Contenu de 67papakima - Page 2

infection Lop "résolu"

67papakima a répondu à un(e) sujet de 67papakima dans Analyses et éradication malwares

voilà les 2 fichiersLogfile of random's system information tool 1.06 (written by random/random) Run by papa at 2009-05-08 14:21:22 Microsoft Windows XP Édition familiale Service Pack 2 System drive C: has 20 GB (30%) free of 68 GB Total RAM: 511 MB (10% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:21:55, on 08/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avscan.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Copernic Agent\CopernicAgent.exe C:\Program Files\Winamp\Winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\papa\Bureau\RSIT.exe C:\Program Files\trend micro\papa.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unika.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: (no name) - {73BDB589-CBB0-4727-A071-16280B001130} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {EE57A158-65CB-435D-9438-8CCC4D240C49} - (no file) O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) - O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 9441 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1 Copernic Intra-Daily ~ORDI celine.job C:\WINDOWS\tasks\1 Copernic Intra-Daily ~ORDI fanny christelle.job C:\WINDOWS\tasks\1 Copernic Intra-Daily ~ORDI michelle.job C:\WINDOWS\tasks\1 Copernic Intra-Daily ~ORDI nathalie.job C:\WINDOWS\tasks\1 Copernic Intra-Daily ~ORDI papa.job C:\WINDOWS\tasks\1 Copernic Intra-Daily ~ORDI patrick.job C:\WINDOWS\tasks\2 Copernic Daily ~ORDI celine.job C:\WINDOWS\tasks\2 Copernic Daily ~ORDI fanny christelle.job C:\WINDOWS\tasks\2 Copernic Daily ~ORDI michelle.job C:\WINDOWS\tasks\2 Copernic Daily ~ORDI nathalie.job C:\WINDOWS\tasks\2 Copernic Daily ~ORDI papa.job C:\WINDOWS\tasks\2 Copernic Daily ~ORDI patrick.job C:\WINDOWS\tasks\3 Copernic Weekly ~ORDI celine.job C:\WINDOWS\tasks\3 Copernic Weekly ~ORDI fanny christelle.job C:\WINDOWS\tasks\3 Copernic Weekly ~ORDI michelle.job C:\WINDOWS\tasks\3 Copernic Weekly ~ORDI nathalie.job C:\WINDOWS\tasks\3 Copernic Weekly ~ORDI papa.job C:\WINDOWS\tasks\3 Copernic Weekly ~ORDI patrick.job C:\WINDOWS\tasks\4 Copernic Monthly ~ORDI celine.job C:\WINDOWS\tasks\4 Copernic Monthly ~ORDI fanny christelle.job C:\WINDOWS\tasks\4 Copernic Monthly ~ORDI michelle.job C:\WINDOWS\tasks\4 Copernic Monthly ~ORDI nathalie.job C:\WINDOWS\tasks\4 Copernic Monthly ~ORDI papa.job C:\WINDOWS\tasks\4 Copernic Monthly ~ORDI patrick.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73BDB589-CBB0-4727-A071-16280B001130}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE57A158-65CB-435D-9438-8CCC4D240C49}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - Copernic Agent - C:\PROGRA~1\COPERN~1\COPERN~1.DLL [2004-12-02 1142744] {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "EoEngine"= [] "RegistryMechanic"= [] "AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064] "SMSTray"=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [2007-12-14 132624] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360] "IW_Drop_Icon"=C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe [2004-07-30 1123840] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe [2005-03-04 88209] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-03 339968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\farstone] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fenaffiche] C:\Program Files\FenAffiche\Fenunika.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe [2004-05-06 772096] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe [2004-07-30 1123840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe [2004-02-12 188416] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe [2004-02-12 188416] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe [2004-02-12 77824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau] C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor] C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=0 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe [2003-11-10 406016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realmodenounbird] C:\Documents and Settings\All Users\Application Data\Objmathrealmode\EqOwns.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-12-08 32768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestoreIT!] C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE [2004-02-06 114688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Resume copy] copyfstq.exe /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SchedulingAgent] mstinit.exe /firstlogon [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer] C:\WINDOWS\system32\yrxjlrfx.dll,sitypnow [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\WINDOWS\SOUNDMAN.EXE [2003-12-19 65024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tirgwvp] c:\windows\system32\tirgwvp.exe tirgwvp [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk] C:\Program Files\FinePixViewer\QuickDCF.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2008-04-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk] C:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\wkcalrem.exe [1999-08-06 53317] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk] C:\PROGRA~1\SAGEMW~1.11G\WLANUTL.exe [2004-09-15 679936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gusvc"=3 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Documents and Settings\papa\Menu Démarrer\Programmes\Démarrage OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe Outil de détection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2004-08-03 86016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Media Player Classic\mplayerc.exe"="C:\Program Files\Media Player Classic\mplayerc.exe:*:Disabled:Media Player Classic" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour" "C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" ======List of files/folders created in the last 1 months====== 2009-05-08 14:21:22 ----D---- C:\rsit 2009-05-08 10:43:06 ----D---- C:\Program Files\Avira 2009-05-07 19:51:37 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-05-07 19:51:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-05-07 19:50:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-05-07 19:48:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-05-07 19:47:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-05-07 19:47:25 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-05-07 19:47:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-05-07 19:47:04 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$ 2009-05-07 19:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-05-07 19:46:45 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ ======List of files/folders modified in the last 1 months====== 2009-05-08 14:21:55 ----D---- C:\Program Files\Trend Micro 2009-05-08 14:13:04 ----D---- C:\Program Files\Mozilla Firefox 2009-05-08 14:02:04 ----D---- C:\WINDOWS\system32 2009-05-08 14:02:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-05-08 14:01:46 ----D---- C:\WINDOWS\Prefetch 2009-05-08 13:58:43 ----D---- C:\WINDOWS\Temp 2009-05-08 13:58:36 ----D---- C:\WINDOWS\system32\CatRoot2 2009-05-08 13:58:20 ----D---- C:\WINDOWS 2009-05-08 13:58:12 ----D---- C:\Documents and Settings\papa\Application Data\OpenOffice.org2 2009-05-08 13:08:34 ----D---- C:\WINDOWS\Debug 2009-05-08 11:03:58 ----AC---- C:\WINDOWS\winamp.ini 2009-05-08 10:53:31 ----D---- C:\Program Files\eMule 2009-05-08 10:43:49 ----D---- C:\WINDOWS\system32\drivers 2009-05-08 10:43:48 ----HD---- C:\WINDOWS\inf 2009-05-08 10:43:06 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-05-08 10:43:06 ----AD---- C:\Program Files 2009-05-08 10:40:43 ----N---- C:\WINDOWS\SchedLgU.Txt 2009-05-08 10:36:38 ----SHD---- C:\WINDOWS\Installer 2009-05-08 10:36:37 ----HD---- C:\Config.Msi 2009-05-08 10:36:32 ----D---- C:\WINDOWS\WinSxS 2009-05-08 10:36:26 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-05-07 20:21:05 ----D---- C:\WINDOWS\system32\wbem 2009-05-07 20:21:05 ----D---- C:\WINDOWS\AppPatch 2009-05-07 19:51:39 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-05-07 19:51:15 ----D---- C:\WINDOWS\system32\fr-fr 2009-05-07 19:51:15 ----D---- C:\Program Files\Internet Explorer 2009-05-07 19:47:54 ----HD---- C:\WINDOWS\$hf_mig$ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-20 41600] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632] R1 vobiw;vobiw; C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 188416] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640] R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-09-03 15781] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2005-03-04 1066278] R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-12-19 541548] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800] R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2003-11-28 11264] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-03 768512] R3 cdrdrv;Cdrdrv; C:\WINDOWS\System32\Drivers\Cdrdrv.sys [2004-08-03 62976] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856] R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [2004-08-09 70144] R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-23 6912] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480] R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-03 379456] S2 FBAPI;FBAPI; \??\C:\WINDOWS\System32\drivers\FBAPI.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\celine\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 FINEPIX_PCC;FinePix Digital Camera 020523; C:\WINDOWS\System32\Drivers\V4CB0115.SYS [2001-11-25 81924] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2004-01-21 5915] S3 PID_08A0;Labtec WebCam Pro(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2004-01-21 271360] S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320] S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336] S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-20 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-08-03 389120] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-20 14336] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-20 14336] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-20 14336] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-20 14336] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-20 14336] R3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-03 516096] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2009-05-08 14:22:05 ======Uninstall list====== -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x40c /removeonly -removeonly -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x40c /cont /removeonly -removeonly -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x40c /removeonly -removeonly -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x40c /removeonly -removeonly -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x40c /removeonly -removeonly -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x40c /removeonly -removeonly -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x40c /removeonly -removeonly -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x40c /removeonly -removeonly -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x40c /removeonly -removeonly 32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7} AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Download Manager 2.0 (Supprimer uniquement)-->"C:\Program Files\Fichiers communs\Adobe\ESD\uninst.exe" Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop 7.0.1-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Photoshop Album 2.0 Edition Découverte-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24} Adobe Reader 7.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A71000000002} Agere Systems PCI Soft Modem-->agrsmdel Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1} Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ArcSoft Camera Suite 1.3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}\setup.exe" -l0x40c ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\setup.exe" -l0x40c -uninst ArcSoft VideoImpression 1.6FP-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\ArcSoft\VideoImpression\Uninst.isu" a-squared Free 1.6-->"C:\Program Files\a2 Free\unins000.exe" ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} Canon Utilities PhotoStitch 3.1-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Copernic Agent Professional-->"C:\WINDOWS\CopernicAgentUninstall.exe" /ARGSFILE="C:\Program Files\Copernic Agent\unwise.dat" Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Creative Modem Blaster V.92 DI5733-1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1C0717C-546A-11D7-9963-00A0C92C4EC3}\setup.exe" -l0x40c /remove Disney Le Retour des Méchants-->C:\WINDOWS\IsUn040c.exe -fC:\PROGRA~1\DISNEY~1\DISNEY~1\DeIsL1.isu DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC eMule-->"C:\Program Files\eMule\Uninstall.exe" EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe" FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE" Garmin POI Loader-->MsiExec.exe /X{80A2A967-C1B7-412D-B2B2-C4A33209C205} Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5} GdgAnglais6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D119E97E-D010-11D8-B72F-00C04F4351FF}\Setup.exe" -l0x40c Google Earth-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe" HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Deskjet All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}\setup\hpzscr01.exe -datfile hposcr14.dat HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7} HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5} HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3} IC Card Reader Driver v1.9e-->C:\WINDOWS\iun6002.exe "C:\Program Files\IC\Card Reader Driver v1.9e\irunin.ini" Inkscape 0.46-->C:\Program Files\Inkscape\Uninstall.exe InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe ItsTV 3.0-->"C:\Program Files\ItsLabel\unins000.exe" iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A} J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} Jigsaw Puzzle Lite (remove only)-->"C:\Program Files\KraiSoft\Jigsaw Puzzle Lite\uninstall.exe" KaraFun 0.40-->"C:\Program Files\KaraFun\unins000.exe" Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe Kaspersky On-line Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe Labtec WebCam-->MsiExec.exe /I{58E653BE-BD68-4D68-BB2E-3AE1B925AAD0} Language pack for Ad-Aware SE-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe" Livebox-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}\Setup.exe" -l0x40c LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE Macrogaming SweetIM 1.2a-->MsiExec.exe /X{5827C8C9-A3C6-4E7C-AA70-F6AFAB52F981} Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Matroska Pack (remove only)-->C:\Program Files\Matroska Pack\Uninstall.exe Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9} Microsoft Publisher 2002-->MsiExec.exe /I{9019040C-6000-11D3-8CFE-0050048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Works 2000-->MsiExec.exe /I{A3088CD2-612B-11D3-AF43-00C04F443448} Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Navilog1 3.1.1-->"C:\Program Files\Navilog1\unins000.exe" OpenOffice.org 2.1-->MsiExec.exe /I{E5430A11-6799-41E0-A9D5-F68BDC67AAD8} Pac-Guy Christmas Edition-->C:\Program Files\Astral Entertainment\PACXMAS\uninst32.exe Panda NanoScan-->C:\Program Files\Panda Security\NanoScan\nanounst.exe Panda TotalScan-->C:\Program Files\Panda Security\TotalScan\ascuninst.exe PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe" Picture Package Music Transfer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x40c /removeonly -removeonly Pinnacle InstantCD/DVD Suite-->MsiExec.exe /I{A01872BE-2123-4F1B-B295-E3D1774DC0C9} Pixia 3.3b-->"C:\Program Files\Seagrand\Pixia\unins000.exe" PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall PowerQuest PartitionMagic 8.0 Demo-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Labtec\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Quick Zip 4.60.017b-->"C:\Program Files\QuickZip4\unins000.exe" QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} rayman2-->C:\WINDOWS\UbiSoft\SetupUbi.exe -uninstall rayman2 Real Alternative 1.23-->"C:\Program Files\Real Alternative\unins000.exe" RealPlayer Basic-->C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x40c REMOVE Registry Mechanic 7.0-->"C:\Program Files\Registry Mechanic\unins000.exe" Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E691604-B328-4B4A-8F17-C9D6395075C5}\Setup.exe" -l0x40c SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe Samsung Media Studio 5-->"C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\Setup.exe" -runfromtemp -l0x040c -removeonly SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly Samsung PC Studio 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly ScanToWeb-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Skype 3.0-->"C:\Program Files\Skype\Phone\unins000.exe" Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} Sony Picture Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x40c /removeonly uninstall -removeonly Sony USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x40c UNINSTALL -removeonly Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" SweetIM For Internet Explorer 1.0a-->MsiExec.exe /X{BBB1528C-2F8C-4526-9C8E-699F17AF21CA} Videora iPod Converter 3.07-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe" Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Live Sign-in Assistant-->MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe WinLibre-->"C:\Program Files\WinLibre\unins000.exe" ======Hosts File====== 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: ORDI Event Code: 11 Message: Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk5\D. Record Number: 86009 Source Name: Disk Time Written: 20081226181307.000000+060 Event Type: erreur User: Computer Name: ORDI Event Code: 11 Message: Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk5\D. Record Number: 86008 Source Name: Disk Time Written: 20081226181306.000000+060 Event Type: erreur User: Computer Name: ORDI Event Code: 11 Message: Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk5\D. Record Number: 86007 Source Name: Disk Time Written: 20081226181305.000000+060 Event Type: erreur User: Computer Name: ORDI Event Code: 11 Message: Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk5\D. Record Number: 86006 Source Name: Disk Time Written: 20081226181304.000000+060 Event Type: erreur User: Computer Name: ORDI Event Code: 11 Message: Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk5\D. Record Number: 86005 Source Name: Disk Time Written: 20081226181303.000000+060 Event Type: erreur User: =====Application event log===== Computer Name: ORDI Event Code: 105 Message: The service was started. Record Number: 6315 Source Name: ATI Smart Time Written: 20081011101845.000000+120 Event Type: Informations User: Computer Name: ORDI Event Code: 4118 Message: ERREUR D'EXCEPTION lors de l'accès à la fonction pour le fichier C:\Documents and Settings\fanny christelle\Application Data\Mozilla\Firefox\Profiles\udvrd4r3.Utilisateur par défaut\searchplugins\LiveSearch.xml. [uNKNOWN Exception!! EIP = 20533248] Veuillez informer Avira et transmettre le fichier ci-dessus! Record Number: 6314 Source Name: Avira AntiVir Time Written: 20081010201653.000000+120 Event Type: erreur User: AUTORITE NT\SYSTEM Computer Name: ORDI Event Code: 4118 Message: ERREUR D'EXCEPTION lors de l'accès à la fonction pour le fichier C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml. [uNKNOWN Exception!! EIP = 20533248] Veuillez informer Avira et transmettre le fichier ci-dessus! Record Number: 6313 Source Name: Avira AntiVir Time Written: 20081010194002.000000+120 Event Type: erreur User: AUTORITE NT\SYSTEM Computer Name: ORDI Event Code: 302 Message: msnmsgr (2292) \\.\C:\Documents and Settings\celine\Local Settings\Application Data\Microsoft\Messenger\lilka_6_7@hotmail.com\SharingMetadata\Working\database_0_0_82DF_576E\dfsr.db: Le moteur de base de données a exécuté la procédure de récupération avec succès. Record Number: 6312 Source Name: ESENT Time Written: 20081010192320.000000+120 Event Type: Informations User: Computer Name: ORDI Event Code: 301 Message: msnmsgr (2292) \\.\C:\Documents and Settings\celine\Local Settings\Application Data\Microsoft\Messenger\lilka_6_7@hotmail.com\SharingMetadata\Working\database_0_0_82DF_576E\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\celine\Local Settings\Application Data\Microsoft\Messenger\lilka_6_7@hotmail.com\SharingMetadata\Working\database_0_0_82DF_576E\fsr.log. Record Number: 6311 Source Name: ESENT Time Written: 20081010192319.000000+120 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Fichiers communs\GTK\2.0\bin;C:\Documents and Settings\Administrateur\Menu DÚmarrer\Programmes\Accessoires\Loisirs\2.0\bin;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322 "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0a00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "LANG"=fr "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip -----------------EOF-----------------

le 8 mai 2009
38 réponses

infection Lop "résolu"

67papakima a posté un sujet dans Analyses et éradication malwares

bonjour, voilà pas mal de temps que mon ordi "rame". J'ai effectué une analyse avec antivir, lequel a trouvé les problèmes suivants : - TR/Dldr Swizzor.Gen - ADSY/AdSpy.Gen pourriez-vous m'aider a supprimer ces problèmes ? d'avance merci

le 8 mai 2009
38 réponses

infections

67papakima a répondu à un(e) sujet de 67papakima dans Analyses et éradication malwares

re-bonjour, j'ai voulu désinstaller navilog1 via ajout/suppression sdes programes le message suivant s'est affiché "fichier c\Program files\Navilog1\unins000.dat" n'existe pas pour combofix, j'ai eu ce message : window ne trouve pas c:\Documents and Settings\papa\bureau\combifix exe merci à +

le 11 mai 2008
4 réponses

infections

67papakima a répondu à un(e) sujet de 67papakima dans Analyses et éradication malwares

bonjour, j'ai refait un scan antivir ce jour, ci-joint le rapport a++++++++ Avira AntiVir Personal Report file date: dimanche 11 mai 2008 12:18 Scanning for 1258665 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: ORDI Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58 ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 12:23:30 ANTIVIR3.VDF : 7.0.4.23 99840 Bytes 09/05/2008 12:52:13 Engineversion : 8.1.0.42 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.31 262522 Bytes 09/05/2008 12:52:21 AESCN.DLL : 8.1.0.16 119156 Bytes 09/05/2008 12:52:20 AERDL.DLL : 8.1.0.20 418165 Bytes 29/04/2008 14:03:29 AEPACK.DLL : 8.1.1.4 364918 Bytes 29/04/2008 14:03:28 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 29/04/2008 14:03:27 AEHEUR.DLL : 8.1.0.26 1237366 Bytes 09/05/2008 12:52:20 AEHELP.DLL : 8.1.0.14 115063 Bytes 29/04/2008 14:03:24 AEGEN.DLL : 8.1.0.20 299380 Bytes 09/05/2008 12:52:17 AEEMU.DLL : 8.1.0.6 430451 Bytes 09/05/2008 12:52:16 AECORE.DLL : 8.1.0.28 168310 Bytes 09/05/2008 12:52:15 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, K:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: dimanche 11 mai 2008 12:18 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'SPUVolumeWatcher.exe' - '1' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'iwctrl.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 29 processes with 29 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'K:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '21' files ). Starting the file scan: Begin scan in 'C:\' <Système> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Program Files\Navilog1\reboot.exe [DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program [NOTE] The file was moved to '4888d7c3.qua'! C:\System Volume Information\_restore{623C066B-91E0-4BCB-9DD7-3F8AA43AE9EF}\RP785\A0452893.exe [DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program [NOTE] The file was moved to '485adaed.qua'! C:\WINDOWS\catchme.exe --> Object [1] Archive type: RSRC --> Object [DETECTION] Is the Trojan horse TR/Hijack.Agent.AC [NOTE] The file was moved to '489adb7e.qua'! C:\WINDOWS\NirCmd.exe [DETECTION] Contains detection pattern of the application APPL/NirCmd.3 [NOTE] The file was moved to '4898db8d.qua'! Begin scan in 'K:\' <Multimedia> End of the scan: dimanche 11 mai 2008 14:55 Used time: 2:36:45 min The scan has been done completely. 10484 Scanning directories 374287 Files were scanned 4 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 4 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 374283 Files not concerned 8697 Archives were scanned 6 Warnings 4 Notes

le 11 mai 2008
4 réponses

infections

67papakima a posté un sujet dans Analyses et éradication malwares

bonjour j'ai passé un scan avec antivir il m'a trouvé les "problèmes" suivants Trj/dldr.swizzor.gen - trj/dldr. conhook.gen - trj/dropper.gen- dr/delphi.gen - dr/gator.3202 qui peut me donner des conseils ? je viens de faire un hijacktT :P is et me permets de joindre le bloc-note merci Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:50:57, on 10/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Copernic Agent\CopernicAgent.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\papa\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unika.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: (no name) - {73BDB589-CBB0-4727-A071-16280B001130} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O2 - BHO: (no name) - {EE57A158-65CB-435D-9438-8CCC4D240C49} - (no file) O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) - O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe -- End of file - 8449 bytes

le 10 mai 2008
4 réponses

window

67papakima a posté un sujet dans Software

Bonsoir, Toutes les icones et leur contenu de 2 de mes utilisateurs ont disparues. Résultat une page bleue avec un prés comme fond d'écran Avant la disparition un "compte à rebours" de window (pas le temps de lire le contenu du texte) Quelqu'un aurait-il déjà eu ce (ces) problème (s) ? Je crains que les 2 autres utilisateurs soient prochainement concernés Merci pour toute réponse

le 19 avril 2008
2 réponses

ordi infecté

67papakima a répondu à un(e) sujet de 67papakima dans Analyses et éradication malwares

OTmoveIT2 OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04072008_175435

le 7 avril 2008
12 réponses

ordi infecté

67papakima a répondu à un(e) sujet de 67papakima dans Analyses et éradication malwares

Bonsoir, ci-joint le rapport lopxpMH2 A bientôtRapport lopxpMH2 version 2.0 fait à 16:52:07,50 le 07/04/2008 C:\Documents and Settings\patrick\Bureau\lopxpMH2 ****************************************** ## Répertoires Application Data Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\Administrateur\Application Data 31/03/2007 18:33 <REP> . 31/03/2007 18:33 <REP> .. 26/09/2007 21:17 <REP> Adobe 31/03/2007 18:33 <REP> AOL 31/03/2007 18:33 <REP> Identities 31/03/2007 18:33 <REP> Microsoft 31/03/2007 18:33 <REP> You've Got Pictures Screensaver 31/03/2007 18:33 62 desktop.ini 26/09/2007 21:35 678 QuickZip45.ini 2 fichier(s) 740 octets 7 Rép(s) 35 506 180 096 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data 31/03/2007 18:33 <REP> . 31/03/2007 18:33 <REP> .. 26/09/2007 21:17 <REP> Adobe 31/03/2007 18:33 <REP> ApplicationHistory 31/03/2007 18:33 <REP> Microsoft 31/03/2007 18:33 135 fusioncache.dat 31/03/2007 18:33 1 107 216 IconCache.db 2 fichier(s) 1 107 351 octets 5 Rép(s) 35 506 167 808 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\All Users\Application Data 01/01/2003 06:03 <REP> . 01/01/2003 06:03 <REP> .. 26/05/2005 20:18 <REP> Adobe 14/10/2004 16:23 <REP> AOL 27/01/2008 17:50 <REP> Apple 25/12/2007 15:45 <REP> Apple Computer 14/10/2004 16:38 <REP> CyberLink 20/06/2007 19:27 <REP> Google 16/03/2008 14:12 <REP> Hewlett-Packard 16/03/2008 13:58 <REP> HP 16/03/2008 13:58 <REP> HP Product Assistant 16/03/2008 14:07 <REP> HPSSUPPLY 24/04/2007 11:40 <REP> Messenger Plus! 01/01/2003 06:03 <REP> Microsoft 10/11/2004 18:02 <REP> MSN6 30/05/2007 16:07 <REP> muvee Technologies 18/05/2007 17:52 <REP> Objmathrealmode 14/10/2004 16:24 <REP> QuickTime 14/10/2004 15:41 <REP> SBSI 31/10/2005 20:37 <REP> Skype 02/01/2008 20:39 <REP> soft chic meet great 22/07/2005 19:39 <REP> Spybot - Search & Destroy 11/11/2004 18:09 <REP> Symantec 30/10/2005 22:26 <REP> vidcap 14/10/2004 16:24 <REP> Viewpoint 16/03/2008 16:15 <REP> WEBREG 05/08/2005 08:48 <REP> Windows Genuine Advantage 25/11/2007 14:27 <REP> WLInstaller 24/03/2006 21:10 <REP> Yahoo! Companion 01/01/2003 06:04 62 desktop.ini 16/03/2008 13:53 795 hpzinstall.log 29/12/2007 22:26 1 755 QTSBandwidthCache 3 fichier(s) 2 612 octets 29 Rép(s) 35 506 167 808 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\celine\Application Data 10/11/2004 19:53 <REP> . 10/11/2004 19:53 <REP> .. 11/11/2004 16:49 <REP> Adobe 11/11/2004 16:49 <REP> AdobeUM 10/11/2004 19:53 <REP> AOL 30/12/2007 17:53 <REP> Apple Computer 20/11/2004 13:52 <REP> ArcSoft 06/02/2005 22:06 <REP> Azureus 26/12/2007 22:00 <REP> chin two 11/11/2004 19:28 <REP> Copernic 28/07/2005 19:30 <REP> CyberLink 16/11/2004 21:03 <REP> EPSON 24/12/2007 16:46 <REP> EstSoft 27/01/2007 17:41 <REP> FUJIFILM 23/07/2007 21:25 <REP> Google 11/11/2004 17:30 <REP> Help 16/03/2008 14:05 <REP> HPAppData 10/11/2004 19:53 <REP> Identities 22/07/2005 19:22 <REP> Lavasoft 12/11/2004 20:30 <REP> Macromedia 10/11/2004 19:53 <REP> Microsoft 06/02/2005 20:57 <REP> Mozilla 12/11/2004 19:59 <REP> MSN6 10/02/2007 15:04 <REP> OpenOffice.org2 03/02/2005 20:54 <REP> Real 11/09/2005 17:16 <REP> Skype 06/02/2005 22:06 <REP> Sun 11/11/2004 18:09 <REP> Symantec 18/09/2006 08:51 <REP> Talkback 18/09/2006 08:53 <REP> Thunderbird 18/10/2005 19:14 <REP> vlc 10/11/2004 19:53 <REP> You've Got Pictures Screensaver 10/11/2004 19:53 62 desktop.ini 02/06/2005 18:45 81 448 GDIPFONTCACHEV1.DAT 12/08/2007 14:05 1 327 QuickZip45.ini 3 fichier(s) 82 837 octets 32 Rép(s) 35 506 163 712 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\celine\Local Settings\Application Data 10/11/2004 19:53 <REP> . 10/11/2004 19:53 <REP> .. 11/11/2004 16:49 <REP> Adobe 30/12/2007 17:56 <REP> Apple Computer 10/11/2004 19:53 <REP> ApplicationHistory 21/06/2007 20:14 <REP> Google 11/11/2004 17:30 <REP> Help 17/11/2004 17:57 <REP> Identities 10/11/2004 19:53 <REP> Microsoft 18/09/2006 08:51 <REP> Mozilla 18/09/2006 08:53 <REP> Thunderbird 11/11/2004 22:24 41 984 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 10/11/2004 19:53 129 fusioncache.dat 21/11/2004 16:13 81 448 GDIPFONTCACHEV1.DAT 10/11/2004 19:53 3 785 806 IconCache.db 4 fichier(s) 3 909 367 octets 11 Rép(s) 35 506 163 712 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\Default User\Application Data 01/01/2003 06:03 <REP> . 01/01/2003 06:03 <REP> .. 10/11/2004 11:24 <REP> AOL 01/01/2003 06:15 <REP> Identities 01/01/2003 06:03 <REP> Microsoft 10/11/2004 11:24 <REP> You've Got Pictures Screensaver 01/01/2003 06:04 62 desktop.ini 1 fichier(s) 62 octets 6 Rép(s) 35 506 163 712 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data 01/01/2003 06:04 <REP> . 01/01/2003 06:04 <REP> .. 10/11/2004 11:24 <REP> ApplicationHistory 01/01/2003 06:10 <REP> Microsoft 10/11/2004 11:24 135 fusioncache.dat 10/11/2004 11:24 4 260 278 IconCache.db 2 fichier(s) 4 260 413 octets 4 Rép(s) 35 506 163 712 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\fanny christelle\Application Data 10/11/2004 18:03 <REP> . 10/11/2004 18:03 <REP> .. 17/11/2005 18:22 <REP> Adobe 14/01/2006 12:11 <REP> AdobeUM 10/11/2004 18:03 <REP> AOL 29/12/2007 22:26 <REP> Apple Computer 06/02/2007 19:02 <REP> Azureus 24/04/2007 11:32 <REP> chin two 03/12/2005 09:53 <REP> Copernic 28/07/2005 18:12 <REP> CyberLink 12/09/2007 16:28 <REP> EPSON 22/12/2007 16:00 <REP> ESTsoft 29/03/2007 19:50 <REP> Google 27/03/2007 12:33 <REP> Help 03/04/2008 19:04 <REP> HP 16/03/2008 15:05 <REP> HPAppData 10/11/2004 18:03 <REP> Identities 16/12/2004 19:51 <REP> Macromedia 10/11/2004 18:03 <REP> Microsoft 06/02/2005 21:01 <REP> Mozilla 10/11/2004 18:20 <REP> MSN6 29/03/2007 19:48 <REP> OpenOffice.org2 06/06/2006 17:08 <REP> Real 24/04/2007 11:32 <REP> Screenshot Sender 22/03/2006 13:04 <REP> Skype 29/05/2007 18:44 <REP> Sony Corporation 06/11/2005 21:40 <REP> Sun 18/09/2006 19:34 <REP> Talkback 14/10/2006 19:38 <REP> Thunderbird 10/11/2004 18:03 <REP> You've Got Pictures Screensaver 10/11/2004 18:03 62 desktop.ini 22/10/2006 11:59 81 448 GDIPFONTCACHEV1.DAT 12/05/2007 15:43 932 QuickZip45.ini 3 fichier(s) 82 442 octets 30 Rép(s) 35 506 159 616 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\fanny christelle\Local Settings\Application Data 10/11/2004 18:03 <REP> . 10/11/2004 18:03 <REP> .. 17/11/2005 18:22 <REP> Adobe 29/12/2007 22:26 <REP> Apple Computer 10/11/2004 18:03 <REP> ApplicationHistory 29/03/2007 19:50 <REP> Google 27/03/2007 12:33 <REP> Help 03/11/2005 19:45 <REP> Identities 10/11/2004 18:03 <REP> Microsoft 18/09/2006 19:33 <REP> Mozilla 08/12/2006 18:17 <REP> OD2 14/10/2006 19:38 <REP> Thunderbird 28/07/2005 17:59 80 896 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 10/11/2004 18:03 135 fusioncache.dat 14/01/2005 09:11 81 448 GDIPFONTCACHEV1.DAT 10/11/2004 18:03 1 578 860 IconCache.db 4 fichier(s) 1 741 339 octets 12 Rép(s) 35 506 159 616 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\LocalService\Application Data 01/01/2003 06:18 <REP> . 01/01/2003 06:18 <REP> .. 01/01/2003 06:18 <REP> Microsoft 27/06/2006 17:29 <REP> Mozilla 0 fichier(s) 0 octets 4 Rép(s) 35 506 159 616 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data 01/01/2003 06:18 <REP> . 01/01/2003 06:18 <REP> .. 01/01/2003 06:18 <REP> Microsoft 0 fichier(s) 0 octets 3 Rép(s) 35 506 159 616 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\michelle\Application Data 10/11/2004 11:25 <REP> . 10/11/2004 11:25 <REP> .. 19/12/2004 18:51 <REP> Adobe 14/01/2005 09:52 <REP> AdobeUM 10/11/2004 11:25 <REP> AOL 08/12/2004 18:22 <REP> ArcSoft 02/01/2008 21:31 <REP> chin two 20/11/2004 20:51 <REP> Copernic 20/06/2006 13:30 <REP> EPSON 29/12/2007 11:27 <REP> ESTsoft 13/08/2005 20:07 <REP> FUJIFILM 25/08/2005 11:28 <REP> Google 27/02/2005 16:46 <REP> Help 17/03/2008 10:16 <REP> HPAppData 10/11/2004 11:25 <REP> Identities 04/08/2006 10:31 <REP> Leadertech 12/11/2004 18:28 <REP> Macromedia 10/11/2004 11:25 <REP> Microsoft 06/02/2005 21:03 <REP> Mozilla 18/11/2007 15:23 <REP> OpenOffice.org2 08/01/2005 22:18 <REP> Real 24/12/2007 09:29 <REP> Sony Corporation 20/02/2005 12:13 <REP> Sun 18/09/2006 19:46 <REP> Talkback 30/10/2006 19:53 <REP> Thunderbird 28/09/2005 21:11 <REP> vlc 10/11/2004 11:25 <REP> You've Got Pictures Screensaver 29/11/2005 09:42 1 563 AdobeDLM.log 10/11/2004 11:25 62 desktop.ini 29/11/2005 09:42 0 dm.ini 17/11/2006 20:46 80 656 GDIPFONTCACHEV1.DAT 02/06/2007 10:07 1 016 QuickZip45.ini 5 fichier(s) 83 297 octets 27 Rép(s) 35 506 155 520 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\michelle\Local Settings\Application Data 10/11/2004 11:25 <REP> . 10/11/2004 11:25 <REP> .. 14/01/2005 09:52 <REP> Adobe 04/03/2008 10:29 <REP> Apple Computer 10/11/2004 11:25 <REP> ApplicationHistory 20/06/2007 19:27 <REP> Google 27/02/2005 16:46 <REP> Help 03/02/2005 16:47 <REP> Identities 10/11/2004 11:25 <REP> Microsoft 18/09/2006 19:46 <REP> Mozilla 11/12/2006 09:59 <REP> OD2 30/10/2006 19:53 <REP> Thunderbird 20/11/2004 20:46 39 424 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 10/11/2004 11:25 135 fusioncache.dat 19/12/2004 18:42 81 448 GDIPFONTCACHEV1.DAT 10/11/2004 11:25 5 874 170 IconCache.db 4 fichier(s) 5 995 177 octets 12 Rép(s) 35 506 155 520 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\nathalie\Application Data 10/11/2004 17:57 <REP> . 10/11/2004 17:57 <REP> .. 30/11/2004 21:09 <REP> Adobe 05/12/2004 18:57 <REP> AdobeUM 10/11/2004 17:57 <REP> AOL 25/12/2007 15:49 <REP> Apple Computer 09/02/2005 18:49 <REP> ArcSoft 06/02/2005 22:34 <REP> Azureus 14/01/2008 18:36 <REP> chin two 01/02/2005 17:40 <REP> Copernic 24/08/2005 19:41 <REP> Google 15/04/2005 17:21 <REP> Help 10/11/2004 17:57 <REP> Identities 16/11/2004 22:17 <REP> Macromedia 10/11/2004 17:57 <REP> Microsoft 06/02/2005 21:05 <REP> Mozilla 10/11/2004 18:02 <REP> MSN6 17/11/2004 18:01 <REP> Real 06/03/2005 18:58 <REP> Sun 20/09/2006 16:44 <REP> Talkback 11/10/2006 13:58 <REP> Thunderbird 21/03/2005 20:23 <REP> vlc 10/11/2004 17:57 <REP> You've Got Pictures Screensaver 10/11/2004 17:57 62 desktop.ini 12/12/2004 21:05 81 448 GDIPFONTCACHEV1.DAT 15/08/2007 15:07 1 130 QuickZip45.ini 3 fichier(s) 82 640 octets 23 Rép(s) 35 506 155 520 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\nathalie\Local Settings\Application Data 10/11/2004 17:57 <REP> . 10/11/2004 17:57 <REP> .. 05/12/2004 18:57 <REP> Adobe 25/12/2007 15:41 <REP> Apple Computer 10/11/2004 17:57 <REP> ApplicationHistory 13/05/2007 19:49 <REP> Google 15/04/2005 17:21 <REP> Help 09/02/2005 18:06 <REP> Identities 10/11/2004 17:57 <REP> Microsoft 20/09/2006 16:44 <REP> Mozilla 11/10/2006 13:58 <REP> Thunderbird 30/11/2004 21:10 46 080 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 10/11/2004 17:57 135 fusioncache.dat 06/01/2005 20:38 81 448 GDIPFONTCACHEV1.DAT 10/11/2004 17:57 4 319 206 IconCache.db 4 fichier(s) 4 446 869 octets 11 Rép(s) 35 506 151 424 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\NetworkService\Application Data 01/01/2003 06:18 <REP> . 01/01/2003 06:18 <REP> .. 28/10/2005 15:29 <REP> Copernic 01/01/2003 06:18 <REP> Microsoft 0 fichier(s) 0 octets 4 Rép(s) 35 506 151 424 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data 01/01/2003 06:18 <REP> . 01/01/2003 06:18 <REP> .. 08/02/2008 21:58 <REP> Apple 01/01/2003 06:18 <REP> Microsoft 0 fichier(s) 0 octets 4 Rép(s) 35 506 151 424 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\patrick\Application Data 11/11/2004 17:37 <REP> . 11/11/2004 17:37 <REP> .. 12/11/2004 11:48 <REP> Adobe 28/01/2005 16:55 <REP> AdobeUM 11/11/2004 17:37 <REP> AOL 30/05/2006 15:07 <REP> ArcSoft 07/02/2005 19:40 <REP> Azureus 04/01/2008 16:42 <REP> chin two 12/11/2004 11:48 <REP> Copernic 22/12/2007 10:38 <REP> ESTsoft 13/08/2005 22:22 <REP> FUJIFILM 22/08/2005 20:57 <REP> Google 25/02/2005 22:52 <REP> Help 03/04/2008 13:58 <REP> HP 17/03/2008 18:40 <REP> HPAppData 11/11/2004 17:37 <REP> Identities 12/11/2004 12:00 <REP> Macromedia 11/11/2004 17:37 <REP> Microsoft 06/02/2005 21:06 <REP> Mozilla 15/01/2005 12:12 <REP> Real 26/09/2007 21:06 <REP> Skype 27/05/2007 15:01 <REP> Sony Corporation 08/02/2005 21:21 <REP> Sun 19/09/2006 17:32 <REP> Talkback 19/09/2006 18:09 <REP> Thunderbird 19/03/2005 17:26 <REP> vlc 11/11/2004 17:37 <REP> You've Got Pictures Screensaver 11/11/2004 17:37 62 desktop.ini 16/11/2006 16:43 78 680 GDIPFONTCACHEV1.DAT 16/05/2007 22:18 1 810 QuickZip45.ini 3 fichier(s) 80 552 octets 27 Rép(s) 35 506 151 424 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\patrick\Local Settings\Application Data 11/11/2004 17:37 <REP> . 11/11/2004 17:37 <REP> .. 28/01/2005 16:55 <REP> Adobe 27/01/2008 17:50 <REP> Apple 27/01/2008 17:50 <REP> Apple Computer 11/11/2004 17:37 <REP> ApplicationHistory 02/06/2007 13:02 <REP> Copernic 12/05/2007 11:43 <REP> Google 25/02/2005 22:52 <REP> Help 16/03/2008 16:58 <REP> HP 05/12/2004 00:01 <REP> Identities 11/11/2004 17:37 <REP> Microsoft 19/09/2006 17:32 <REP> Mozilla 09/12/2006 16:48 <REP> OD2 19/09/2006 18:09 <REP> Thunderbird 24/11/2004 23:53 49 664 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 11/11/2004 17:37 135 fusioncache.dat 13/01/2005 15:26 81 448 GDIPFONTCACHEV1.DAT 11/11/2004 17:37 4 843 440 IconCache.db 4 fichier(s) 4 974 687 octets 15 Rép(s) 35 506 151 424 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Documents and Settings\Propriétaire\Application Data 07/05/2005 17:13 <REP> . 07/05/2005 17:13 <REP> .. 07/05/2005 17:13 <REP> You've Got Pictures Screensaver 0 fichier(s) 0 octets 3 Rép(s) 35 506 147 328 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data 01/01/2003 06:17 <REP> . 01/01/2003 06:17 <REP> .. 10/11/2004 11:24 <REP> AOL 01/01/2003 06:17 <REP> Identities 01/01/2003 06:17 <REP> Microsoft 10/11/2004 11:24 <REP> You've Got Pictures Screensaver 01/01/2003 06:17 62 desktop.ini 1 fichier(s) 62 octets 6 Rép(s) 35 506 147 328 octets libres Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data 01/01/2003 06:17 <REP> . 01/01/2003 06:17 <REP> .. 10/11/2004 11:24 <REP> ApplicationHistory 01/01/2003 06:17 <REP> Microsoft 10/11/2004 11:24 135 fusioncache.dat 10/11/2004 11:24 4 260 278 IconCache.db 2 fichier(s) 4 260 413 octets 4 Rép(s) 35 506 147 328 octets libres ****************************************** Recherche des taches planifiées dans C:\WINDOWS\tasks C:\WINDOWS\Tasks\1 1 inexploitable C:\WINDOWS\Tasks\1 1 inexploitable C:\WINDOWS\Tasks\1 1 inexploitable C:\WINDOWS\Tasks\1 1 inexploitable C:\WINDOWS\Tasks\1 1 inexploitable C:\WINDOWS\Tasks\2 2 inexploitable C:\WINDOWS\Tasks\2 2 inexploitable C:\WINDOWS\Tasks\2 2 inexploitable C:\WINDOWS\Tasks\2 2 inexploitable C:\WINDOWS\Tasks\2 2 inexploitable C:\WINDOWS\Tasks\3 3 inexploitable C:\WINDOWS\Tasks\3 3 inexploitable C:\WINDOWS\Tasks\3 3 inexploitable C:\WINDOWS\Tasks\3 3 inexploitable C:\WINDOWS\Tasks\3 3 inexploitable C:\WINDOWS\Tasks\4 4 inexploitable C:\WINDOWS\Tasks\4 4 inexploitable C:\WINDOWS\Tasks\4 4 inexploitable C:\WINDOWS\Tasks\4 4 inexploitable C:\WINDOWS\Tasks\4 4 inexploitable C:\WINDOWS\Tasks\AppleSoftwareUpdate.job ?+å=?\~L‹þ—Ó*¸F ê < s €!Ø : : C : \ P r o g r a m F i l e s \ A p p l e S o f t w a r e U p d a t e \ S o f t w a r e U p d a t e . e x e - t a s k S Y S T E M 0 Ø : ****************************************** ## Répertoires de C:\Program Files Le volume dans le lecteur C s'appelle Système Le numéro de série du volume est 82DF-576E Répertoire de C:\Program Files 05/04/2008 09:22 <REP> . 05/04/2008 09:22 <REP> .. 23/03/2007 13:45 <REP> a2 Free 11/11/2004 18:47 <REP> AC3Filter 23/04/2007 13:21 <REP> Adobe 22/07/2005 20:06 <REP> Alwil Software 27/01/2008 17:50 <REP> Apple Software Update 19/02/2007 22:02 <REP> ArcSoft 21/04/2006 15:31 <REP> Astral Entertainment 20/10/2004 14:42 <REP> ATI Technologies 30/05/2007 16:03 <REP> Autofr 14/10/2004 16:05 <REP> AvRack 27/01/2007 19:46 <REP> Azureus 29/06/2005 16:39 <REP> Canon 27/01/2007 18:22 <REP> CCleaner 28/02/2008 16:13 <REP> chin two 04/04/2008 17:18 <REP> Circle Developement 03/04/2008 17:23 <REP> Copernic Agent 14/10/2004 16:02 <REP> Creative 14/10/2004 16:38 <REP> CyberLink 08/06/2006 12:28 <REP> DIFX 27/04/2007 11:54 <REP> Disney Interactive 10/01/2008 21:13 <REP> DivX 21/04/2006 11:56 <REP> Electronic Arts 20/03/2008 11:56 <REP> eMule 31/03/2008 21:39 <REP> EPSON 02/01/2008 18:47 <REP> ESTsoft 05/04/2008 09:14 <REP> Fichiers communs 08/11/2005 21:00 <REP> FileZilla 22/09/2007 19:32 <REP> GIMP-2.0 31/08/2007 17:52 <REP> Google 16/03/2008 13:57 <REP> Hewlett-Packard 14/10/2004 15:31 <REP> HighMAT CD Writing Wizard 16/03/2008 14:07 <REP> HP 14/10/2004 17:10 <REP> IC 22/01/2005 20:46 <REP> InterActual 13/02/2008 23:13 <REP> Internet Explorer 25/12/2007 15:48 <REP> iPod 02/01/2008 18:46 <REP> iTunes 02/01/2008 18:47 <REP> Jasc Software Inc 13/11/2006 20:22 <REP> Java 22/05/2007 17:04 <REP> KaraFun 22/05/2007 19:37 <REP> KraiSoft 22/07/2005 19:22 <REP> Lavasoft 05/01/2006 16:37 <REP> Logitech 11/11/2004 18:47 <REP> Matroska Pack 30/10/2006 18:14 <REP> Media Player Classic 10/01/2008 21:13 <REP> Messenger 02/04/2008 15:36 <REP> Messenger Plus! Live 02/01/2008 21:08 <REP> Microsoft CAPICOM 2.1.0.2 01/01/2003 06:16 <REP> microsoft frontpage 11/11/2004 19:10 <REP> Microsoft Office 10/01/2008 21:13 <REP> Microsoft Works 18/12/2004 18:38 <REP> Mindscape 10/01/2008 21:13 <REP> Movie Maker 07/04/2008 16:46 <REP> Mozilla Firefox 12/11/2004 22:14 <REP> MSN 01/01/2003 06:07 <REP> MSN Gaming Zone 16/02/2008 15:26 <REP> MSN Messenger 15/08/2007 14:32 <REP> MSXML 4.0 02/01/2008 18:47 <REP> Navilog1 23/04/2007 13:22 <REP> NetMeeting 22/07/2005 19:51 <REP> Norton AntiVirus 02/01/2008 18:47 <REP> Norton Security Scan 10/02/2007 15:00 <REP> OpenOffice.org 2.1 12/06/2007 21:26 <REP> Outlook Express 03/10/2007 15:22 <REP> Panda Security 14/10/2004 15:34 <REP> Phoenix Technologies Ltd 02/01/2008 18:52 <REP> PhotoFiltre 14/10/2004 16:41 <REP> Pinnacle 11/11/2004 18:13 <REP> PowerQuest 27/01/2008 17:52 <REP> QuickTime 02/01/2008 18:47 <REP> QuickTime(2) 12/05/2007 15:43 <REP> QuickZip4 14/10/2004 16:24 <REP> Real 11/11/2004 18:48 <REP> Real Alternative 17/09/2007 14:52 <REP> REGSHAVE 07/10/2007 11:28 <REP> RogueRemover FREE 14/01/2005 17:00 <REP> SAGEM 09/01/2005 15:35 <REP> SAGEM Wi-Fi USB 802.11g 16/01/2008 21:05 <REP> Samsung 24/07/2005 11:46 <REP> ScreenMates 12/05/2007 17:26 <REP> Seagrand 01/01/2003 06:08 <REP> Services en ligne 26/12/2006 19:04 <REP> Skype 28/04/2007 14:31 <REP> Softwin 27/05/2007 14:51 <REP> Sony 07/10/2007 10:07 <REP> Spybot - Search & Destroy 22/07/2005 20:04 <REP> SymNetDrv 07/10/2007 10:49 <REP> Trend Micro 19/03/2005 17:25 <REP> VideoLAN 02/01/2008 18:49 <REP> Winamp 14/10/2004 15:31 <REP> Windows Journal Viewer 25/11/2007 14:28 <REP> Windows Live 17/09/2007 14:58 <REP> Windows Media Player 05/01/2005 21:08 <REP> Windows NT 19/05/2007 18:05 <REP> WinLibre 29/07/2006 17:10 <REP> WinRAR 01/01/2003 06:16 <REP> xerox 0 fichier(s) 0 octets 99 Rép(s) 35 506 130 944 octets libres ****************************************** ## Popups autorisées * Internet Explorer ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow host-domain-lookup.com REG_SZ www.host-domain-lookup.com REG_SZ searchweb2.com REG_SZ www.searchweb2.com REG_SZ * Mozilla Firefox (1 autorisé 2 interdit) ---------- C:\DOCUMENTS AND SETTINGS\PATRICK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NDQ0S54B.DEFAULT\HOSTPERM.1 host popup 1 www.pandasoftware.fr ****************************************** ## Registre * [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main] Search Bar_bak REG_SZ C:\Program Files\Copernic Agent\Web\SearchBar.htm * [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] meet great active lies REG_SZ C:\Documents and Settings\All Users\Application Data\soft chic meet great\Name Bin.exe * [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Realseek REG_SZ C:\DOCUME~1\patrick\APPLIC~1\CHINTW~1\Bendskip.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Realmodenounbird] command REG_SZ C:\Documents and Settings\All Users\Application Data\Objmathrealmode\EqOwns.exe ****************************************** ## Zones de sécurité * HKCU Domains (4) * P3P History (5) ****************************************** ## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif" *************** Fin du rapport ****************

le 7 avril 2008
12 réponses

ordi infecté

67papakima a répondu à un(e) sujet de 67papakima dans Analyses et éradication malwares

Bonjour, Merci de m'aider. J'ai eu beaucoup de problèmes pour me connecter, mots de passe refusés et ordi qui plante. voici de rapport demandé A + Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:00:43, on 06/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Copernic Agent\CopernicAgent.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.unika.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 1493:12.102.33.82 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {73BDB589-CBB0-4727-A071-16280B001130} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O2 - BHO: (no name) - {EE57A158-65CB-435D-9438-8CCC4D240C49} - (no file) O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [bDMCon] C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe O4 - HKLM\..\Run: [bDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [meet great active lies] C:\Documents and Settings\All Users\Application Data\soft chic meet great\Name Bin.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc O4 - HKCU\..\Run: [instantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Fr\Felix2.exe O4 - HKCU\..\Run: [Realseek] C:\DOCUME~1\patrick\APPLIC~1\CHINTW~1\Bendskip.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Search - ?p=ZJfox000 O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com O15 - Trusted Zone: www.playitalia.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 9686 bytes

le 6 avril 2008
12 réponses

ordi infecté

67papakima a posté un sujet dans Analyses et éradication malwares

Bonjour Je suis un membre fraîchement inscrit. J'ai pas mal de soucis. A l'ouverture de ma session, ça rame sec et tant que 2 fenêtres "SKYPE" ne sont pas supprimées, il m'est impossible d'accéder à internet, j'ai également des fenêtres "CID...." qui s'ouvrent En consultant le site de mickael barroux j'ai constaté qu'entre autre, j'avais un malware LOP. J'ai suivi la procédure de suppression et ai hésité au moment de la suppression des clés registre. Dans le doute j'ai préféré m'arrêter là et venir vous consulter (celà aurait été plus simple de le faire tout de suite). j'ai également effectué un scan Bitdefender et tiens le rapport à votre disposition Votre aide me serait très précieuse D'avance Merci

le 5 avril 2008
12 réponses

Connexion

67papakima

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par 67papakima

infection Lop "résolu"

infection Lop "résolu"

infections

infections

infections

window

ordi infecté

ordi infecté

ordi infecté

ordi infecté

Zebulon

Outils en ligne

Naviguer