kighafars

Bonjour, Je vous appelle à l'aide suite à des problèmes continus sur vista. J'étais sous Kaspersky , au moment de la fin de la clé d'activation j'ai voulu changer d'antivirus car trop cher pour moi pour le moment . Et un malware est apparu à ce moment là , malware qui je crois est toujours resté sur mon ordi suite à une attaque de trojan l'an dernier. J'ai essayé d'analyser le hijack mais que nenni . Le malware semble bloquer l'explorateur windows ainsi que windows installer. Aucune connexion internet possible sauf les pages du marque pages ( ou j'avais conservé la page du forum zébulon ). J'ai essayé d'installer Bit Defender d'un ami mais rien ne se passe . J'ai réussi à installer A-squared mais quand je scan => crash au bout de quelques minutes . Incapable d'utiliser les scanners online meme sur le site zébulon rien ne se passe. Suis obligé de me mettre en mode sans échec sinon crash (écran bleu) au bout de quelques minutes !! Merci d'avance pour le temps et la peine passé pour trainer des boulets comme moi. J'attends les ordres ! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:33:45, on 02/10/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: QXK Olive - {75CFDBEA-56E3-4065-B218-4A11FE8C46DB} - C:\Windows\dfmlxbpkeqv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: nqgpedlr - {DFD3C411-B6E4-49E6-A4D9-88F45FE2556D} - C:\Windows\nqgpedlr.dll (file missing) O3 - Toolbar: nqgpedlr - {B0DBF6AE-D8A1-47E3-9E8A-EE9D41D9BE1C} - C:\Windows\nqgpedlr.dll (file missing) O3 - Toolbar: peltodgx - {5D3BF66A-D62D-4D77-A209-8C8317054B1A} - C:\Windows\peltodgx.dll O3 - Toolbar: peltodgx - {CA5DF1DA-5181-4190-B40B-E3FD8FB1EAED} - C:\Windows\peltodgx.dll O3 - Toolbar: peltodgx - {BAB8F6DC-41B1-440F-A066-AAC224906880} - C:\Windows\peltodgx.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O4 - HKLM\..\Run: [\YUR4690.exe] C:\Windows\system32\YUR4690.exe O4 - HKLM\..\Run: [\YUR4816.exe] C:\Windows\system32\YUR4816.exe O4 - HKLM\..\Run: [\YUR4C2C.exe] C:\Windows\system32\YUR4C2C.exe O4 - HKLM\..\Run: [\YUR5224.exe] C:\Windows\system32\YUR5224.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [\YUR4690.exe] C:\Windows\system32\YUR4690.exe O4 - HKCU\..\Run: [\YUR4816.exe] C:\Windows\system32\YUR4816.exe O4 - HKCU\..\Run: [\YUR4C2C.exe] C:\Windows\system32\YUR4C2C.exe O4 - HKCU\..\Run: [\YUR5224.exe] C:\Windows\system32\YUR5224.exe O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU') O4 - Global Startup: Adobe Reader Speed Launch.lnk = ? O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLLeNetHook.dlleNetHook.dll C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dlleNetHook.dll eNetHook.dll O21 - SSODL: hlpdb - {4DB87F97-8DCA-63E9-68C5-073AB5769493} - C:\Program Files\rgtqrtb\hlpdb.dll O21 - SSODL: rwlfsdmk - {CEFAEE3C-76C9-45EB-B15B-6F6208C11631} - C:\Windows\rwlfsdmk.dll O21 - SSODL: onfwbsak - {528C194F-3EC6-4245-BE8F-447FAEAC3243} - C:\Windows\onfwbsak.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- End of file - 9295 bytes

Salut GOF Malgré tes 2 liens GROOVE me pose encore un problème. J'ai essayé de désinstaller Groove et OFFICE. Je ne crois pas que cela est marché car OFFICE apparait tjrs dans la base de registre HKEY LOCAL MACHINE et USERS. En tout cas, le setup d'OFFICE ne se lance plus, aucun prog d'OFFICE type word, excel,... ne s'ouvre et lorsque je veux réinstaller 2007 il me demande de désinstaller GROOVE 2007 d'abord ??!! Donc je ne peux plus utiliser OFFICE et je ne peux plus le réinstaller !! GREAT, thanx microsoft !! A+

Salut GOF, j' ai oublié de te dire que si j'essaye de réinstaller OFFICE il me demande de désinstaller Groove 2007 avant, chose que je ne peux pas faire.

Salut GOF, Le setup d'OFFICE lance une réinstallation. Déjà utilisé Unlocker mais la solution serait peut etre un désinstallateur style registry cleaner mais version monsieur propre !! A+

Salut GOF, j'ai runné le online scan de KASPERSKY : il n'a pas trouvé de virus ni des fichiers infectés ou suspicieux. J'ai quand meme reéssayer ESET avec une liaison internet de + grande bande passante mais échec. j'ai toujours des déclenchements intempestifs du setup d'OFFICE surtout après un redémarrage de l'ordi. J'ai la version 7.01.321 de KAV , quelle est la différence avec KIS? Quel pare feu me conseilles tu pour tourner avec KAV? Est ce que j'ai besoin d'un anti spyware supplémentaire? A+

Salut GOF, Désolé mais meme avec les settings des actives X que tu m'as donné ça ne marche pas. Un autre online scan?

Salut GOF, j'ai vu qu'il fallait utliser IE et installer l'active X mais rien n'y fait le scanner ne s'initialise pas , je vais réessayer mais c'est aumoins la 10 eme tentative.

salut GOF, Désolé mais je n'arrive pas à scanner onlinesur le site de eset !!

Je te mets mon dernier LOG Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:46:32, on 24/01/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\WButton.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll eNetHook.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- End of file - 8774 bytes

Bonjour, Désolé de ne pas avoir répondu plutot (pb avec mon hotspot qui souffre de Hacking, j'espere que ça ne vient pas de moi). Je ne semble plus avoir de gros soucis à part quelques bizareries. Le setup d'office ne se lance plus au démarrage mais continue surtout quand je veux ouvrir des fichiers .Meme en supprimant OFFICE de la base de registre , il est toujours là?? Quid. Je ne sais plus quoi faire

HI GOF, En suivant tes conseils pour l'update d'acrobat reader, je suis allé sur french.irc.com pour telecharger la version 8.1.0 et là KAV s'est faché : detected: Trojan program Backdoor.Win32.Agent.duj URL: EDIT Curieux pour un site qui se vante d'etre virus et malware free . Malgré mes petits soucis avec lui KAV me parait impressionnant.

Salut GOF, Comment ça tu as fait une erreur !!! à une époque on en a brulé sur le bucher pour moins que ça fix.bat me donne 2 rapports un en DOS , l'autre en text . Je te les mets tous les 2. Pour le pb de mes lancements de programmes qui freezent et des dumps en mode normal, je crois avoir une bonne idée. Je suis allé faire un tour sur les forums du KasperskyLabs club et apparament bcp d'utilisateurs sous vista et sous xp sp3 utilisant la dernière version de KAV (7.0.1.321 c.a.d la meme que moi) expériencent les memes pb . fix prévu pour xpsp2 mais pas pour les autres pour l'instant. ça s'améliore petit à petit à travers parait il les updates mais c quand meme la galère surtout pour le surf . Seule possibilité attendre les dév. de KLabs ou repasser en version 7.0.1.125. C'est peut etre une info qui peut interesser la communauté ? Par contre, je suis de + en +persuader que qqchose est attaché au setup d'OFFICE 12 qui n'arrete pas de se lancer . Je n'arrive pas à le supprimer ce p t in de logiciel à la con . LOG de FIX.BAT en DOS C:\Windows\system32>echo 22/01/2008 1>c:\a.txt C:\Windows\system32>"C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNI NSTALL" 1>>c:\a.txt Le chemin d'accès spécifié est introuvable. C:\Windows\system32>"C:\Windows\UNNeroBackItUp.exe /UNINSTALL" 1>>c:\a.txt Le nom de répertoire est incorrect. C:\Windows\system32>"C:\Windows\UNNeroMediaHome.exe /UNINSTALL" 1>>c:\a.txt Le nom de répertoire est incorrect. C:\Windows\system32>"C:\Windows\UNNeroShowTime.exe /UNINSTALL" 1>>c:\a.txt Le nom de répertoire est incorrect. C:\Windows\system32>"C:\Windows\UNNeroVision.exe /UNINSTALL" 1>>c:\a.txt Le nom de répertoire est incorrect. C:\Windows\system32>"C:\Windows\UNRecode.exe /UNINSTALL" 1>>c:\a.txt Le nom de répertoire est incorrect. C:\Windows\system32>sc stop "Nero BackItUp Scheduler 3" 1>>c:\a.txt C:\Windows\system32>sc delete "Nero BackItUp Scheduler 3" 1>>c:\a.txt C:\Windows\system32>sc stop NMIndexingService 1>>c:\a.txt C:\Windows\system32>sc delete NMIndexingService 1>>c:\a.txt C:\Windows\system32>sc stop "Symantec Core LC" 1>>c:\a.txt C:\Windows\system32>sc delete "Symantec Core LC" 1>>c:\a.txt C:\Windows\system32>rd /s /q "C:\Program Files\Common Files\Nero" 1>>c:\a.txt Le fichier spécifié est introuvable. C:\Windows\system32>rd /s /q "C:\Program Files\Nero" 1>>c:\a.txt C:\Program Files\Nero\Nero8\NEROBA~1\NBShell.dll - Accès refusé. C:\Program Files\Nero\Nero8\NEROBA~1 - Accès refusé. C:\Program Files\Nero\Nero8 - Accès refusé. Accès refusé. C:\Windows\system32>rd /s /q C:\Program Files\Symantec 1>>c:\a.txt Le fichier spécifié est introuvable. Le chemin d'accès spécifié est introuvable. C:\Windows\system32>rd /s /q "C:\Program Files\Common Files\Symantec Shared" 1> >c:\a.txt Le fichier spécifié est introuvable. C:\Windows\system32>echo Fin batch 1>>c:\a.txt C:\Windows\system32>notepad c:\a.txt LOG de FIX.BAT en Text 22/01/2008 [sC] OpenService ‚chec(s) 1060 : Le service sp‚cifi‚ n'existe pas en tant que service install‚. [sC] OpenService ‚chec(s) 1060 : Le service sp‚cifi‚ n'existe pas en tant que service install‚. [sC] OpenService ‚chec(s) 1060 : Le service sp‚cifi‚ n'existe pas en tant que service install‚. [sC] OpenService ‚chec(s) 1060 : Le service sp‚cifi‚ n'existe pas en tant que service install‚. [sC] OpenService ‚chec(s) 1060 : Le service sp‚cifi‚ n'existe pas en tant que service install‚. [sC] OpenService ‚chec(s) 1060 : Le service sp‚cifi‚ n'existe pas en tant que service install‚. Fin batch Je te remercie pour tout ton temps que tu me consacres. :P mais tu dors quand???

Hi GOF, rapport du fix.bat C:\Windows\system32>21/01/20081>c:\a.txt '21' n'est pas reconnu en tant que commande interne ou externe, un programme exécutable ou un fichier de commandes. C:\Windows\system32>C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNIN STALL 1>>c:\a.txt 'C:\Program' n'est pas reconnu en tant que commande interne ou externe, un programme exécutable ou un fichier de commandes. C:\Windows\system32>C:\Windows\UNNeroBackItUp.exe /UNINSTALL 1>>c:\a.txt C:\Windows\system32>C:\Windows\UNNeroMediaHome.exe /UNINSTALL 1>>c:\a.txt C:\Windows\system32>C:\Windows\UNNeroShowTime.exe /UNINSTALL 1>>c:\a.txt C:\Windows\system32>C:\Windows\UNNeroVision.exe /UNINSTALL 1>>c:\a.txt rapport HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:06:26, on 21/01/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Launch Manager\WButton.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Pando Networks\Pando\pando.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll eNetHook.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- End of file - 11178 bytes J'aimerais aussi désinstaller OFFICE 12, comment dois je m'y prendre?

RE bonjour GOF, O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL protocol rarement baddie mais grande suspicion autour d'OFFICE 12 , son setup n'arrete pas de se lancer quand je veux ouvrir explorer, panneau de config et autres. PB je n'arrive pas à désinstaller OFFICE 12.

Bonjour GOF, Vundo fait , pas de fichiers infectés détectés --> pas de rapport ATF Cleaner fait AVG AS fait --> que des cookies AVG Log --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 14:52:50 21/01/2008 + Résultat de l'analyse: :mozilla.411:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.412:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.413:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@oasc08008.247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.312:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.313:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.314:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.315:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.316:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.317:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.318:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.319:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.320:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.321:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.322:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.323:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.324:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.487:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.563:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.610:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.656:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@divx.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@divx.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@divx.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.183:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.184:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.185:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.188:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.189:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.190:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.191:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé. :mozilla.243:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.244:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.46:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.47:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.48:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.49:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.50:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé. :mozilla.263:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@atdmt[3].txt -> TrackingCookie.Atdmt : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.839:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Clickhype : Nettoyé. :mozilla.398:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé. :mozilla.399:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.555:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Estat : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@estat[1].txt -> TrackingCookie.Estat : Nettoyé. :mozilla.376:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé. :mozilla.377:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.625:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.626:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.367:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Linkbuddies : Nettoyé. :mozilla.267:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé. :mozilla.269:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé. :mozilla.270:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé. :mozilla.69:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé. :mozilla.70:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé. :mozilla.305:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. :mozilla.306:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. :mozilla.307:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@overture[1].txt -> TrackingCookie.Overture : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé. :mozilla.714:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé. :mozilla.715:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé. :mozilla.311:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.325:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.326:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.327:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.328:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.329:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.488:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.740:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.741:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.742:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.743:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.744:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.745:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@site.skype[1].txt -> TrackingCookie.Skype : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@skype[1].txt -> TrackingCookie.Skype : Nettoyé. :mozilla.17:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.23:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.24:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.25:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.26:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@smartadserver[3].txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.767:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.768:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.769:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@trafic[1].txt -> TrackingCookie.Trafic : Nettoyé. :mozilla.295:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé. :mozilla.30:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.32:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.33:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@weborama[3].txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.357:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Nettoyé. :mozilla.77:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé. :mozilla.152:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.153:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.154:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.155:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.156:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.157:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.158:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.159:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.160:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé. Fin du rapport HJT Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:15:35, on 21/01/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Launch Manager\WButton.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Pando Networks\Pando\pando.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll eNetHook.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- End of file - 11784 byte Les fonctions de windows ne fonctionne tjrs pas en mode normal (programme ne répond pas, vaable pour explorer panneau de config etc... Toujours des traces de Norton. Norton et Nero sont 2 programmes que je n'arrive pas à désinstaller complètement magré removal tools spécifiques. J'ai toujours des lancement de setup de programmes intempestifs. A Bientot , je reste connect.

Bonjour, Merci pour ton aide et bonne année 2008. Ok pour toutes tes recommendations, j'ai choisi de garder KASPER et désinstaller les autres. En examinant le log j'ai oublié de désinstaller registrybooster 2, je crois pas qu'il va nous poser des soucis, j'ai viré spybot, a2 , program checker et autres. Désolé de te répondre si tard mais j'ai passé la nuit à comprendre la formation de HJT sur le site, mais je crois que la fatigue m'a vaincue avant que je puisse tout comprendre. Mon premier ordi etait un ZX81 donc imagine l'ecart d'années lumière qui existe avec maintenant. Avec DSS tout ok , je poste les 2 logs. Deckard's System Scanner v20071014.68 Run by kighafars on 2008-01-20 15:23:24 Computer is in Safe Mode with Networking. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 5: 2008-01-19 04:52:52 UTC - RP200 - Installed Kaspersky Anti-Virus 7.0. 4: 2008-01-18 20:48:58 UTC - RP199 - Windows Update 3: 2008-01-18 01:04:20 UTC - RP198 - Windows Update 2: 2008-01-17 05:11:16 UTC - RP197 - Point de contrôle planifié 1: 2008-01-16 00:44:56 UTC - RP196 - Windows Update Backed up registry hives. Performed disk cleanup. Total Physical Memory: 1022 MiB (1024 MiB recommended). -- HijackThis (run as kighafars.exe) ------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:28:08, on 20/01/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Users\kighafars\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\kighafars.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [2aa81b5c] rundll32.exe "C:\Users\KIGHAF~1\AppData\Local\Temp\rlwlahfr.dll",b O4 - HKCU\..\Run: [uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll eNetHook.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- End of file - 12009 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080120-014451-360 O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll backup-20080120-014451-841 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; > R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell> S1 Hotkey - c:\windows\system32\drivers\hotkey.sys S1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing) S2 eLockService (eLock Service) - c:\acer\empowering technology\elock\service\elockserv.exe <Not Verified; Acer Inc.; Acer eLock Management> S2 eNet Service - c:\acer\empowering technology\enet\enet service.exe <Not Verified; Acer Inc.; Acer eNet Management> S2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService> S2 eSettingsService (eSettings Service) - c:\acer\empowering technology\esettings\service\capuserv.exe <Not Verified; ; Service> S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing) S2 MobilityService - c:\acer\mobility center\mobilityservice.exe -p S2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module> S2 WMIService (ePower Service) - c:\acer\empowering technology\epower\epowersvc.exe <Not Verified; acer; Acer ePower Management> S3 ISPwdSvc (Validation de mot de passe Symantec IS) - "c:\program files\norton internet security\ispwdsvc.exe" (file missing) S3 LiveUpdate - "c:\progra~1\symantec\liveup~1\lucoms~1.exe" (file missing) S3 WisLMSvc - "c:\program files\launch manager\wislmsvc.exe" <Not Verified; Wistron Corp.; > -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-01-19 02:48:33 426 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{D6C44664-8464-4953-82CC-615120DA2D41}.job 2008-01-18 20:21:33 532 --a------ C:\Windows\Tasks\Norton Internet Security - Analyse système complète - kighafars.job 2008-01-18 15:00:00 416 --a------ C:\Windows\Tasks\Norton Security Scan.job -- Files created between 2007-12-20 and 2008-01-20 ----------------------------- 2008-01-20 01:54:42 0 d-------- C:\Program Files\a-squared Anti-Malware 2008-01-19 20:21:44 0 d-------- C:\Program Files\Trend Micro 2008-01-19 20:21:26 0 d-------- C:\HJT 2008-01-19 05:57:20 91492 --a------ C:\Windows\system32\drivers\klin.dat 2008-01-19 05:57:19 85860 --a------ C:\Windows\system32\drivers\klick.dat 2008-01-19 05:54:29 2999840 --ahs---- C:\Windows\system32\drivers\fidbox.dat 2008-01-19 05:54:28 0 d-------- C:\Users\All Users\Kaspersky Lab 2008-01-19 05:54:28 0 d-------- C:\Program Files\Kaspersky Lab 2008-01-19 05:30:36 0 d-------- C:\Users\All Users\Kaspersky Lab Setup Files 2008-01-19 03:37:24 0 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-01-18 22:40:35 0 d-------- C:\Windows\system32\QVJGTGljZW5zZUluZm8= <QVJGTG~1> 2008-01-18 22:40:25 0 d-------- C:\Program Files\Advanced Registry Fix 2008-01-18 22:28:55 0 d-------- C:\Windows\RegistryCleaner 2008-01-18 18:26:19 0 d-------- C:\VundoFix Backups 2008-01-18 12:30:02 0 d-------- C:\Program Files\PKR 2008-01-16 18:35:14 44544 --a------ C:\Windows\system32\GIF89.DLL <Not Verified; ; Gif89 Module> 2008-01-16 18:35:09 40960 --a------ C:\Windows\system32\SSubTmr6.dll <Not Verified; vbAccelerator; SSubTmr6> 2008-01-16 18:35:09 15360 --a------ C:\Windows\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer> 2008-01-16 18:35:08 141312 --a------ C:\Windows\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL> 2008-01-16 18:35:08 32768 --a------ C:\Windows\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG> 2008-01-16 18:35:07 0 d-------- C:\Program Files\Free Easy Burner 2008-01-16 12:33:37 0 d-------- C:\Program Files\Common Files\PX Storage Engine 2008-01-09 12:18:12 3596288 --a------ C:\Windows\system32\qt-dx331.dll 2008-01-09 12:16:10 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2008-01-09 12:16:10 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-01-09 12:16:02 802816 --a------ C:\Windows\system32\divx_xx11.dll <DIVX_X~3.DLL> <Not Verified; DivX, Inc.; DivX?> 2008-01-09 12:16:02 823296 --a------ C:\Windows\system32\divx_xx0c.dll <DIVX_X~1.DLL> <Not Verified; DivX, Inc.; DivX®> 2008-01-09 12:16:02 823296 --a------ C:\Windows\system32\divx_xx07.dll <DIVX_X~2.DLL> <Not Verified; DivX, Inc.; DivX®> 2008-01-09 12:16:02 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2008-01-06 20:36:29 0 d-------- C:\Program Files\PowerISO 2008-01-06 15:41:54 0 d-------- C:\Program Files\Alwil Software 2008-01-04 18:24:13 0 d-------- C:\IDHSTOCK 2008-01-04 18:23:56 0 d-------- C:\Users\All Users\{FD1513DF-3090-4FB5-A6DB-B06E4E146E56} 2008-01-04 18:23:50 0 d-------- C:\Program Files\Idh Products 2008-01-01 22:46:53 0 d-------- C:\Poker 2007-12-28 22:32:14 685816 --a------ C:\Windows\system32\drivers\sptd.sys 2007-12-25 23:18:49 21248 --a------ C:\Windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell> 2007-12-25 23:18:47 0 d-------- C:\Program Files\Common Files\ArcSoft 2007-12-25 23:18:40 143360 --a------ C:\Windows\system32\PhotoBase Screen Saver.scr <PHOTOB~1.SCR> <Not Verified; ArcSoft Inc.; PhotoBase Screen Saver> 2007-12-25 23:16:13 212480 --a------ C:\Windows\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit> 2007-12-25 23:16:13 0 d-------- C:\Program Files\ArcSoft 2007-12-25 15:11:27 495616 --a------ C:\Windows\system32\PICSDK2.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK> 2007-12-25 15:11:27 73728 --a------ C:\Windows\system32\PICSDK.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK> 2007-12-25 15:11:27 77824 --a------ C:\Windows\system32\PICEntry.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK> 2007-12-25 15:11:27 114688 --a------ C:\Windows\system32\EpPicPrt.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK> 2007-12-25 15:11:27 111932 --a------ C:\Windows\system32\EPPICPrinterDB.dat <EP2DCB~1.DAT> 2007-12-25 15:11:27 1139 --a------ C:\Windows\system32\EPPICPresetData_PT.dat <EPF40C~1.DAT> 2007-12-25 15:11:27 1120 --a------ C:\Windows\system32\EPPICPresetData_IT.dat <EPF8EB~1.DAT> 2007-12-25 15:11:27 1107 --a------ C:\Windows\system32\EPPICPresetData_GE.dat <EPB0EF~1.DAT> 2007-12-25 15:11:27 1129 --a------ C:\Windows\system32\EPPICPresetData_FR.dat <EPECD3~1.DAT> 2007-12-25 15:11:27 1136 --a------ C:\Windows\system32\EPPICPresetData_ES.dat <EPF8D7~1.DAT> 2007-12-25 15:11:27 1104 --a------ C:\Windows\system32\EPPICPresetData_EN.dat <EPD8D3~1.DAT> 2007-12-25 15:11:27 1146 --a------ C:\Windows\system32\EPPICPresetData_DU.dat <EPF4DF~1.DAT> 2007-12-25 15:11:27 1129 --a------ C:\Windows\system32\EPPICPresetData_CF.dat <EPB0D3~1.DAT> 2007-12-25 15:11:27 1139 --a------ C:\Windows\system32\EPPICPresetData_BP.dat <EPECCB~1.DAT> 2007-12-25 15:11:27 4943 --a------ C:\Windows\system32\EPPICPattern6.dat <EPE400~1.DAT> 2007-12-25 15:11:27 21390 --a------ C:\Windows\system32\EPPICPattern5.dat <EPE000~1.DAT> 2007-12-25 15:11:27 11811 --a------ C:\Windows\system32\EPPICPattern4.dat <EPECFF~1.DAT> 2007-12-25 15:11:27 24903 --a------ C:\Windows\system32\EPPICPattern3.dat <EPE8FF~1.DAT> 2007-12-25 15:11:27 20148 --a------ C:\Windows\system32\EPPICPattern2.dat <EPPICP~4.DAT> 2007-12-25 15:11:27 31053 --a------ C:\Windows\system32\EPPICPattern131.dat <EPPICP~3.DAT> 2007-12-25 15:11:27 27417 --a------ C:\Windows\system32\EPPICPattern121.dat <EPPICP~2.DAT> 2007-12-25 15:11:27 26154 --a------ C:\Windows\system32\EPPICPattern1.dat <EPPICP~1.DAT> 2007-12-25 15:11:27 65536 --a------ C:\Windows\system32\EPPicMgr.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK> 2007-12-25 15:10:43 0 d-------- C:\Program Files\Panasonic 2007-12-25 12:53:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard -- Find3M Report --------------------------------------------------------------- 2008-01-20 15:20:13 0 d-------- C:\Users\kighafars\AppData\Roaming\BitTorrent 2008-01-20 03:19:19 0 d-------- C:\Users\kighafars\AppData\Roaming\Skype 2008-01-20 03:18:49 13213 --a------ C:\Users\kighafars\AppData\Roaming\nvModes.dat 2008-01-20 03:18:49 13213 --a------ C:\Users\kighafars\AppData\Roaming\nvModes.001 2008-01-20 00:23:13 0 d-------- C:\Users\kighafars\AppData\Roaming\Uniblue 2008-01-19 05:39:13 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-01-19 04:26:08 0 d-------- C:\Users\kighafars\AppData\Roaming\iExpert Software 2008-01-18 21:55:08 0 d-------- C:\Program Files\Windows Mail 2008-01-18 21:49:55 0 d-------- C:\Program Files\Windows Sidebar 2008-01-16 22:45:40 0 d-------- C:\Users\kighafars\AppData\Roaming\BSplayer 2008-01-16 12:34:08 0 d-------- C:\Program Files\DivX 2008-01-16 12:33:37 0 d-------- C:\Program Files\Common Files 2008-01-12 18:28:31 690832 --a------ C:\Windows\system32\perfh00C.dat 2008-01-12 18:28:31 117572 --a------ C:\Windows\system32\perfc00C.dat 2008-01-12 18:28:13 0 d-------- C:\Users\kighafars\AppData\Roaming\U3 2008-01-06 14:53:09 0 d-------- C:\Users\kighafars\AppData\Roaming\BitTorrent DNA 2007-12-28 22:41:14 0 d-------- C:\Users\kighafars\AppData\Roaming\DAEMON Tools Pro 2007-12-28 22:15:17 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-12-28 22:15:10 0 d-------- C:\Program Files\NewTech Infosystems 2007-12-25 23:19:36 0 d-------- C:\Users\kighafars\AppData\Roaming\Arcsoft 2007-12-25 15:12:31 0 d-------- C:\Users\kighafars\AppData\Roaming\Panasonic 2007-12-25 15:09:40 0 d-------- C:\Users\kighafars\AppData\Roaming\InstallShield 2007-12-18 21:39:01 0 d-------- C:\Program Files\Zuma deluxe 2007-12-11 20:43:44 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll <DIVXWM~1.DLL> 2007-12-10 21:55:01 0 d-------- C:\Users\kighafars\AppData\Roaming\Nero 2007-12-10 21:53:04 0 d-------- C:\Program Files\Common Files\Nero 2007-12-10 21:48:24 0 d-------- C:\Program Files\Nero 2007-12-07 14:44:14 0 d-------- C:\Program Files\Activision Value 2007-12-01 00:24:34 0 d-------- C:\Program Files\Java 2007-12-01 00:07:29 0 d-------- C:\Program Files\Common Files\Java 2007-11-24 14:43:08 0 d-------- C:\Program Files\Micro Application -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [29/10/2007 16:06 266240] [-HKEY_CLASSES_ROOT\CLSID\{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [20/06/2007 22:55] "RtHDVCpl"="RtHDVCpl.exe" [09/11/2006 19:57 C:\Windows\RtHDVCpl.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [23/10/2006 20:00] "osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [] "NvSvc"="C:\Windows\system32\nvsvc.dll" [20/12/2006 21:50] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [20/12/2006 21:50] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [20/12/2006 21:50] "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [25/07/2005 12:36] "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [10/01/2007 10:34] "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [29/08/2006 08:26] "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [09/11/2006 13:37] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [19/06/2007 20:42] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 09:22] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [13/09/2007 01:04] "QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [19/10/2007 20:16] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 09:51] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [07/08/2007 01:05] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 00:47] "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [] "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [18/12/2007 00:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [18/01/2008 21:49] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [19/06/2007 20:40] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [22/08/2007 23:19] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 11:55] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:35] "Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [18/10/2007 16:42] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [20/09/2007 15:35] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 13:36] "2aa81b5c"="C:\Users\KIGHAF~1\AppData\Local\Temp\rlwlahfr.dll,b" [] "Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "GrpConv"=grpconv -o C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 04:44:06] Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [10/12/2006 11:48:33] LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [25/12/2007 15:10:44] Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [19/06/2007 20:40:12] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll eNetHook.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] AutoRun\command- G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a29f2e8-ada8-11dc-9ad3-00197e28204b}] AutoRun\command- G:\ecoburotic.exe *Newly Created Service* - COMHOST *Newly Created Service* - ECACHE [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-01-20 15:30:45 ------------ Log de extra.txt Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Édition Familiale Premium (build 6000) Architecture: X86; Language: French CPU 0: Genuine Intel® CPU T2080 @ 1.73GHz Percentage of Memory in Use: 38% Physical Memory (total/avail): 1021.56 MiB / 631.89 MiB Pagefile Memory (total/avail): 2309.5 MiB / 2033.52 MiB Virtual Memory (total/avail): 2047.88 MiB / 1915.71 MiB C: is Fixed (NTFS) - 51.99 GiB total, 18.79 GiB free. D: is Fixed (NTFS) - 51.98 GiB total, 14.57 GiB free. E: is CDROM (CDFS) \\.\PHYSICALDRIVE0 - Hitachi HTS541212H9AT00 ATA Device - 111.79 GiB - 3 partitions \PARTITION0 - Unknown - 7.81 GiB \PARTITION1 (bootable) - Système de fichiers installable - 51.99 GiB - C: \PARTITION2 - Système de fichiers installable - 51.98 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is set to notify before install. Windows Internal Firewall is disabled. FW: Norton Internet Security v2007 (Symantec Corporation) Disabled AV: Avira AntiVir PersonalEdition v 7.0.1.194 (Avira GmbH) AV: Kaspersky Anti-Virus v7.0.1.321 (Kaspersky Lab) AV: Norton Internet Security v2007 (Symantec Corporation) Disabled Outdated AS: Avira AntiVir PersonalEdition v 7.0.1.194 (Avira GmbH) AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Disabled AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled AS: Kaspersky Anti-Virus v7.0.1.321 (Kaspersky Lab) AS: Norton Internet Security v2007 (Symantec Corporation) Disabled Outdated [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\kighafars\AppData\Roaming CLASSPATH=.;C:\Program Files\QuickTime Alternative\QTSystem\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=PC-DE-KIGHAFARS ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\kighafars LOCALAPPDATA=C:\Users\kighafars\AppData\Local LOGONSERVER=\\PC-DE-KIGHAFARS NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime Alternative\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0e0c ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public QTJAVA=C:\Program Files\QuickTime Alternative\QTSystem\QTJava.zip SAFEBOOT_OPTION=NETWORK SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\KIGHAF~1\AppData\Local\Temp TMP=C:\Users\KIGHAF~1\AppData\Local\Temp USERDOMAIN=PC-de-kighafars USERNAME=kighafars USERPROFILE=C:\Users\kighafars windir=C:\Windows -- User Profiles --------------------------------------------------------------- kighafars (admin) la taupe (new local, net ready) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\Windows\UNNeroBackItUp.exe /UNINSTALL --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL --> C:\Windows\UNNeroShowTime.exe /UNINSTALL --> C:\Windows\UNNeroVision.exe /UNINSTALL --> C:\Windows\UNRecode.exe /UNINSTALL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall Acer Arcade Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL Acer eLock Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x40c -removeonly Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly Acer eNet Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x40c -removeonly Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x40c -removeonly Acer ePresentation Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x40c -removeonly Acer eSettings Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x40c -removeonly Acer GridVista --> C:\Windows\UnInst32.exe GridV.UNI Acer Mobility Center Plug-In --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly Acer OrbiCam --> C:\Program Files\InstallShield Installation Information\{DD1DED37-2486-4F56-8F89-56AA814003F5}\Setup.exe -runfromtemp -l0x040c -removeonly Acer OrbiCam --> Rundll32.exe BisonR07.dll,WinMainRmv Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log Agere Systems HDA Modem --> agrsmdel AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC67641A-05C4-4FED-A462-1EB1DC6CF2F5}\Setup.exe" -l0x40c AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA} Bejeweled 2 Deluxe --> "C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\install.log" BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe BS.Player FREE powered by AdVantage --> "C:\Program Files\Webteh\BSplayer\uninstall.exe" DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN eMule --> "D:\eMule\Uninstall.exe" Free Easy Burner V 2.0 --> "C:\Program Files\Free Easy Burner\unins000.exe" Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Idh Products --> "C:\ProgramData\{FD1513DF-3090-4FB5-A6DB-B06E4E146E56}\setup-idh-stock.exe" REMOVE=TRUE MODIFY=FALSE Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F} Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F} Launch Manager V1.1.1.4 --> C:\Program Files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\setup.exe -runfromtemp -l0x040c -removeonly LUMIX Simple Viewer --> C:\Program Files\InstallShield Installation Information\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}\setup.exe -runfromtemp -l0x040c -removeonly Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007 (Beta) --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRO /dll OSETUP.DLL Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MUSK Codec Pack v5 --> "C:\Program Files\MUSK Codec Pack v5\unins000.exe" neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NTI Backup NOW! 4.7 --> "C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI On2 VP3 Video for Windows Codec --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF59708F-60F4-11D5-866A-00A0D2183227}\Setup.exe" -l0x9 Outil de mise à jour Google --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Pando --> MsiExec.exe /I{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1} Pando Toolbar --> rundll32 C:\PROGRA~1\PandoBar\bar\1.bin\PandoBar.dll,O PKR --> "C:\Program Files\PKR\uninstall-pkr.exe" Poker 770 --> "C:\Poker\Poker 770\_SetupCasino.exe" /uninstall PowerISO --> "C:\Program Files\PowerISO\uninstall.exe" PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121} QuickTime Alternative 1.81 --> "C:\Program Files\QuickTime Alternative\unins000.exe" RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471} Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33} Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF} Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF} Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86} Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Texas Hold 'Em --> C:\PROGRA~1\MICROA~1\TEXASH~1\UNWISE.EXE C:\PROGRA~1\MICROA~1\TEXASH~1\INSTALL.LOG Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{F7B05784-334C-4F76-8BAB-30ABEB7FD534}\setup.exe -runfromtemp -l0x0409 Ugrib RC1 --> "C:\Program Files\GRIB.US\unins000.exe" Update for Office 2007 (KB932080) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7} Update for Office 2007 (KB934391) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5} Update for Office 2007 (KB934393) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15} Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E} Update for Outlook 2007 Junk Email Filter (kb936644) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {2B581052-BF85-4AA6-91C5-7B0090712B65} Update for Outlook 2007 Junk Email Filter (kb943597) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A751F0DB-8476-4207-956E-20AEBBA4B1DA} Update for Word 2007 (KB934173) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475} VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u VP6 VFW Codec --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A23866A0-738B-4091-9924-0B0DE3988A15}\Setup.exe" -l0x9 Windows Installer Clean Up --> MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53} Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe World Series of Poker: TOC --> C:\Program Files\Activision Value\World Series of Poker TOC\Uninstall.exe XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe" Yahoo! Toolbar avec bloqueur de fenêtres pop-up --> C:\PROGRA~1\Yahoo!\common\unyt.exe Zuma Star-Wars --> C:\Program Files\Zuma deluxe\StarWars\Uninstal.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type18926 / Warning Event Submitted/Written: 01/20/2008 02:49:43 PM Event ID/Source: 1015 / MsiInstaller Event Description: La connexion au serveur est impossible. Erreur : 0x8007043C Event Record #/Type18925 / Warning Event Submitted/Written: 01/20/2008 02:49:41 PM Event ID/Source: 1015 / MsiInstaller Event Description: La connexion au serveur est impossible. Erreur : 0x8007043C Event Record #/Type18924 / Error Event Submitted/Written: 01/20/2008 02:49:38 PM Event ID/Source: 8193 / System Restore Event Description: Échec de la création d’un point de restauration sur le volume (Processus = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFICE~1\SETUP.EXE -Embedding ; Description = Configured Microsoft Office Enterprise 2007 ; Hr = 0x8007043c). Event Record #/Type18923 / Warning Event Submitted/Written: 01/20/2008 02:49:26 PM Event ID/Source: 1015 / MsiInstaller Event Description: La connexion au serveur est impossible. Erreur : 0x8007043C Event Record #/Type18922 / Warning Event Submitted/Written: 01/20/2008 02:49:24 PM Event ID/Source: 1015 / MsiInstaller Event Description: La connexion au serveur est impossible. Erreur : 0x8007043C -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type101501 / Warning Event Submitted/Written: 01/20/2008 02:41:16 PM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées. Event Record #/Type101499 / Error Event Submitted/Written: 01/20/2008 02:40:54 PM Event ID/Source: 10005 / DCOM Event Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046} Event Record #/Type101262 / Warning Event Submitted/Written: 01/20/2008 04:52:21 AM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées. Event Record #/Type101246 / Warning Event Submitted/Written: 01/20/2008 04:15:47 AM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées. Event Record #/Type101234 / Warning Event Submitted/Written: 01/20/2008 03:47:44 AM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées. -- End of Deckard's System Scanner: finished at 2008-01-20 15:30:45 ------------ J'ai une interrogation sur rlwlahfr.dll c'est un dll que je n'arrive pas à trouver sur les bases de données dll et en plus au démarrage mode normal le system ne le trouve pas. Sans doute pas grave. A+

Bonjour, Depuis qq jours, je me bats pour garder mon ordi en vie. Infecté, j'ai parcouru les forums et essayer pas mal de solutions mais je suis en train de perdre, perte de + en + des fonctions windows et maintenant je n'arrive plus qu'à le démarrer qu'en safe mode. soft essayés Anti-vir, avast, Vundofix, VirtumundoBeGone et autre registry cleaner et d'autres du meme type, j'ai cru au miracle lors d'u reboot apres un kaspersky scan mais rapidement ça c aggravé. je post le log HJT si qq'un peut m'aider? merci Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:37:36, on 19/01/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [2aa81b5c] rundll32.exe "C:\Users\KIGHAF~1\AppData\Local\Temp\rlwlahfr.dll",b O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll eNetHook.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- End of file - 13056 bytes