcow.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM7be56a73] Rundll32.exe "C:\WINDOWS\system32\dcqoaapu.dll",s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs napagent hkmsvc -- End of Deckard's System Scanner: finished at 2008-07-28 01:43:18 ------------ Et le rapport (Extra text). Pris dans C car ne c'est pas affiché! Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Édition familiale (build 2600) SP 2.0 Architecture: X86; Language: French CPU 0: Intel® Pentium® D CPU 2.80GHz CPU 1: Intel® Pentium® D CPU 2.80GHz Percentage of Memory in Use: 31% Physical Memory (total/avail): 958.48 MiB / 659.34 MiB Pagefile Memory (total/avail): 2310.18 MiB / 2076.93 MiB Virtual Memory (total/avail): 2047.88 MiB / 1926.62 MiB C: is Fixed (NTFS) - 146.05 GiB total, 80.18 GiB free. D: is CDROM (No Media) F: is Removable (No Media) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) \\.\PHYSICALDRIVE0 - WDC WD1600BB-22RDA0 - 149.05 GiB - 2 partitions \PARTITION0 - Unknown - 3 GiB \PARTITION1 (bootable) - Système de fichiers installable - 146.05 GiB - C: \\.\PHYSICALDRIVE1 - Sony USB HS-CF Card USB Device \\.\PHYSICALDRIVE3 - Sony USB HS-MS Card USB Device \\.\PHYSICALDRIVE4 - Sony USB HS-SD Card USB Device \\.\PHYSICALDRIVE2 - Sony USB HS-SM Card USB Device -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AV: Avira AntiVir PersonalEdition v 7.0.1.9 (Avira GmbH) Disabled [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Marie Christine Duny\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Fichiers communs COMPUTERNAME=SONIC ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Marie Christine Duny LOGONSERVER=\\SONIC NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 2, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0602 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp TMP=C:\DOCUME~1\MARIEC~1\LOCALS~1\Temp USERDOMAIN=SONIC USERNAME=Marie Christine Duny USERPROFILE=C:\Documents and Settings\Marie Christine Duny windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Marie Christine Duny (admin) Black Dream (admin) Administrateur (new local, admin) Invité (guest) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER --> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2} Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 8.1.1 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x040c -removeonly Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE BankPerfect 5.0 --> "C:\Program Files\BankPerfect\uninstall.exe" CamStudio 2.0 Fr --> "C:\Program Files\CamStudio\unins000.exe" CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" COSMOSMotion 2007 SP0 --> MsiExec.exe /I{CDA21FEB-3F3A-4B08-9631-614FD4CC3F4E} COSMOSWorks 2007 SP0 --> MsiExec.exe /I{2560D183-57DF-487B-A8E0-475132F52E6B} DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Désinstallation du Lecteur Neuf VOD --> "C:\Program Files\neuf_VOD\uninst-neuf_VOD.exe" DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe" DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe" EasyCleaner --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu" Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} GTA San Andreas --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x40c -removeonly Guitar Pro 4 --> MsiExec.exe /X{54A2CFDE-DC70-46E0-92AC-DC88F6303D39} iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB} J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030} Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe" Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870} Logitech QuickCam --> MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C} Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2} Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB913433) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7} Motorola Phone Tools --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x40c -removeonly Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Navilog1 3.3.6 --> "C:\Program Files\Navilog1\unins000.exe" Nero 7 --> MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301036} Neuf - Kit de connexion --> C:\Program Files\Neuf\Kit\uninstall.exe OpenOffice.org 2.0 --> MsiExec.exe /I{E2055AB2-D1C7-4147-A384-2B4B1C04282B} Outil de mise à jour Google --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Package de base Microsoft de service de chiffrement pour cartes à puce --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Panda TotalScan --> C:\Program Files\Panda Security\TotalScan\ascuninst.exe PCI SoftV92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1\HXFSETUP.EXE -U -IPSCRCTR5K.INF PhotoCite Collection --> "C:\Program Files\PhotoCite Collection\unins000.exe" Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" Power2Go 4.0 --> RunDll32 c:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall PowerDVD --> RunDll32 c:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall PowerStarter --> RunDll32 c:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121} Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x40c -removeonly SafeCast Shared Components --> C:\Program Files\Fichiers communs\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} SolidWorks 2007 SP0 --> MsiExec.exe /I{D0B5FD6D-F787-4D40-BB8F-7EDD73DD523E} SolidWorks Installation Manager --> MsiExec.exe /X{26621E14-A45B-45CD-9ED9-7A0A9B585DB4} Stronghold --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}\setup.exe" Tactical Ops --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Infogrames\Tactical Ops\Uninst.isu" -c"C:\Program Files\Infogrames\Tactical Ops\Uninst.dll" the_silent_force ScreenSaver --> C:\WINDOWS\the_silent_force.scr /U VIA Gestionnaire de périphériques de plate-forme --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Presentation Foundation Language Pack (FRA) --> MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494} Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} Windows Workflow Foundation FR Language Pack --> MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836} XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" XML Paper Specification Shared Components Pack 1.0 --> -- Application Event Log ------------------------------------------------------- Event Record #/Type1225 / Success Event Submitted/Written: 11/27/2007 09:19:45 AM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type1200 / Success Event Submitted/Written: 11/26/2007 10:15:39 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type1186 / Success Event Submitted/Written: 11/26/2007 09:03:35 AM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type1161 / Error Event Submitted/Written: 11/25/2007 08:06:42 PM Event ID/Source: 1002 / Application Hang Event Description: Application bloquée firefox.exe, version 1.8.20071.2514, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Event Record #/Type1158 / Success Event Submitted/Written: 11/25/2007 07:54:17 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type63932 / Warning Event Submitted/Written: 11/25/2007 09:33:15 PM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées. Event Record #/Type63931 / Warning Event Submitted/Written: 11/25/2007 09:19:08 PM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées. Event Record #/Type63910 / Warning Event Submitted/Written: 11/25/2007 04:49:23 PM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées. Event Record #/Type63843 / Warning Event Submitted/Written: 11/24/2007 02:50:57 AM Event ID/Source: 36 / W32Time Event Description: Le service de temps n'a pas pu synchroniser l'heure système de 49152 secondes car aucun fournisseur de temps n'a pu fournir de datage utilisable. L'horloge système n'est pas synchronisée. Event Record #/Type63839 / Warning Event Submitted/Written: 11/23/2007 08:00:24 PM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées. -- End of Deckard's System Scanner: finished at 2007-11-27 09:29:45 ------------ JE te souhaite donc Bonne nuit et te dis A demain
  25. desdemona
    OK bon j'ai du redémarrer donc voici le rapport généré au redémarrage : File move failed. C:\windows\system32\ftps.exe scheduled to be moved on reboot. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07282008_004806 Files moved on Reboot... C:\windows\system32\ftps.exe moved successfully. Ensuite il y a une fenetre blanche qui s'est ouverte "ftp://ftps.exe/-microsoft internet explorer" avec un message "Window ne peut pas accéder à ce dossier. Vérifiez que le nom de fichier est correct et que vous avez l'autorisation d'accéder à ce dossier. Détail: the server name or address could not be resolved" Cela te suffit il ou dois je copier autre chose? Pour l'instant je m'éclipse une petite demi heure (je dois récup mon fils à une soirée!! ) A toute à l'heure
×
×
  • Créer...