Aller au contenu

Un autre curieux

Membres
  • Compteur de contenus

    37
  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    Français

Un autre curieux's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. Merci pour le support Voici le rapport de usbfix (que disait le rapport hijackthis ?) ############################## | UsbFix V6.069 | User : Update on 01/01/2010 by El Desaparecido , C_XX & Chimay8 Start at: 19:00:54 | 2010-01-01 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : [email protected] Intel® Pentium® 4 CPU 1500MHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Enabled AV : AVG Anti-Virus 9.0 [ Enabled | Updated ] AV : Sympatico Security Manager Anti-Virus 6.0.2 [ Enabled | Updated ] AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ] FW : Sympatico Security Manager Firewall[ Enabled ]6.0.2 A:\ -> Lecteur de disquettes 3 ½ pouces C:\ -> Disque fixe local # 39,89 Go (10,74 Go free) [Windows Xp] # NTFS D:\ -> Disque fixe local # 40 Go (39,35 Go free) [sAUVEGARDE] # NTFS E:\ -> Disque fixe local # 39,98 Go (14,74 Go free) [MÉDIA] # FAT32 F:\ -> Disque fixe local # 40 Go (39,91 Go free) [AutreOS] # NTFS G:\ -> Disque fixe local # 30,01 Go (11,68 Go free) [DOCUMENTS] # FAT32 H:\ -> Disque CD-ROM I:\ -> Disque CD-ROM J:\ -> Disque CD-ROM K:\ -> Disque amovible # 14,98 Go (4,04 Go free) [uSB_DISK] # FAT32 L:\ -> Disque fixe local # 698,79 Go (617,25 Go free) [seaMusique] # NTFS M:\ -> Disque fixe local # 465,75 Go (431,98 Go free) [seaAutres] # NTFS N:\ -> Disque fixe local # 232,72 Go (176,09 Go free) [seaBk] # NTFS O:\ -> Disque fixe local # 74,52 Go (74,4 Go free) [TREKSON] # NTFS P:\ -> Disque amovible # 1,9 Go (480,47 Mo free) [KINGSTON] # FAT Q:\ -> Disque fixe local # 74,52 Go (74,42 Go free) [TREKSTOR] # NTFS R:\ -> Disque fixe local # 149,04 Go (79,36 Go free) [TREKBK] # NTFS ############################## | Processus actifs | C:\WINDOWS\System32\smss.exe 948 C:\WINDOWS\system32\csrss.exe 1048 C:\WINDOWS\system32\winlogon.exe 1072 C:\WINDOWS\system32\services.exe 1116 C:\WINDOWS\system32\lsass.exe 1128 C:\WINDOWS\system32\svchost.exe 1308 C:\WINDOWS\system32\svchost.exe 1424 C:\WINDOWS\System32\svchost.exe 1604 C:\WINDOWS\system32\svchost.exe 1644 C:\Program Files\AVG\AVG9\avgchsvx.exe 1660 C:\Program Files\AVG\AVG9\avgrsx.exe 1672 C:\WINDOWS\System32\svchost.exe 1784 C:\Program Files\AVG\AVG9\avgcsrvx.exe 1912 C:\WINDOWS\Explorer.EXE 580 C:\WINDOWS\system32\spoolsv.exe 792 C:\Program Files\Avira\AntiVir Desktop\sched.exe 904 C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe 1848 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1868 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1884 C:\Program Files\AVG\AVG9\avgwdsvc.exe 1980 C:\Program Files\Bonjour\mDNSResponder.exe 348 C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe 644 C:\WINDOWS\system32\cisvc.exe 1488 C:\WINDOWS\System32\dllhost.exe 1544 C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe 1700 C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe 1536 C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe 892 C:\WINDOWS\System32\svchost.exe 2096 C:\Program Files\AVG\AVG9\avgam.exe 2244 C:\Program Files\AVG\AVG9\avgnsx.exe 2328 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 2388 C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe 2464 C:\WINDOWS\system32\nvsvc32.exe 2616 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2680 C:\WINDOWS\System32\svchost.exe 2760 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe 3172 E:\Program Files\Winamp\winampa.exe 3192 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe 3404 C:\Program Files\Brother\ControlCenter3\brccMCtl.exe 3424 E:\Program Files\iTunes\iTunesHelper.exe 3568 C:\PROGRA~1\AVG\AVG9\avgtray.exe 3584 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3820 C:\Program Files\AutorunRemover\AutorunRemover.exe 3912 C:\WINDOWS\system32\ctfmon.exe 3920 C:\WINDOWS\System32\alg.exe 4068 C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe 732 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 2404 C:\Program Files\SuperCopier2\SuperCopier2.exe 2908 C:\Documents and Settings\Guy\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe 3476 C:\Program Files\AVG\AVG9\avgcsrvx.exe 3556 C:\Program Files\iPod\bin\iPodService.exe 2508 C:\Documents and Settings\Guy\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe 1456 C:\WINDOWS\system32\cidaemon.exe 3376 C:\WINDOWS\system32\cidaemon.exe 1724 C:\Program Files\Mozilla Firefox\firefox.exe 3980 C:\WINDOWS\system32\wbem\wmiprvse.exe 2904 ################## | Elements infectieux | C:\adober.exe C:\comment.htt C:\copy.exe C:\host.exe C:\ntdelect.com C:\pv.exe C:\ravmon.exe C:\ravmon.log C:\sqlserv.exe C:\temp.exe C:\temp1.exe C:\temp2.exe C:\winfile.exe D:\adober.exe D:\comment.htt D:\copy.exe D:\host.exe D:\ntdelect.com D:\ravmon.exe D:\ravmon.log D:\sqlserv.exe D:\temp.exe D:\temp1.exe D:\temp2.exe D:\winfile.exe E:\adober.exe E:\comment.htt E:\copy.exe E:\host.exe E:\ntdelect.com E:\ravmon.exe E:\ravmon.log E:\sqlserv.exe E:\temp.exe E:\temp1.exe E:\temp2.exe F:\adober.exe F:\comment.htt F:\copy.exe F:\host.exe F:\ntdelect.com F:\ravmon.exe F:\ravmon.log F:\sqlserv.exe F:\temp.exe F:\temp1.exe F:\temp2.exe F:\winfile.exe G:\adober.exe G:\comment.htt G:\copy.exe G:\host.exe G:\ntdelect.com G:\ravmon.exe G:\ravmon.log G:\sqlserv.exe G:\temp.exe G:\temp1.exe G:\temp2.exe G:\winfile.exe K:\adober.exe K:\comment.htt K:\copy.exe K:\host.exe K:\ntdelect.com K:\ravmon.exe K:\ravmon.log K:\sqlserv.exe K:\temp.exe K:\temp1.exe K:\temp2.exe K:\winfile.exe L:\adober.exe L:\comment.htt L:\copy.exe L:\host.exe L:\ntdelect.com L:\ravmon.exe L:\ravmon.log L:\sqlserv.exe L:\temp.exe L:\temp1.exe L:\temp2.exe L:\winfile.exe M:\adober.exe M:\comment.htt M:\copy.exe M:\host.exe M:\ntdelect.com M:\ravmon.exe M:\ravmon.log M:\sqlserv.exe M:\temp.exe M:\temp1.exe M:\temp2.exe M:\winfile.exe N:\adober.exe N:\comment.htt N:\copy.exe N:\host.exe N:\ntdelect.com N:\ravmon.exe N:\ravmon.log N:\sqlserv.exe N:\temp.exe N:\temp1.exe N:\temp2.exe N:\winfile.exe O:\adober.exe O:\comment.htt O:\copy.exe O:\host.exe O:\ntdelect.com O:\ravmon.exe O:\ravmon.log O:\sqlserv.exe O:\temp.exe O:\temp1.exe O:\temp2.exe O:\winfile.exe P:\adober.exe P:\comment.htt P:\copy.exe P:\host.exe P:\ntdelect.com P:\ravmon.exe P:\ravmon.log P:\sqlserv.exe P:\temp.exe P:\temp1.exe P:\temp2.exe P:\winfile.exe Q:\adober.exe Q:\comment.htt Q:\copy.exe Q:\host.exe Q:\ntdelect.com Q:\ravmon.exe Q:\ravmon.log Q:\sqlserv.exe Q:\temp.exe Q:\temp1.exe Q:\temp2.exe Q:\winfile.exe ################## | Registre | [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" ################## | Mountpoints2 | ################## | Cracks > Keygens > Serials | "E:\RECYCLER\Nullsoft Winamp v5.56 Build 2512 (pro)\Keygen\CORE10k.EXE" 2009-07-11 09:40 |Size 137728 |Crc32 ee57ce98 |Md5 d581068e84510083ddea45e821ebde36 "E:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2Keygen.exe" 2007-01-09 12:27 |Size 78225 |Crc32 48448da9 |Md5 0ca442640a02d5b64d803694e433f0ec "E:\Temp\Nullsoft Winamp v5.56 Build 2512 (pro)\Keygen\CORE10k.EXE" 2009-07-11 10:18 |Size 137728 |Crc32 ee57ce98 |Md5 d581068e84510083ddea45e821ebde36 "E:\Temp\VersionTracker Pro v4.0.0.220 With Crack\Crack\VersionTrackerPro.exe" 2009-06-29 00:17 |Size 2121728 |Crc32 a1603347 |Md5 b3891f721e77a90b74d125be30b0e87b "N:\Progbk\antidote8\keygen.exe" 2009-04-03 17:06 |Size 81408 |Crc32 2504f9e6 |Md5 6b04f52aa37dfb4e6a3980b02c52d78a "N:\Progbk\NCH\NCH Express Burn Plus v3.03 Incl KeyGen\keygen.exe" 2008-11-28 09:40 |Size 86016 |Crc32 a4f3a4d5 |Md5 bbdec1d3e25bd07d58328804b2b6df09 "N:\Progbk\NCH\NCH Switch Plus.v1.12 Incl Keygen\keygen.exe" 2008-11-28 09:41 |Size 86016 |Crc32 bc681fc0 |Md5 d02cc37033b5d1e4c6ca4a22c0346062 "E:\Temp\Winamp v5.56 Build 2512.Incl.serial\Winamp v5.56 Build 2512.Incl.serial.rar" -> contain : winamp556_pro_all.exe "K:\Transfert\Downloads\7_Dictionaries(French+English+Multilingual)\!----softwares_for_handle_CD_Image_Files----!\Magic_ISO\Magic_ISO_5_3_0_214_Multilingual\crack\MagicISO.rar" -> contain : MagicISO.exe "K:\Transfert\Downloads\7_Dictionaries(French+English+Multilingual)\!----softwares_for_handle_CD_Image_Files----!\Magic_ISO\Magic_ISO_5_3_0_214_Multilingual\crack\miso.rar" -> contain : miso.exe ################## | ! Fin du rapport # UsbFix V6.069 ! |
  2. Bonjour et bonne année 2010 à tous Je tente de me débarrasser de fichiers associés à une infection via supports amovibles. J'ai suivi les suggestions de GOF dans son guide 2009. Mais les fichiers sont encore présents. Par exxemple sur mon lecteur c j'ai: adober.exe - autorun.inf - comment.htt - copy.exe - host.exe etc. Ces fichiers se retrouvent sur mes autres lecteurs. Quoi faire pour les effacer. Voici un hijackthis au cas où cela serait utile Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:00:12, on 2010-01-01 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\dllhost.exe C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe E:\Program Files\Winamp\winampa.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe E:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\AutorunRemover\AutorunRemover.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Documents and Settings\Guy\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Guy\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM') O4 - S-1-5-18 Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Guy\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe (User 'SYSTEM') O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user') O4 - .DEFAULT Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Guy\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe (User 'Default user') O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Guy\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: EarthLink Yahoo Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU) O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU) O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU) O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1147646033055 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://www.ahmc.homeip.net:8081/activex/AxisCamControl.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BroadWave (BroadWaveService) - NCH Software - C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - N:\Java\jre6\bin\jqs.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Avira GmbH - (no file) O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 15598 bytes Merci
  3. Bonsoir, Voici que lorsque je clique sur un site suggéré par google, je me retrouve ailleurs que là où je veux aller. Plus précisément on me renvoie au site suivant: http://c.ppcxml.net/?d=kkkkBQphZGR4YwRlZP4...29g24ee8cf46dd6 plutôt que celui de zebulon !!!! Comment se sortir de ce pétrin. Ma configuration est la suivante: Système d'exploitation Microsoft® Windows Vista™ Édition Familiale Premium Version 6.0.6002 Service Pack 2 Build 6002 Informations supplémentaires Non disponible Éditeur Microsoft Corporation Ordinateur Fabricant Seanix Technology Inc. Modèle Z84FM Type PC à base X86 Processeur Intel® Core Duo CPU T2450 @ 2.00GHz, 1995 MHz, 2 cœur(s), 2 processeur(s) logique(s) Version du BIOS/Date American Megatrends Inc. 080012, 2007-05-11 Version SMBIOS 2.4 Répertoire Windows C:\Windows Répertoire système C:\Windows\system32 Périphérique de démarrage \Device\HarddiskVolume2 Option régionale Couche d'abstraction matérielle Version = "6.0.6002.18005" Utilisateur Fuseaux horaires Est Mémoire physique (RAM) installée 4,00 Go Mémoire physique totale 2,99 Go Mémoire physique disponible 874 Mo Mémoire virtuelle totale 6,20 Go Mémoire virtuelle disponible 4,24 Go Espace pour le fichier d'échange 3,28 Go Fichier d'échange C:\pagefile.sys Voici le résultat de Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:06:35, on 2009-12-23 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Le Robert\Le Petit Robert\PRHYPER.EXE C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\sdclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Propriétaire\Documents\Vista E-books\autorun.exe C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe C:\Windows\system32\DllHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - *{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKUS\S-1-5-18\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1257106683457 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: Services de sécurité Internet de Bell SafeConnectAgent (RadialpointSafeConnectAgent) - Unknown owner - C:\Program Files\Bell\Services de sécurité Internet de Bell\SafeConnect\Bin\SanaAgent.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Personal Vault Backup Service (VaultClientSRV) - Bell Canada - C:\Program Files\Personal Vault\VaultClientSRV.exe O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - Bell Canada - C:\Program Files\Personal Vault\VaultClientUpgrade.exe -- End of file - 10717 bytes
  4. Bonjour, C'est très bon, l'ordi semble rouler sans problème tout comme avant de faire appel à vos bons services. À nouveau, merci
  5. Me voici, Je dois convenir que depuis une heure, pas de manifestation trouble (fenêtre avec erreur '10050'..; écran bleu nous signifiant un crash du système.) Je roule encore un peu le système et vous reviens demain. Entre temps, merci beaucoup pour l'aide. À plus.
  6. ComboFix 09-05-02.4 - Propriétaire 2009-05-02 14:31.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.2.1036.18.1014.270 [GMT -4:00] Lancé depuis: c:\users\Propriétaire\Desktop\ComboFix.exe . ADS - Windows: deleted 48 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\ahtn.htm c:\windows\system32\drivers\ovfsthxgbvqvdfp.sys c:\windows\system32\lmppcsetup.exe c:\windows\system32\loader49.exe c:\windows\system32\ovfsthxcxsidibd.dat c:\windows\system32\ovfsthxsmubcdxi.dll c:\windows\system32\ovfsthxsoyeeqhu.dll c:\windows\system32\ovfsthxtvcrqtxq.dat c:\windows\system32\ovfsthxvsbtxqmt.dll c:\windows\system32\p2hhr.bat c:\windows\system32\winglsetup.exe c:\windows\system32\x64 c:\windows\system32\yhs783ijfo3fe.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-02 au 2009-05-02 )))))))))))))))))))))))))))))))))))) . 2009-05-02 15:39 . 2009-05-02 17:22 -------- d-----w C:\ToolBar SD 2009-05-02 00:14 . 2009-05-02 00:14 -------- d-----w c:\program files\Trend Micro 2009-05-01 23:22 . 2009-05-01 23:35 227 ----a-w c:\windows\PowerReg.dat 2009-05-01 23:22 . 1999-05-29 08:08 45568 ----a-w c:\windows\UniFish3.exe 2009-05-01 23:21 . 2009-05-01 23:21 -------- d-----w c:\program files\Hasbro Interactive 2009-04-28 10:20 . 2009-04-28 10:20 -------- d-----w c:\windows\system32\config\systemprofile\AppData\Local\Mozilla 2009-04-27 10:35 . 2009-04-27 10:35 -------- d-----r c:\windows\system32\config\systemprofile\Saved Games 2009-04-27 10:35 . 2009-04-27 10:35 -------- d-----r c:\windows\system32\config\systemprofile\Links 2009-04-27 10:35 . 2009-04-27 10:35 -------- d-----r c:\windows\system32\config\systemprofile\Downloads 2009-04-27 10:35 . 2009-04-27 10:35 -------- d-----r c:\windows\system32\config\systemprofile\Searches 2009-04-27 10:35 . 2009-04-27 10:35 -------- d-----r c:\windows\system32\config\systemprofile\Pictures 2009-04-27 10:35 . 2009-04-27 10:35 -------- d-----r c:\windows\system32\config\systemprofile\Videos 2009-04-26 18:34 . 2009-04-26 18:34 -------- d-----w C:\VundoFix Backups 2009-04-26 17:25 . 2009-04-26 17:25 -------- d-----w c:\windows\system32\nt update 2009-04-26 17:24 . 2009-04-26 17:24 -------- d-----w c:\program files\RapidSolution 2009-04-26 17:24 . 2009-04-28 09:53 -------- d-----w c:\programdata\RapidSolution 2009-04-26 17:24 . 2009-04-28 09:53 -------- d-----w c:\users\All Users\RapidSolution 2009-04-26 17:21 . 2009-04-26 17:21 -------- d-sh--w c:\program files\Common Files\UPDATED 2009-04-26 17:20 . 2009-04-26 17:25 -------- d-----w c:\program files\Common Files\Microsoft Update Engine 2009-04-17 22:59 . 2009-04-17 22:59 -------- d-----w c:\program files\Sun 2009-04-17 22:02 . 2009-04-18 02:47 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-15 17:38 . 2009-03-03 04:40 827392 ----a-w c:\windows\system32\wininet.dll 2009-04-15 17:38 . 2009-03-03 02:28 26624 ----a-w c:\windows\system32\ieUnatt.exe 2009-04-15 17:38 . 2009-03-03 04:37 78336 ----a-w c:\windows\system32\ieencode.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-02 18:35 . 2007-09-04 00:59 416 ---ha-w c:\windows\Tasks\User_Feed_Synchronization-{980DD9E3-FF3D-4B95-8EB1-7086EE5CD91C}.job 2009-05-02 18:33 . 2007-05-07 14:39 669566 ----a-w c:\windows\system32\perfh00C.dat 2009-05-02 18:33 . 2007-05-07 14:39 123556 ----a-w c:\windows\system32\perfc00C.dat 2009-05-02 18:26 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT 2009-05-02 16:16 . 2007-06-15 08:32 12 ----a-w c:\windows\bthservsdp.dat 2009-05-02 11:31 . 2007-09-01 23:02 432 ---ha-w c:\windows\Tasks\User_Feed_Synchronization-{461DE2BE-AA0F-49CD-A405-B704EE86F80C}.job 2009-04-29 01:58 . 2007-09-02 14:18 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-29 01:26 . 2007-09-02 18:42 -------- d-----w c:\program files\olibul 2009-04-28 13:00 . 2007-09-04 23:31 386 ----a-w c:\windows\Tasks\rpc.job 2009-04-18 02:46 . 2007-10-27 15:40 -------- d-----w c:\program files\Java 2009-04-16 10:31 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-04-05 03:01 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat 2009-04-05 03:01 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat 2009-04-05 03:01 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat 2009-03-25 21:07 . 2009-03-25 21:07 339968 ----a-w c:\windows\system32\pythoncom25.dll 2009-03-25 21:07 . 2009-03-25 21:07 2117632 ----a-w c:\windows\system32\python25.dll 2009-03-25 21:07 . 2009-03-25 21:07 114688 ----a-w c:\windows\system32\pywintypes25.dll 2009-03-25 21:07 . 2009-03-25 21:07 -------- d-----w c:\program files\AGI 2009-03-25 01:25 . 2009-03-25 01:25 -------- d-----w c:\program files\Innovative Solutions 2009-03-25 00:28 . 2008-02-29 13:08 -------- d-----w c:\program files\Windows Live 2009-03-25 00:27 . 2008-07-29 14:38 -------- d-----w c:\program files\Microsoft 2009-03-25 00:08 . 2009-03-25 00:08 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-17 03:38 . 2009-04-15 17:39 40960 ----a-w c:\windows\AppPatch\apihex86.dll 2009-03-17 03:38 . 2009-04-15 17:39 13824 ----a-w c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-15 17:39 24064 ----a-w c:\windows\system32\amxread.dll 2009-03-15 16:19 . 2007-09-02 17:19 -------- d-----w c:\program files\Google 2009-03-15 16:19 . 2007-09-01 20:26 -------- d-----w c:\program files\Common Files\Ahead 2009-03-14 15:43 . 2009-03-14 15:43 -------- d-----w c:\program files\iTunes 2009-03-14 15:43 . 2009-03-14 15:43 -------- d-----w c:\program files\iPod 2009-03-14 15:43 . 2008-02-17 03:01 -------- d-----w c:\program files\Common Files\Apple 2009-03-14 15:40 . 2009-03-14 15:39 -------- d-----w c:\program files\QuickTime 2009-03-11 20:27 . 2009-03-11 20:27 202240 ----a-w c:\windows\system32\Hotel For Dogs - Friday.scr 2009-03-06 03:59 . 2009-03-06 03:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys 2009-03-06 03:59 . 2009-03-06 03:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll 2009-03-03 04:46 . 2009-04-15 17:39 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-15 17:39 3547632 ----a-w c:\windows\system32\ntoskrnl.exe 2009-03-03 04:39 . 2009-04-15 17:39 183296 ----a-w c:\windows\system32\sdohlp.dll 2009-03-03 04:39 . 2009-04-15 17:39 551424 ----a-w c:\windows\system32\rpcss.dll 2009-03-03 04:39 . 2009-04-15 17:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-15 17:39 98304 ----a-w c:\windows\system32\iasrecst.dll 2009-03-03 04:37 . 2009-04-15 17:39 44032 ----a-w c:\windows\system32\iasdatastore.dll 2009-03-03 04:37 . 2009-04-15 17:39 54784 ----a-w c:\windows\system32\iasads.dll 2009-03-03 03:04 . 2009-04-15 17:39 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-15 17:39 17408 ----a-w c:\windows\system32\iashost.exe 2009-02-13 08:49 . 2009-04-15 17:39 72704 ----a-w c:\windows\system32\secur32.dll 2009-02-13 08:49 . 2009-04-15 17:39 1255936 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 03:10 . 2009-03-11 10:43 2033152 ----a-w c:\windows\system32\win32k.sys 2008-06-06 14:52 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini 2008-07-23 13:26 . 2008-07-21 20:03 24 --sh--w c:\windows\S6A46BA1B.tmp 2007-07-23 22:40 . 2007-04-24 21:45 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "Le Petit Robert Hyperappel"="c:\program files\Le Robert\Le Petit Robert\prhyper.exe" [2001-10-11 22560] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-15 39408] "NTUpdate"="c:\program files\Common Files\UPDATED\S-1-5-21-1300732014-1704936951-537590071-0504\services.exe" [2009-04-26 172032] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "IndexCleaner"="c:\program files\Bell\Gestionnaire de securite\IdxClnR.exe" [2008-03-10 61168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 815104] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656] "SSA.exe"="c:\program files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 2061816] "Gestionnaire de sécurité Sympatico"="c:\program files\Bell\Gestionnaire de securite\Rps.exe" [2008-03-10 311024] "-FreedomNeedsReboot"="c:\program files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" [2008-03-10 13552] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-08 4186112] [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run] "NTUpdate"="c:\program files\Common Files\UPDATED\S-1-5-21-1300732014-1704936951-537590071-0504\services.exe" [2009-04-26 172032] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hyperappel du Petit Larousse 2009.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Hyperappel du Petit Larousse 2009.lnk backup=c:\windows\pss\Hyperappel du Petit Larousse 2009.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Propriétaire^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PersonalBrain 4.lnk] path=c:\users\Propriétaire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PersonalBrain 4.lnk backup=c:\windows\pss\PersonalBrain 4.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{8A1082AC-C39B-4A0C-91CF-420BF0862BAD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{9298297B-A9B3-414A-8345-BBDDA7E3141C}c:\\program files\\cyberlink\\powerdvd\\powerdvd.exe"= UDP:c:\program files\cyberlink\powerdvd\powerdvd.exe:PowerDVD "UDP Query User{9C53113D-4160-4E85-A8FD-C7F077FF82E9}c:\\program files\\cyberlink\\powerdvd\\powerdvd.exe"= TCP:c:\program files\cyberlink\powerdvd\powerdvd.exe:PowerDVD "TCP Query User{49B2842C-DA47-4927-ADC9-BB90F3A74140}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "UDP Query User{C7ECE6ED-476D-4560-B864-55B25E03F7ED}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "TCP Query User{60E0B869-1F84-44EF-A58B-141CAE002D23}c:\\users\\propriétaire\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\propriétaire\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "UDP Query User{BD9E7797-F451-49FD-92C6-7634B853447F}c:\\users\\propriétaire\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\propriétaire\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "TCP Query User{368F1A54-2B21-4D23-9F68-8145A066743E}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{FD77EB1B-9770-4B52-9816-0AA3FDD4A0B1}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{43861F2E-D59A-44FB-AB7F-24FF3ECD9A26}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{AA48A75C-F14E-4818-BF47-E834D0150488}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{CDC5C12C-F75C-4E04-A230-0865FE792DA3}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{912FD0E2-4DFD-4618-A73C-BCCBCD403EAC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{AE8B5FB4-2774-4E15-A20D-B9B6910DEB81}"= UDP:c:\program files\Sony\Media Manager for PSP 2.0\MediaManager.exe:Media Manager for PSP 2.0 "{E5ABA154-DBEB-44CB-A78B-E1106B99FC5E}"= TCP:c:\program files\Sony\Media Manager for PSP 2.0\MediaManager.exe:Media Manager for PSP 2.0 "{A6D7DEA2-B0A0-43A9-AF51-E9F9AE4A0185}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{B29E5C25-A255-4306-B6B4-5F85216FFD56}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager "{07CCD21B-D704-4E9C-92F4-486D7573619A}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager "{73D7A88A-FC9C-4098-BAF2-E64BF15F52D0}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core "{AD810B1C-E35C-4494-88B2-5275E9EF492A}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core "TCP Query User{06666485-BA74-4726-80F7-6E33FA69898A}c:\\users\\propriétaire\\appdata\\roaming\\thinstall\\warcraft iii\\4000006e7c002i\\war3.exe"= UDP:c:\users\propriétaire\appdata\roaming\thinstall\warcraft iii\4000006e7c002i\war3.exe:war3.exe "UDP Query User{CB1A3F52-A688-4CEB-B4F0-A1F3931CE91E}c:\\users\\propriétaire\\appdata\\roaming\\thinstall\\warcraft iii\\4000006e7c002i\\war3.exe"= TCP:c:\users\propriétaire\appdata\roaming\thinstall\warcraft iii\4000006e7c002i\war3.exe:war3.exe "{0F25E9ED-07DD-4DF6-8763-C50763D3809F}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{B0B8474C-71F6-4E8F-AF01-36BF0B72CFF9}"= UDP:6112:Blizzard Downloader "{DEFDE03F-1F1E-46A2-A5DE-FA9F8898D801}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{CD36EF5A-A4EB-412D-A68E-6DD1F2DC93C0}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{505BB7BB-55B2-486F-809A-A7650BBB7A70}c:\\program files\\world of warcraft\\repair.exe"= UDP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility "UDP Query User{5E4898E1-BE3B-43A1-8FD8-E4E5C58E63E4}c:\\program files\\world of warcraft\\repair.exe"= TCP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility "{123FF0C0-F3FD-4133-B4F7-46FFA3DF44DC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{E473C5AC-DFE3-4D64-974E-2300B87F8E2B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{DDF9B582-3892-4EAA-AD56-7A3248A15FDA}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-frFR-downloader.exe:Blizzard Downloader "{589DF68A-AB6D-468D-AAFE-B3B21F13BF6B}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-frFR-downloader.exe:Blizzard Downloader "{26D31061-FFC6-4F09-820E-8D64FFA0CE87}"= UDP:3724:Blizzard Downloader: 3724 "TCP Query User{AF365B8B-D0F7-41A2-9ECD-E3F4CBECEC93}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher "UDP Query User{C53C313F-551C-44B6-8BEB-8F9CDC6539D5}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher "{8FB3A664-B773-40F8-901F-4EDA372BE089}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{91326372-BF39-4502-A08E-D50EE329A42A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{3CFB9D45-A0A3-46A8-84D9-89BFDC0A8383}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-02-19 7808] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-03-22 20560] S2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\PythonService.exe [2009-03-25 10240] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2006-12-11 24576] S2 VaultClientUpgrade;Personal Vault Upgrade Service;c:\program files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248] S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;c:\program files\Bell\Gestionnaire de securite\RpsSecurityAware.exe [2008-03-10 67824] S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-01-20 1324544] S3 WCPU;WCPU;c:\program files\P4G\WCPU.sys [2007-01-02 11120] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e43fe95c-48f6-11dd-bdd5-001bfc129c41}] \shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C240H4V0-Z645-SR9M-F9LH-5T77YC0HM05R}] c:\program files\Common Files\UPDATED\S-1-5-21-1300732014-1704936951-537590071-0504\services.exe . Contenu du dossier 'Tâches planifiées' 2009-05-02 c:\windows\Tasks\User_Feed_Synchronization-{461DE2BE-AA0F-49CD-A405-B704EE86F80C}.job - c:\windows\system32\msfeedssync.exe [2008-06-06 07:33] 2009-05-02 c:\windows\Tasks\User_Feed_Synchronization-{980DD9E3-FF3D-4B95-8EB1-7086EE5CD91C}.job - c:\windows\system32\msfeedssync.exe [2008-06-06 07:33] . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - c:\program files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll HKCU-Run-DriverMax - (no file) . ------- Examen supplémentaire ------- . uStart Page = hxxp://sympatico.msn.ca/defaultf.aspx mWindow Title = uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\wpclsp.dll DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab FF - ProfilePath - c:\users\Propriétaire\AppData\Roaming\Mozilla\Firefox\Profiles\bns3d38k.default\ FF - prefs.js: browser.startup.homepage - hxxp://sympatico.msn.ca/defaultf.aspx FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q= FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-02 14:35 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run Le Petit Robert Hyperappel = c:\program files\Le Robert\Le Petit Robert\prhyper.exe?v????$????????N?v,?Hwq1?uf?r?-?C?A???H?!??~#?[????2!???!?H2!? ???????$??????@??????????#???!?$?????????!???!??~#?L?????????!?????????@?Hw0?!???Hw?2?u??????!???#?????$???z??v"???????????,???,????????O?v Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\default\Software\Google\GoogleToolbarNotifier] @DACL=(02 0000) [HKEY_USERS\default\Software\JavaSoft\Java2D] @DACL=(02 0000) [HKEY_USERS\S-1-5-21-1999458384-1929862029-1801220570-1000\Software\Macromedia\FlashPlayer] @DACL=(02 0000) [HKEY_USERS\S-1-5-21-1999458384-1929862029-1801220570-1000\Software\Microsoft\Office\Common\UserInfo] @DACL=(02 0000) "UserName"="Propriétaire" "Company"="" "UserInitials"="GF&JD" [HKEY_USERS\S-1-5-21-1999458384-1929862029-1801220570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\1\32] @DACL=(02 0000) "NodeSlot"=dword:0000012e "MRUListEx"=hex:ff,ff,ff,ff [HKEY_USERS\S-1-5-21-1999458384-1929862029-1801220570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\1\52] @DACL=(02 0000) "0"=hex:42,00,31,00,00,00,00,00,c7,38,20,7b,10,00,56,4c,43,00,30,00,07,00,04, 00,ef,be,c7,38,11,7b,c7,38,20,7b,26,00,00,00,4c,25,00,00,00,00,05,00,00,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff "NodeSlot"=dword:000000a2 [HKEY_USERS\S-1-5-21-1999458384-1929862029-1801220570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\14] @DACL=(02 0000) "0"=hex:52,00,31,00,00,00,00,00,d5,38,f0,06,10,00,52,65,67,43,6c,65,61,6e,00, 00,3a,00,07,00,04,00,ef,be,d5,38,f0,06,d5,38,f0,06,26,00,00,00,40,21,03,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff "NodeSlot"=dword:000000f9 [HKEY_USERS\S-1-5-21-1999458384-1929862029-1801220570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\3\0\11\0] @DACL=(02 0000) "0"=hex:4c,00,31,00,00,00,00,00,91,37,6c,15,10,00,4b,65,79,67,65,6e,00,00,36, 00,07,00,04,00,ef,be,91,37,6b,15,91,37,6c,15,26,00,00,00,58,0e,00,00,00,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff "NodeSlot"=dword:00000172 [HKEY_USERS\S-1-5-21-1999458384-1929862029-1801220570-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\3\10] @DACL=(02 0000) "NodeSlot"=dword:00000129 "MRUListEx"=hex:ff,ff,ff,ff [HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Answer] @DACL=(02 0000) "1"="ATA<cr>" [HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Clients] @DACL=(02 0000) [HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Fax] @DACL=(02 0000) "HardwareFlowControl"="1" "SetupCommand"="ATS7=60/Q3" [HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Hangup] @DACL=(02 0000) "1"="ATH<cr>" [HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Init] @DACL=(02 0000) "1"="AT<cr>" "2"="AT&F&D2&C1V1S0=0E0<cr>" [HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Monitor] @DACL=(02 0000) "1"="ATS0=0<cr>" "2"="None" [HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Settings] @DACL=(02 0000) "Prefix"="AT" "Terminator"="<cr>" "DialPrefix"="D" "DialSuffix"=";" "SpeakerVolume_Low"="L0" "SpeakerVolume_Med"="L2" "SpeakerVolume_High"="L3" "SpeakerMode_Off"="M0" "SpeakerMode_Dial"="M1" "SpeakerMode_On"="M2" "SpeakerMode_Setup"="M3" "FlowControl_Off"="\\Q0" "FlowControl_Hard"="\\Q3" "FlowControl_Soft"="\\Q1" "ErrorControl_On"="\\N7" "ErrorControl_Off"="\\N0" "ErrorControl_Forced"="\\N6" "Compression_On"="%C1" "Compression_Off"="%C0" "Pulse"="P" "Tone"="T" "Blind_Off"="X4" "Blind_On"="X3" "CallSetupFailTimer"="S7=<#>" "InactivityTimeout"="\\T<#>" "Modulation_CCITT"="*LS1" "Modulation_Bell"="*LS0" [HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_USERS\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Answer] @DACL=(02 0000) "1"="ATA<cr>" [HKEY_USERS\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Clients] @DACL=(02 0000) [HKEY_USERS\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Fax] @DACL=(02 0000) "HardwareFlowControl"="1" "SetupCommand"="ATS7=60/Q3" [HKEY_USERS\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Hangup] @DACL=(02 0000) "1"="ATH<cr>" [HKEY_USERS\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Init] @DACL=(02 0000) "1"="AT<cr>" "2"="AT&F&D2&C1V1S0=0E0<cr>" [HKEY_USERS\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Monitor] @DACL=(02 0000) "1"="ATS0=0<cr>" "2"="None" [HKEY_USERS\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Settings] @DACL=(02 0000) "Prefix"="AT" "Terminator"="<cr>" "DialPrefix"="D" "DialSuffix"=";" "SpeakerVolume_Low"="L0" "SpeakerVolume_Med"="L2" "SpeakerVolume_High"="L3" "SpeakerMode_Off"="M0" "SpeakerMode_Dial"="M1" "SpeakerMode_On"="M2" "SpeakerMode_Setup"="M3" "FlowControl_Off"="\\Q0" "FlowControl_Hard"="\\Q3" "FlowControl_Soft"="\\Q1" "ErrorControl_On"="\\N7" "ErrorControl_Off"="\\N0" "ErrorControl_Forced"="\\N6" "Compression_On"="%C1" "Compression_Off"="%C0" "Pulse"="P" "Tone"="T" "Blind_Off"="X4" "Blind_On"="X3" "CallSetupFailTimer"="S7=<#>" "InactivityTimeout"="\\T<#>" "Modulation_CCITT"="*LS1" "Modulation_Bell"="*LS0" [HKEY_USERS\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_USERS\system\Setup\Service Reporting API] @DACL=(02 0000) [HKEY_USERS\system\Setup\SetupCL] @DACL=(02 0000) "DriveMask"=dword:00000004 "RUNTIME"=dword:00000044 "HIVETIME"=dword:0000000a "FILEACLTIME"=dword:0000003a "EXECUTIONSUCCESSFUL"=dword:00000001 [HKEY_USERS\system\Setup\Status] @DACL=(02 0000) "AuditBoot"=dword:00000000 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(932) c:\program files\CA\PPRT\bin\CACheck.dll c:\program files\CA\PPRT\bin\CAHook.dll c:\program files\CA\PPRT\bin\CAServer.dll . Heure de fin: 2009-05-02 14:37 ComboFix-quarantined-files.txt 2009-05-02 18:37 Avant-CF: 46 983 573 504 octets libres Après-CF: 47 016 034 304 octets libres 410 --- E O F --- 2009-05-02 10:45
  7. me revoila, Voici le log #1 -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Core Duo CPU T2450 @ 2.00GHz ) BIOS : BIOS Date: 05/11/07 15:07:13 Ver: 08.00.12 USER : Propriétaire ( Administrator ) BOOT : Fail-safe boot C:\ (Local Disk) - NTFS - Total:110 Go (Free:43 Go) D:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 2009-05-02|12:20 ) [ UAC => 1 ] -----------\\ Recherche de Fichiers / Dossiers ... C:\ProgramData\Kiwee Toolbar C:\ProgramData\Kiwee Toolbar\config C:\ProgramData\Kiwee Toolbar\images C:\ProgramData\Kiwee Toolbar\config\content_a.xml C:\ProgramData\Kiwee Toolbar\config\content_ie.xml C:\ProgramData\Kiwee Toolbar\config\content_m.xml C:\ProgramData\Kiwee Toolbar\config\content_y.xml C:\ProgramData\Kiwee Toolbar\config\logger.xml C:\ProgramData\Kiwee Toolbar\config\toolbarIE.xml C:\ProgramData\Kiwee Toolbar\config\toolbarIM_a.xml C:\ProgramData\Kiwee Toolbar\config\toolbarIM_m.xml C:\ProgramData\Kiwee Toolbar\config\toolbarIM_y.xml C:\ProgramData\Kiwee Toolbar\images\allow.bmp C:\ProgramData\Kiwee Toolbar\images\block.bmp C:\ProgramData\Kiwee Toolbar\images\dontsend.bmp C:\ProgramData\Kiwee Toolbar\images\im_toolbardropdownmenu.bmp C:\ProgramData\Kiwee Toolbar\images\im_toolbarsHelprolloverbase.bmp C:\ProgramData\Kiwee Toolbar\images\im_toolbarsm1rolloverbase.bmp C:\ProgramData\Kiwee Toolbar\images\im_toolbarsm1rolloverbase_bg.bmp C:\ProgramData\Kiwee Toolbar\images\im_toolbarsm1rolloverbase_dp.bmp C:\ProgramData\Kiwee Toolbar\images\im_toolbarsm2rolloverbase.bmp C:\ProgramData\Kiwee Toolbar\images\im_toolbarstextrollover.bmp C:\ProgramData\Kiwee Toolbar\images\kiwee_iconX16.ico C:\ProgramData\Kiwee Toolbar\images\kiwee_iconX48.ico C:\ProgramData\Kiwee Toolbar\images\send.bmp C:\ProgramData\Kiwee Toolbar\images\toolbar_eg.bmp C:\ProgramData\Kiwee Toolbar\images\toolbar_emoticons.bmp C:\ProgramData\Kiwee Toolbar\images\toolbar_eyeglass.bmp C:\ProgramData\Kiwee Toolbar\images\toolbar_gear.bmp C:\ProgramData\Kiwee Toolbar\images\toolbar_images.bmp C:\ProgramData\Kiwee Toolbar\images\toolbar_kiwee.bmp C:\ProgramData\Kiwee Toolbar\images\toolbar_msnlogo.bmp C:\ProgramData\Kiwee Toolbar\images\toolbar_news.bmp C:\ProgramData\Kiwee Toolbar\images\toolbar_text.bmp C:\ProgramData\Kiwee Toolbar\images\toolbar_videos.bmp C:\ProgramData\Kiwee Toolbar\images\toolbar_webshots.bmp C:\ProgramData\Kiwee Toolbar\images\toolbar_winks.bmp C:\ProgramData\Kiwee Toolbar\images\X.bmp C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Kiwee Toolbar C:\Program Files\Kiwee Toolbar C:\Program Files\Kiwee Toolbar\2.8.167 C:\Program Files\Kiwee Toolbar\2.8.167\AGTBCore.dll C:\Program Files\Kiwee Toolbar\2.8.167\AolIMToolbar.dll C:\Program Files\Kiwee Toolbar\2.8.167\firefox C:\Program Files\Kiwee Toolbar\2.8.167\FlashCOM.dll C:\Program Files\Kiwee Toolbar\2.8.167\KiweeCommonCtrls.dll C:\Program Files\Kiwee Toolbar\2.8.167\KiweeContentHost.dll C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIMToolbar.dll C:\Program Files\Kiwee Toolbar\2.8.167\KiweeTBCore.dll C:\Program Files\Kiwee Toolbar\2.8.167\KiweeTBCore.tlb C:\Program Files\Kiwee Toolbar\2.8.167\kiweetoolbar.zip C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe C:\Program Files\Kiwee Toolbar\2.8.167\mfc80u.dll C:\Program Files\Kiwee Toolbar\2.8.167\Microsoft.VC80.CRT.manifest C:\Program Files\Kiwee Toolbar\2.8.167\Microsoft.VC80.MFC.manifest C:\Program Files\Kiwee Toolbar\2.8.167\msimg32.dll C:\Program Files\Kiwee Toolbar\2.8.167\MsnIMToolbar.dll C:\Program Files\Kiwee Toolbar\2.8.167\msvcp80.dll C:\Program Files\Kiwee Toolbar\2.8.167\msvcr80.dll C:\Program Files\Kiwee Toolbar\2.8.167\RemoteLib.dll C:\Program Files\Kiwee Toolbar\2.8.167\Riched20.dll C:\Program Files\Kiwee Toolbar\2.8.167\firefox\chrome C:\Program Files\Kiwee Toolbar\2.8.167\firefox\chrome.manifest C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components C:\Program Files\Kiwee Toolbar\2.8.167\firefox\defaults C:\Program Files\Kiwee Toolbar\2.8.167\firefox\firefox.xpi C:\Program Files\Kiwee Toolbar\2.8.167\firefox\install.rdf C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF C:\Program Files\Kiwee Toolbar\2.8.167\firefox\chrome\kiweetoolbar.jar C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\AGCore.js C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\AGCore.xpt C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\KiweeSearchHistory.js C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\SearchProtection.js C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\SearchProtection.xpt C:\Program Files\Kiwee Toolbar\2.8.167\firefox\defaults\preferences C:\Program Files\Kiwee Toolbar\2.8.167\firefox\defaults\preferences\defaults.js C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF\manifest.mf C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF\zigbert.rsa C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF\zigbert.sf -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://sympatico.msn.ca/defaultf.aspx"'>http://sympatico.msn.ca/defaultf.aspx" "Url"="http://go.microsoft.com/fwlink/?LinkId=75720"'>http://go.microsoft.com/fwlink/?LinkId=75720" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\Users\PROPRI~1\AppData\Local\VirtualStore\Program Files\SlySoft\AnyDVD.6.1.5.4.DOC.Crack.rar C:\Users\PROPRI~1\AppData\Local\VirtualStore\Program Files\SlySoft\CloneDVD_2.9.0.8.FINAL.with.keygen.zip C:\Users\PROPRI~1\AppData\Local\VirtualStore\Program Files\SlySoft\AnyDVD\AnyDVD.6.1.5.4.DOC.Crack.rar C:\Users\PROPRI~1\AppData\Local\VirtualStore\Program Files\SlySoft\AnyDVD\CloneDVD_2.9.0.8.FINAL.with.keygen.zip C:\Users\PROPRI~1\AppData\Local\VirtualStore\Program Files\SlySoft\AnyDVD\AnyDVD Shredder v1.0 -Dr.Pc_Putte\AnyDVD.6.1.5.4.DOC.Crack.rar C:\Users\PROPRI~1\AppData\Local\VirtualStore\Program Files\SlySoft\AnyDVD\AnyDVD Shredder v1.0 -Dr.Pc_Putte\CloneDVD_2.9.0.8.FINAL.with.keygen.zip C:\Users\PROPRI~1\AppData\Local\VirtualStore\Program Files\Temp\AnyDVD.6.1.5.4.DOC.Crack.rar C:\Users\PROPRI~1\AppData\Local\VirtualStore\Program Files\Temp\CloneDVD_2.9.0.8.FINAL.with.keygen.zip C:\Users\PROPRI~1\AppData\Local\VirtualStore\Program Files\Toto\crack-winrar-3.60b6-dds.nfo [ UAC => 1 ] 1 - "C:\ToolBar SD\TB_1.txt" - 2009-05-02|12:21 - Option : [1] Voici le log de l'option 2 -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Core Duo CPU T2450 @ 2.00GHz ) BIOS : BIOS Date: 05/11/07 15:07:13 Ver: 08.00.12 USER : Propriétaire ( Administrator ) BOOT : Fail-safe boot C:\ (Local Disk) - NTFS - Total:110 Go (Free:43 Go) D:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 2009-05-02|12:24 ) [ UAC => 1 ] -----------\\ SUPPRESSION Supprime! - C:\ProgramData\Kiwee Toolbar\config Supprime! - C:\ProgramData\Kiwee Toolbar\images Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Kiwee Toolbar Supprime! - C:\Program Files\Kiwee Toolbar\2.8.167 Supprime! - C:\ProgramData\Kiwee Toolbar Supprime! - C:\Program Files\Kiwee Toolbar -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://sympatico.msn.ca/defaultf.aspx" "Url"="http://go.microsoft.com/fwlink/?LinkId=75720" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\Users\PROPRI~1\AppData\Local\VirtualStore\Program Files\SlySoft\AnyDVD.6.1.5.4.DOC.Crack.rar C:\Users\PROPRI~1\AppData\Local\VirtualStore\Program Files\SlySoft\CloneDVD_2.9.0.8.FINAL.with.keygen.zip C:\Users\PROPRI~1\AppData\Local\VirtualStore\Program Files\SlySoft\AnyDVD\AnyDVD.6.1.5.4.DOC.Crack.rar C:\Users\PROPRI~1\AppData\Local\VirtualStore\Program Files\SlySoft\AnyDVD\CloneDVD_2.9.0.8.FINAL.with.keygen.zip C:\Users\PROPRI~1\AppData\Local\VirtualStore\Program Files\SlySoft\AnyDVD\AnyDVD Shredder v1.0 -Dr.Pc_Putte\AnyDVD.6.1.5.4.DOC.Crack.rar C:\Users\PROPRI~1\AppData\Local\VirtualStore\Program Files\SlySoft\AnyDVD\AnyDVD Shredder v1.0 -Dr.Pc_Putte\CloneDVD_2.9.0.8.FINAL.with.keygen.zip C:\Users\PROPRI~1\AppData\Local\VirtualStore\Program Files\Temp\AnyDVD.6.1.5.4.DOC.Crack.rar C:\Users\PROPRI~1\AppData\Local\VirtualStore\Program Files\Temp\CloneDVD_2.9.0.8.FINAL.with.keygen.zip C:\Users\PROPRI~1\AppData\Local\VirtualStore\Program Files\Toto\crack-winrar-3.60b6-dds.nfo [ UAC => 1 ] 1 - "C:\ToolBar SD\TB_1.txt" - 2009-05-02|12:21 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 2009-05-02|12:24 - Option : [2] -----------\\ Fin du rapport a 12:24:46,92 N.B. même suite à la suppression une petite fenêtre avec Erreur d'execution 10055 apparaît
  8. Bonjour, Je ne trouve pas : C:\Program Files\Common Files\UPDATED\S-1-5-21-1300732014-1704936951-537590071-0504\services.exe [/b) Dans options dossiers j'ai cocher l'option de rendre visible les fichiers et dossiers cahés Est-ce que je donne suite tout de même au reste de vos suggestions? À plus
  9. Merci, Voici le log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:18:01, on 2009-05-01 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18226) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe C:\Program Files\Bell\Gestionnaire de securite\RPS.exe C:\Windows\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Le Robert\Le Petit Robert\PRHYPER.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe" O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NTUpdate] C:\Program Files\Common Files\UPDATED\S-1-5-21-1300732014-1704936951-537590071-0504\services.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [indexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe" O4 - HKCU\..\Policies\Explorer\Run: [NTUpdate] C:\Program Files\Common Files\UPDATED\S-1-5-21-1300732014-1704936951-537590071-0504\services.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: PersonalBrain.lnk = F:\Applications\PersonalBrain\PersonalBrainS.exe O4 - Startup: PowerReg Scheduler.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O13 - Gopher Prefix: O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Gestionnaire de sécurité Sympatico (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe -- End of file - 11611 bytes
  10. Bonjour, Depuis une semaine le comportement de mon ordi portable, tournant sous vista familial premium, est inquiétant. Spybot a identifié différents intrus (ex.: vundo-virtumonde). Malgré spybot ces virus reviennent. En plus windows defender m'indique à l'occasion différentes menaces que je lui demande de détruire. À l'occasion j'ai droit à un écran bleu qui m'averti que le système doit arrêter pour protéger mon ordi en plus de demander de vérifier ma mémoire et de désinstaller ce que j'ai (peut-être) installé récemment.... Aussi une petite fenêtre apparaît disant Server Erreur d'exécution '10055' No buffer space available Bref je ne suis pas contre une aide de votre part
  11. Bonjour, Le tout s'est très bien passé. Tout est très fonctionnel et je vous en remercie.
  12. Me revoila, J'ai suivi ce tuto CCM et renommé Elibagla, avant de venir poster ici. Maintenant, pour trekstor, je ne vois pas l'onglet gestion de l'alimentation, il faudrait sans doute que j'ouvre une session administrateur. Comme tout semble être fonctionner maintenant normalement, que dois-je faire des différents outils télécharger et des différents log qui ont été créés?
  13. Super, Côté disfonctionnements du PC, tout est normalement rentré à la normale, je confirme... un petit évènement est tout de même survenu. Alors que MBAM s'exécutait, vers la toute fin, mon disque externe Trekstor s'est subitement arrêté (lumière rouge, à la normale, elle est bleue). Une fenêtre s'est ouverte et je pouvais lire:«Windows n'a pas pu sauvegarder toutes les données pour le fichier O:\$Mft. Les données ont été perdues.. Qu'est-ce. L'arrêt du disque dur externe Trekstor est fréquent depuis que je l'ai. Bon, voici le log: Logfile of random's system information tool 1.06 (written by random/random) Run by Me at 2009-04-04 18:37:49 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 15 GB (38%) free of 41 GB Total RAM: 1023 MB (42% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:38:36, on 2009-04-04 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bell\Security Manager\Fws.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe C:\Program Files\Bell\Security Manager\RPS.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Druide\Antidote.MiseAJour_Temporaire\Gestionnaire Antidote.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe C:\WINDOWS\System32\dllhost.exe C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\Personal Vault\VaultClientUpgrade.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe C:\Program Files\Bell\Security Manager\rpsupdaterR.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Guy\Application Data\U3\00001623B27167BF\LaunchPad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Guy\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Guy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [sSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sympatico Security Manager] C:\Program Files\Bell\Security Manager\RPS.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\RunOnce: [indexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote.MiseAJour_Temporaire\Gestionnaire Antidote.exe O4 - HKCU\..\RunOnce: [indexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe" O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: EarthLink Yahoo Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\WINDOWS\System32\shdocvw.dll (HKCU) O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\WINDOWS\System32\shdocvw.dll (HKCU) O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\WINDOWS\System32\shdocvw.dll (HKCU) O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1147646033055 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://www.ahmc.homeip.net:8081/activex/AxisCamControl.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BroadWave (BroadWaveService) - NCH Software - C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing) O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe -- End of file - 12352 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Guy.job C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Guy.job C:\WINDOWS\tasks\MP Scheduled Scan.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-0000-0000-0000-000000000002}] ElnkBhoGuard Class - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll [2006-10-11 198424] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}] PopKill Class - C:\Program Files\Bell\Security Manager\pkR.dll [2008-03-10 55536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}] SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{512ACF1B-64D9-4928-B382-A80556F28DB4}] ElnkPubBHO Class - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll [2006-10-11 206616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9579D574-D4D8-4335-9560-FE8641A013BD}] ElnkProtectionBHO Class - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll [2006-10-11 251672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-29 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E713904C-DF05-4C79-BBAD-02DB923253BE}] ElnkLegacyUninstBHO Class - C:\Program Files\EarthLink\Toolbar\uninsttb.dll [2006-10-11 96024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-29 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {C7768536-96F8-4001-B1A2-90EE21279187} - EarthLink Toolbar - C:\Program Files\EarthLink\Toolbar\Toolbar.dll [2006-10-11 247576] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SSA.exe"=C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe [2007-03-27 2061816] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] "Sympatico Security Manager"=C:\Program Files\Bell\Security Manager\RPS.exe [2008-03-10 311024] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-03-26 401040] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IndexCleaner"=C:\Program Files\Bell\Security Manager\IdxClnR.exe [2008-03-10 61168] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "Gestionnaire Antidote.exe"=C:\Program Files\Druide\Antidote.MiseAJour_Temporaire\Gestionnaire Antidote.exe [2008-12-02 542136] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IndexCleaner"=C:\Program Files\Bell\Security Manager\IdxClnR.exe [2008-03-10 61168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE [2005-05-20 28160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wextract_cleanup1] C:\WINDOWS\system32\advpack.dll [2008-12-20 124928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "InCDsrv"=2 "Creative Service for CDROM Access"=2 "AVP"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 240128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224] "{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-03 126976] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\Program Files\MusicBrainz Picard\picard.exe"="E:\Program Files\MusicBrainz Picard\picard.exe:*:Enabled:The next generation MusicBrainz tagger" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "F:\Program Files\World of Warcraft\Launcher.exe"="F:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:LocalSubNet:Enabled:µTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe" "C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M] shell\AutoRun\command - M:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c7f9416-4e9d-11dc-95e2-0020ed15a5de}] shell\AutoRun\command - M:\LaunchU3.exe -a ======File associations====== .js - open - NOTEPAD.EXE %1 .vbs - open - NOTEPAD.EXE %1 ======List of files/folders created in the last 1 months====== 2009-04-04 18:37:49 ----D---- C:\rsit 2009-04-04 09:53:19 ----D---- C:\Documents and Settings\Guy\Application Data\Acreon 2009-04-03 22:25:44 ----SHD---- C:\RECYCLER 2009-04-03 22:22:55 ----A---- C:\ComboFix.txt 2009-04-03 18:51:57 ----RASHD---- C:\winfile.exe 2009-04-03 18:51:57 ----RASHD---- C:\temp2.exe 2009-04-03 18:51:57 ----RASHD---- C:\ntdelect.com 2009-04-03 18:51:56 ----RASHD---- C:\temp1.exe 2009-04-03 18:51:56 ----RASHD---- C:\temp.exe 2009-04-03 18:51:56 ----RASHD---- C:\start.exe 2009-04-03 18:51:55 ----RASHD---- C:\sqlserv.exe 2009-04-03 18:51:55 ----RASHD---- C:\ravmon.log 2009-04-03 18:51:55 ----RASHD---- C:\ravmon.exe 2009-04-03 18:51:55 ----RASHD---- C:\msvcr71.dll 2009-04-03 18:51:54 ----RASHD---- C:\info.exe 2009-04-03 18:51:54 ----RASHD---- C:\host.exe 2009-04-03 18:51:54 ----RASHD---- C:\copy.exe 2009-04-03 18:51:54 ----RASHD---- C:\comment.htt 2009-04-03 18:51:53 ----RASHD---- C:\autorun.inf 2009-04-03 18:51:53 ----RASHD---- C:\adober.exe 2009-04-03 15:23:31 ----HD---- C:\bdtmp 2009-03-31 16:58:24 ----A---- C:\WINDOWS\zip.exe 2009-03-31 16:58:24 ----A---- C:\WINDOWS\VFIND.exe 2009-03-31 16:58:24 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-03-31 16:58:24 ----A---- C:\WINDOWS\SWSC.exe 2009-03-31 16:58:24 ----A---- C:\WINDOWS\SWREG.exe 2009-03-31 16:58:24 ----A---- C:\WINDOWS\sed.exe 2009-03-31 16:58:24 ----A---- C:\WINDOWS\NIRCMD.exe 2009-03-31 16:58:24 ----A---- C:\WINDOWS\grep.exe 2009-03-31 16:58:24 ----A---- C:\WINDOWS\fdsv.exe 2009-03-29 12:49:19 ----A---- C:\WINDOWS\system32\javaws.exe 2009-03-29 12:49:18 ----A---- C:\WINDOWS\system32\javaw.exe 2009-03-29 12:49:18 ----A---- C:\WINDOWS\system32\java.exe 2009-03-28 19:26:31 ----A---- C:\Boot.bak 2009-03-28 19:26:22 ----RASHD---- C:\cmdcons 2009-03-28 19:15:52 ----D---- C:\WINDOWS\ERDNT 2009-03-28 19:15:51 ----D---- C:\ComboFix 2009-03-28 16:32:19 ----A---- C:\fixnavi.txt 2009-03-28 16:30:54 ----D---- C:\Program Files\Navilog1 2009-03-28 14:39:30 ----A---- C:\FindyKill.txt 2009-03-28 12:27:15 ----AD---- C:\Qoobox 2009-03-28 11:49:08 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-03-28 00:14:50 ----D---- C:\SDFix 2009-03-27 20:01:33 ----A---- C:\mdelk.EXE 2009-03-22 16:48:38 ----D---- C:\Program Files\Raxco 2009-03-22 16:25:42 ----D---- C:\Program Files\CA 2009-03-21 22:45:22 ----D---- C:\Program Files\Innovative Solutions 2009-03-20 20:07:35 ----D---- C:\Documents and Settings\Guy\Application Data\QuickScan 2009-03-17 19:14:30 ----D---- C:\_AcroTemp 2009-03-11 19:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-03-11 19:43:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-03-11 19:43:10 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$ 2009-03-05 19:07:59 ----A---- C:\WINDOWS\system32\wextract.exe ======List of files/folders modified in the last 1 months====== 2009-04-04 18:37:51 ----D---- C:\WINDOWS\Prefetch 2009-04-04 18:35:03 ----D---- C:\WINDOWS\Temp 2009-04-04 17:10:36 ----D---- C:\Program Files\Mozilla Firefox 2009-04-04 11:38:06 ----D---- C:\Documents and Settings\Guy\Application Data\uTorrent 2009-04-04 11:33:52 ----D---- C:\WINDOWS\system32\CatRoot2 2009-04-04 10:24:55 ----D---- C:\Documents and Settings\Guy\Application Data\U3 2009-04-04 09:52:21 ----SHD---- C:\WINDOWS\Installer 2009-04-04 09:52:20 ----D---- C:\Config.Msi 2009-04-04 09:47:51 ----SD---- C:\WINDOWS\Tasks 2009-04-04 09:43:04 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-04-04 09:43:02 ----D---- C:\WINDOWS\Registration 2009-04-04 09:43:02 ----AD---- C:\WINDOWS 2009-04-03 22:23:00 ----D---- C:\WINDOWS\system32 2009-04-03 22:19:05 ----A---- C:\WINDOWS\system.ini 2009-04-03 22:17:59 ----D---- C:\WINDOWS\system32\drivers 2009-04-03 22:17:59 ----D---- C:\WINDOWS\AppPatch 2009-04-03 22:17:57 ----D---- C:\Program Files\Fichiers communs 2009-04-03 17:47:40 ----D---- C:\Program Files\PersonalBrain 2009-04-03 17:17:44 ----A---- C:\WINDOWS\Antidote.ini 2009-04-01 00:11:25 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-03-31 22:57:17 ----D---- C:\Program Files\Java 2009-03-29 21:53:52 ----D---- C:\Palm 2009-03-29 19:54:23 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-03-29 19:23:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-29 18:11:27 ----D---- C:\WINDOWS\Debug 2009-03-29 17:57:49 ----RD---- C:\Program Files 2009-03-29 12:47:11 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-03-28 23:21:58 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-03-28 23:18:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-03-28 22:55:51 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2009-03-28 22:55:42 ----D---- C:\Program Files\Lavasoft 2009-03-28 22:54:38 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-03-28 19:26:31 ----RASH---- C:\boot.ini 2009-03-28 19:25:00 ----D---- C:\WINDOWS\system32\Restore 2009-03-28 14:47:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-03-28 11:11:26 ----D---- C:\WINDOWS\Minidump 2009-03-28 01:08:30 ----D---- C:\Program Files\Windows Media Player 2009-03-28 00:34:21 ----D---- C:\Documents and Settings\Guy\Application Data\Lavasoft 2009-03-28 00:32:40 ----D---- C:\WINDOWS\Cursors 2009-03-27 20:27:18 ----D---- C:\WINDOWS\system 2009-03-27 18:31:38 ----HD---- C:\WINDOWS\inf 2009-03-24 18:55:15 ----D---- C:\Program Files\SpywareBlaster 2009-03-24 18:50:43 ----D---- C:\Program Files\ma-config.com 2009-03-22 17:58:41 ----D---- C:\__eetemp 2009-03-22 17:58:09 ----D---- C:\Documents and Settings\Guy\Application Data\Simple Sudoku 2009-03-22 17:58:06 ----D---- C:\Documents and Settings\Guy\Application Data\LimeWire 2009-03-22 17:58:05 ----D---- C:\Documents and Settings\Guy\Application Data\DVD Profiler 2009-03-22 00:29:59 ----D---- C:\WINDOWS\security 2009-03-20 23:56:31 ----D---- C:\WINDOWS\WinSxS 2009-03-18 09:21:25 ----D---- C:\Program Files\SpywareGuard 2009-03-16 07:28:03 ----D---- C:\WINDOWS\system32\config 2009-03-16 07:27:36 ----D---- C:\WINDOWS\system32\wbem 2009-03-15 20:31:33 ----D---- C:\Program Files\Fichiers communs\Ahead 2009-03-15 16:52:55 ----D---- C:\WINDOWS\system32\ias 2009-03-13 06:52:31 ----D---- C:\Documents and Settings\Guy\Application Data\dvdcss 2009-03-11 19:42:59 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-03-11 17:28:46 ----HD---- C:\WINDOWS\$hf_mig$ 2009-03-09 17:43:04 ----D---- C:\Program Files\PowerISO 2009-03-05 23:54:47 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-03-05 18:32:19 ----D---- C:\Program Files\DVD Profiler3 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-01-29 23976] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-02-20 5632] R2 ASPI32;ASPI32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-21 16512] R2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-11-26 835792] R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys [] R2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys [2008-10-06 53192] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-01-29 103488] R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295] R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2002-06-03 40832] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-23 908000] R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-05-20 25600] R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2005-05-20 36480] R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2005-05-20 68352] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624] R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-08-22 47360] R3 RPPKT;Radialpoint Filter (x86); C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384] R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2008-07-16 28672] S2 spydetector;spydetector; \??\C:\Program Files\Spyware Process Detector\Crack\spydetector.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\Guy\LOCALS~1\Temp\catchme.sys [] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 DUBE100;D-LINK DUB-E100 USB 2.0 to Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\DUBE100.sys [2003-11-11 11935] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392] S3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-15 11984] S3 ENETHUSB;Speedstream Ethernet USB Adapter; C:\WINDOWS\system32\DRIVERS\enethusb.sys [2006-03-31 28005] S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys [2005-05-20 54528] S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\drivers\LHidFlt2.sys [] S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\system32\drivers\LHidUsb.Sys [2001-09-19 37822] S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [] S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\MREMP50a64.sys [] S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [] S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [] S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [] S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\MRESP50a64.sys [] S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-11-28 27136] S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 sbpci;SB PCI Family Audio Driver (WDM); C:\WINDOWS\system32\drivers\sbpci.sys [2002-10-22 668160] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-30 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 BroadWaveService;BroadWave; C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe [2008-11-28 499716] R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe [2001-08-31 253952] R2 dvpapi;DvpApi; C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe [2007-11-27 177448] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-29 152984] R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-03-26 179856] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810] R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2008-04-28 414984] R2 RP_FWS;Sympatico Security Manager Firewall; C:\Program Files\Bell\Security Manager\Fws.exe [2008-03-10 303344] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] R2 VaultClientUpgrade;Personal Vault Upgrade Service; C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248] R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2008-04-28 738568] R3 RPSUpdaterR;Sympatico Security Manager Update Service; C:\Program Files\Bell\Security Manager\rpsupdaterR.exe [2008-10-06 99568] S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [] S3 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-03 72704] S3 Adobe Version Cue CS3;Adobe Version Cue CS3 {fr_FR} ; C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792] S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-16 651720] S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Radialpoint Security Services;Sympatico Security Manager; C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe [2008-03-10 67824] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-24 306432] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2009-04-04 18:38:47 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20} -->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE} -->MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF} -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x40c -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABBYY FineReader 9.0 Professional Edition-->MsiExec.exe /I{F9000000-0001-0000-0000-074957833700} Absolute Fretboard Trainer PRO-->C:\WINDOWS\GPInstall.exe "/UNINST=F:\Program Files\UnInst.log" "/APPNAME=Absolute Fretboard Trainer PRO" Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->C:\Program Files\Fichiers communs\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF} Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} Adobe Creative Suite 3 Design Premium-->MsiExec.exe /I{B1EF7B00-8FCC-4209-BFB6-37C50B354B2A} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe Dreamweaver CS3-->MsiExec.exe /I{4BDB76C6-902E-41D5-9064-68768E02886B} Adobe ExtendScript Toolkit 2-->C:\Program Files\Fichiers communs\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2} Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3} Adobe Flash CS3-->MsiExec.exe /I{80FD3971-8482-49C8-BA8C-B6464A15882F} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Video Encoder-->MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E} Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Illustrator CS3-->MsiExec.exe /I{6E08CE13-C2AB-4749-9335-5900B958929E} Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E} Adobe InDesign CS3-->MsiExec.exe /I{FE8327F9-3AC1-4586-8C7E-3DEE2BC92441} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A} Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1} Adobe Setup-->MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D} Adobe Setup-->MsiExec.exe /I{9D3F3D5A-BE6D-48C4-B51E-E2D6753ABCDE} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963} Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} Adobe® Photoshop® Album Edition Découverte 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD} Ajouter ou supprimer Adobe Creative Suite 3 Design Premium-->C:\Program Files\Fichiers communs\Adobe\Installers\e79070e1ef25043cbd93191267ecaf0\Setup.exe Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} Antidote RX v2-->MsiExec.exe /X{A474EA56-5DBD-4181-8230-806A4762EA7F} AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD" Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2} Authentium AntiVirus SDK - 2-->MsiExec.exe /I{C70EF769-8296-4ED0-966F-D624BC6D4927} AVIcodec (remove only)-->"C:\Program Files\AVIcodec\uninst.exe" AvosVins 3.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Golden\AvosVins3\DeIsL3.isu" -cC:\PROGRA~1\Golden\AVOSVI~1\_ISREG32.DLL Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} BroadWave-->C:\Program Files\NCH Swift Sound\BroadWave\uninst.exe Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x40c Brunin03.dll -removeonly CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CloneDVD2-->"E:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="E:\Program Files\Elaborate Bytes\CloneDVD2" CodeBaby Player (Remove Only) 1.0.2.15-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\codebaby.1.0.2.15.inf,DefaultUninstall,5 CodeBaby Player (Remove Only) 1.0.2.19-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\codebaby.1.0.2.19.inf,DefaultUninstall,5 Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" dBpoweramp [Calculate Audio CRC] Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat dBpoweramp FLAC Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat dBpoweramp Monkeys Audio Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat dBpoweramp mp3 (Fraunhofer IIS) Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat dBpoweramp Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat dBpoweramp Windows Media Audio 10 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat DicoMots désinstallation-->"C:\Program Files\olibul\unins000.exe" DiskeeperWorkstation-->MsiExec.exe /I{DF455F10-786F-41E4-805D-0CB59063FC9E} DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DriverMax 4-->"C:\Program Files\Innovative Solutions\DriverMax\unins000.exe" DVD Profiler Version 3.5.1-->"C:\Program Files\DVD Profiler3\unins000.exe" DVD Shrink 3.2-->"E:\Program Files\DVD Shrink\unins000.exe" EVEREST Ultimate Edition v4.50-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe" Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe Express Rip-->C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068} Gestionnaire de disques amovible Creative-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c /remove Golden Records Vinyl to CD Converter-->C:\Program Files\NCH Swift Sound\Golden\uninst.exe HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" ImpôtRapide 2007-->MsiExec.exe /X{3156B2FD-5C1D-4649-9FE3-EB6E77320266} InCD Reader-->MsiExec.exe /X{55D89841-6A94-4E51-A383-5BBDE3891036} Intel Application Accelerator-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371} Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} Kaplan and Sadock's CTP-->C:\WINDOWS\IsUninst.exe -fL:\KSCTP\Uninst.isu Lanceur WoWeb-->MsiExec.exe /X{2ACD1188-8799-48A8-9409-A5FD7EE1FE79} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Librarian Pro-->MsiExec.exe /I{7B367645-E3A4-4A77-B2B0-480FBB294069} Logitech SetPoint-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x40c -removeonly Ma-Config.com-->MsiExec.exe /X{06526E3A-92DD-4F45-90CD-902953F1A8D2} Magic ISO Maker v5.3 (build 0214)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG Magic ISO Maker v5.4 (build 0239)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA} Merck Manual Illustrated-->C:\WINDOWS\IsUninst.exe -f"R:\Program Files\Merck\Uninst.isu" Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Money 2007 Home & Business-->"C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120 Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E} Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Live Add-in beta-->MsiExec.exe /I{DBE4C0B6-E7E8-4985-9E96-081568EFEE7B} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" MixPad-->C:\Program Files\NCH Swift Sound\MixPad\uninst.exe Mozilla Firefox (3.0.-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MusicBrainz Picard 0.9.0-->E:\Program Files\MusicBrainz Picard\uninst.exe Navilog1 3.7.6-->"C:\Program Files\Navilog1\unins000.exe" NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7} Pack audio Creative-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x40c /remove Palm Desktop-->MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC} PaperPort-->MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC} PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} PDFCreator-->C:\Program Files\PDFCreator\unins000.exe PENTAX Digital Camera Utility-->C:\PROGRA~1\PENTAX\DIGITA~1\UNINST.EXE C:\PROGRA~1\PENTAX\DIGITA~1\INSTALL.LOG PerfectDisk-->MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7} Petit Larousse 2009-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{422FADA9-FED2-41D7-B5FA-472BB98B7784}\Setup.exe" -l0x40c Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8} PowerISO-->"C:\Program Files\PowerISO\uninstall.exe" PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} PPSDKRedistributables-->MsiExec.exe /I{C144C566-21EF-4F8C-9667-40CF19E6AED0} QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4} REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe" -l0x40c -removeonly Reasonable NoClone 2007 Enterprise-->MsiExec.exe /I{F670EEA9-CAE5-48BF-9A93-67C9F096AC88} Recordpad-->C:\Program Files\NCH Swift Sound\Recordpad\uninst.exe RPM Life Planner-->MsiExec.exe /I{A82B45E0-B522-491B-ADBC-5EBF3CF2B3E4} RPS Ad Blocker-->MsiExec.exe /I{05D0A02F-616D-4F2F-B143-1EDFD4954117} RPS AntiFraud-->MsiExec.exe /I{33E42E0F-DE63-4527-80F6-C54F749D4F72} RPS AntiFraud-->MsiExec.exe /I{BF54F134-4AB6-4418-83F7-62F2FB736BA8} RPS AntiSpyware-->MsiExec.exe /I{3A4EA99A-9CFB-4F21-8DBC-B55318791346} RPS AntiVirus-->MsiExec.exe /I{2F645B95-2EE3-4D12-B1F1-92792A5A0475} RPS App Detector-->MsiExec.exe /I{16F44008-A0B2-4F1D-8077-4EF3CECCF2A8} RPS AsRealtime-->MsiExec.exe /I{D919664A-4246-4FC1-A781-84631737EBF3} RPS Backup-->MsiExec.exe /I{A1A3D151-0707-4F6D-9DC1-8FAA6B8B152B} RPS Burn-->MsiExec.exe /I{9ED8C15D-35E7-4A4B-B103-C234A9600CCB} RPS Diagnostic Utility-->MsiExec.exe /I{17E8D1B6-A3B0-4F86-9D4B-B5B74FCE6CF8} RPS Firewall-->MsiExec.exe /I{FF50571F-15FF-4435-97E1-7BB70EAA53A0} RPS ParentalControl-->MsiExec.exe /I{EBCA18FC-A574-4EE1-B86B-87AB483C628C} RPS Performance Tool-->MsiExec.exe /I{ED2E9BCD-B68A-40F7-AE60-A530F3D30370} RPS PopupBlocker-->MsiExec.exe /I{B12897AC-1B80-41EE-B9A2-B965F766D157} RPS Privacy Manager-->MsiExec.exe /I{2403195D-95B9-42ED-BE2E-EB2A5A6E1648} RPS RpsCore-->MsiExec.exe /I{77A490DB-BBB8-4809-A0D5-37B592D76CED} RPS Security Cleanup-->MsiExec.exe /I{E39707C3-A285-467E-BEDE-E63A1AFF32FC} RPS Zip-->MsiExec.exe /I{AFE925E3-AEB4-4BBB-B97D-022135B50ED6} ScanSoft PDF Create! 4-->MsiExec.exe /I{67EC0AB2-8CF7-4415-9F70-7FBC593C0D5E} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Simple Sudoku 4.2-->"F:\Program Files\Simple Sudoku\unins000.exe" Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D} Sony Media Manager for PSP 2.0-->MsiExec.exe /X{05861C9A-98C0-4A8F-9A36-EB2F7E0FA2D1} Sound Blaster PCI128 Drivers-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{509291FD-CFC8-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0xc0c /remove Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe" SpywareGuard v2.2-->"C:\Program Files\SpywareGuard\unins000.exe" Stamp ID3 Tag Editor-->C:\Program Files\NCH Swift Sound\Stamp\uninst.exe Switch-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe Sympatico Security Advisor 1.5.11-->"C:\Program Files\Bell\Sympatico Security Advisor\unins000.exe" Sympatico Security Manager-->C:\Program Files\InstallShield Installation Information\{76AA8F37-51BD-445F-B355-293A72D6A291}\setup.exe -runfromtemp -l0x0009 -removeonly Traqueur 3.0.70-->"C:\Program Files\El Juky\Traqueur\unins000.exe" TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA} Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe Utilitaire d'identification du processeur Intel®-->MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328} VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive" Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE} Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D} Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Support Tools-->MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinISO 5.3-->"C:\Program Files\WinISO\unins000.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe =====HijackThis Backups===== O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) [2008-06-28] O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-06-28] ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: Sympatico Security Manager Anti-Virus FW: Sympatico Security Manager Firewall ======System event log====== Computer Name: Again Event Code: 7034 Message: Le service Mises à jour automatiques s'est terminé de façon inattendue pour la 1ème fois. Record Number: 17962 Source Name: Service Control Manager Time Written: 20090327205211.000000-240 Event Type: erreur User: Computer Name: Again Event Code: 7034 Message: Le service Centre de sécurité s'est terminé de façon inattendue pour la 1ème fois. Record Number: 17961 Source Name: Service Control Manager Time Written: 20090327205211.000000-240 Event Type: erreur User: Computer Name: Again Event Code: 7031 Message: Le service Infrastructure de gestion Windows s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 60000 millisecondes : Redémarrer le service. Record Number: 17960 Source Name: Service Control Manager Time Written: 20090327205211.000000-240 Event Type: erreur User: Computer Name: Again Event Code: 7031 Message: Le service TuneUp Extension de thème s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 120000 millisecondes : Redémarrer le service. Record Number: 17959 Source Name: Service Control Manager Time Written: 20090327205211.000000-240 Event Type: erreur User: Computer Name: Again Event Code: 7031 Message: Le service Thèmes s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 60000 millisecondes : Redémarrer le service. Record Number: 17958 Source Name: Service Control Manager Time Written: 20090327205211.000000-240 Event Type: erreur User: =====Application event log===== Computer Name: Again Event Code: 1001 Message: Échec de détection du produit '{C70EF769-8296-4ED0-966F-D624BC6D4927}', fonctionnalité 'AV_DVP' lors de la demande du composant '{E39DB87F-D2CB-42FF-AAA4-72E708258DC6}' Record Number: 985 Source Name: MsiInstaller Time Written: 20090322140725.000000-240 Event Type: Avertissement User: Again\Me Computer Name: Again Event Code: 1001 Message: Échec de détection du produit '{C70EF769-8296-4ED0-966F-D624BC6D4927}', fonctionnalité 'AV_DVP' lors de la demande du composant '{E39DB87F-D2CB-42FF-AAA4-72E708258DC6}' Record Number: 984 Source Name: MsiInstaller Time Written: 20090322140725.000000-240 Event Type: Avertissement User: Again\Me Computer Name: Again Event Code: 1001 Message: Échec de détection du produit '{C70EF769-8296-4ED0-966F-D624BC6D4927}', fonctionnalité 'AV_DVP' lors de la demande du composant '{E39DB87F-D2CB-42FF-AAA4-72E708258DC6}' Record Number: 983 Source Name: MsiInstaller Time Written: 20090322140725.000000-240 Event Type: Avertissement User: Again\Me Computer Name: Again Event Code: 1001 Message: Échec de détection du produit '{C70EF769-8296-4ED0-966F-D624BC6D4927}', fonctionnalité 'AV_DVP' lors de la demande du composant '{E39DB87F-D2CB-42FF-AAA4-72E708258DC6}' Record Number: 982 Source Name: MsiInstaller Time Written: 20090322140725.000000-240 Event Type: Avertissement User: Again\Me Computer Name: Again Event Code: 1001 Message: Échec de détection du produit '{C70EF769-8296-4ED0-966F-D624BC6D4927}', fonctionnalité 'AV_DVP' lors de la demande du composant '{E39DB87F-D2CB-42FF-AAA4-72E708258DC6}' Record Number: 981 Source Name: MsiInstaller Time Written: 20090322140725.000000-240 Event Type: Avertissement User: Again\Me ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "DiskeeperIcon"=C:\Program Files\Executive Software\DiskeeperWorkstation\ "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=1 "OS"=Windows_NT "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Executive Software\DiskeeperWorkstation;C:\Program Files\Support Tools;C:\Program Files\CA\PPRT\bin;C:\Program Files\QuickTime\QTSystem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 0 Stepping 10, GenuineIntel "PROCESSOR_LEVEL"=15 "PROCESSOR_REVISION"=000a "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "windir"=%SystemRoot% "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------
  14. Bonjour, Voici le résultat Malwarebytes' Anti-Malware 1.35 Version de la base de données: 1940 Windows 5.1.2600 Service Pack 3 2009-04-04 16:59:56 mbam-log-2009-04-04 (16-59-56).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|K:\|L:\|M:\|N:\|O:\|P:\|Q:\|R:\|S:\|) Eléments examinés: 276974 Temps écoulé: 2 hour(s), 49 minute(s), 16 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
×
×
  • Créer...