pabx
-
Compteur de contenus
7 -
Inscription
-
Dernière visite
pabx's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Bonjour, Pear, la procedure indiquée a été scrupuleusement suivie, et cela depuis le debut. peux-tu immaginer que cette manip ne fonctionne pas sur mon poste ou bien remet-tu en cause ma docilité à effectuer les operations? le programme ne se lance pas , et je ne sais pas pourquoi. en fouillant (mode sans echec) dans les processus actifs, j'ai vu un controle à distance actif ainsi que AAAaware. faut-il stoppper ces services ? peux-tu penser que d'autres services enpechent combofix de tourner ? cord; PABX
-
bonjour, Pear, j'ai lançé le mode 2 en sans echec et voila le resultat du log malheureusement, j'ai tjrs les pubs PO*RN dans ie et les adresses de type http://www.safer-networking.org/fr/index.html (spybots) impossible à joindre a+ PABX SmitFraudFix v2.392 Rapport fait 8:54:30,07, 06/02/2009 Execut partir de C:\Users\pabx\Desktop\SmitfraudFix OS: Microsoft Windows [version 6.0.6001] - Windows_NT Le type du systme de fichiers est Fix execut en mode sans echec SharedTaskScheduler Avant SmitFraudFix !!!Attention, les cls qui suivent ne sont pas forcment infectes!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll Arret des processus hosts 127.0.0.1 localhost VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri Winsock2 Fix S!Ri's WS2Fix: LSP not Found. Generic Renos Fix GenericRenosFix by S!Ri Suppression des fichiers infects C:\autorun.inf supprim IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri RK DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{00E877E3-46DF-4091-8FA5-2A6137EA0F77}: NameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{00E877E3-46DF-4091-8FA5-2A6137EA0F77}: NameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{00E877E3-46DF-4091-8FA5-2A6137EA0F77}: NameServer=192.168.0.1 Suppression Fichiers Temporaires Winlogon.System !!!Attention, les cls qui suivent ne sont pas forcment infectes!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Nettoyage du registre Nettoyage termin. SharedTaskScheduler Aprs SmitFraudFix !!!Attention, les cls qui suivent ne sont pas forcment infectes!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll Fin
-
re-re-re, option 1 lancée, voici le log a+, PABX SmitFraudFix v2.392 Scan done at 17:24:13,42, 05/02/2009 Run from C:\Users\pabx\Desktop\SmitfraudFix OS: Microsoft Windows [version 6.0.6001] - Windows_NT The filesystem type is Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\Windows\system32\csrss.exe C:\WINDOWS\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\WINDOWS\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe C:\Program Files\McAfee\VirusScan\Mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Windows\system32\svchost.exe C:\Program Files\TeamViewer3\TeamViewer_Service.exe C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Windows\system32\Dwm.exe C:\WINDOWS\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Users\pabx\AppData\Local\Google\Update\GoogleUpdate.exe C:\Windows\system32\svchost.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft OfficeAncien\Office\OSA.EXE C:\Program Files\Microsoft OfficeAncien\Office\FINDFAST.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\dev\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\McAfee\VirusScan\mcsysmon.exe C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe C:\Windows\system32\svchost.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Windows\system32\conime.exe C:\Windows\system32\svchost.exe C:\Windows\system32\mdm.exe c:\windows\system32\inetsrv\w3wp.exe C:\Windows\System32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\pabx\Desktop\SmitfraudFix\Policies.exe C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ C:\autorun.inf FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\pabx »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\pabx\AppData\Local\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\pabx\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\pabx\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, following keys are not inevitably infected!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, following keys are not inevitably infected!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=dword:00000001 "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\Windows\\system32\\userinit.exe," »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Connexion réseau Intel® 82562V 10/100 DNS Server Search Order: 192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{00E877E3-46DF-4091-8FA5-2A6137EA0F77}: NameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{00E877E3-46DF-4091-8FA5-2A6137EA0F77}: NameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{00E877E3-46DF-4091-8FA5-2A6137EA0F77}: NameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
-
Pear, re. j'ai relancé le soft, et voici le log Malwarebytes' Anti-Malware 1.33 Version de la base de donnes: 1654 Windows 6.0.6001 Service Pack 1 05/02/2009 15:24:06 mbam-log-2009-02-05 (15-24-06).txt Type de recherche: Examen rapide Elments examins: 61217 Temps coul: 3 minute(s), 5 second(s) Processus mmoire infect(s): 0 Module(s) mmoire infect(s): 0 Cl(s) du Registre infecte(s): 0 Valeur(s) du Registre infecte(s): 0 Elment(s) de donnes du Registre infect(s): 0 Dossier(s) infect(s): 0 Fichier(s) infect(s): 0 Processus mmoire infect(s): (Aucun lment nuisible dtect) Module(s) mmoire infect(s): (Aucun lment nuisible dtect) Cl(s) du Registre infecte(s): (Aucun lment nuisible dtect) Valeur(s) du Registre infecte(s): (Aucun lment nuisible dtect) Elment(s) de donnes du Registre infect(s): (Aucun lment nuisible dtect) Dossier(s) infect(s): (Aucun lment nuisible dtect) Fichier(s) infect(s): (Aucun lment nuisible dtect) lancé un peu plus tôt, en complet. voici le log Malwarebytes' Anti-Malware 1.33 Version de la base de donnes: 1654 Windows 6.0.6001 Service Pack 1 05/02/2009 13:44:11 mbam-log-2009-02-05 (13-44-11).txt Type de recherche: Examen complet (C:\|) Elments examins: 227933 Temps coul: 53 minute(s), 17 second(s) Processus mmoire infect(s): 0 Module(s) mmoire infect(s): 0 Cl(s) du Registre infecte(s): 0 Valeur(s) du Registre infecte(s): 0 Elment(s) de donnes du Registre infect(s): 0 Dossier(s) infect(s): 0 Fichier(s) infect(s): 0 Processus mmoire infect(s): (Aucun lment nuisible dtect) Module(s) mmoire infect(s): (Aucun lment nuisible dtect) Cl(s) du Registre infecte(s): (Aucun lment nuisible dtect) Valeur(s) du Registre infecte(s): (Aucun lment nuisible dtect) Elment(s) de donnes du Registre infect(s): (Aucun lment nuisible dtect) Dossier(s) infect(s): (Aucun lment nuisible dtect) Fichier(s) infect(s): (Aucun lment nuisible dtect)
-
bonjour Pear, j'ai lancé l'utilitaire demandé sauf que sa mise à jour est impossible. voici les logs; constat après le passage de ce soft:adresses spybot/Malwarebytes' Anti-Malware non accessibles et images C*O*K*I*N*E*S dans yahoo. voili, à bientôt; PABX Malwarebytes' Anti-Malware 1.33 Version de la base de donnes: 1654 Windows 6.0.6001 Service Pack 1 05/02/2009 08:58:31 mbam-log-2009-02-05 (08-58-31).txt Type de recherche: Examen complet (C:\|) Elments examins: 47990 Temps coul: 5 minute(s), 58 second(s) Processus mmoire infect(s): 0 Module(s) mmoire infect(s): 0 Cl(s) du Registre infecte(s): 3 Valeur(s) du Registre infecte(s): 0 Elment(s) de donnes du Registre infect(s): 0 Dossier(s) infect(s): 0 Fichier(s) infect(s): 0 Processus mmoire infect(s): (Aucun lment nuisible dtect) Module(s) mmoire infect(s): (Aucun lment nuisible dtect) Cl(s) du Registre infecte(s): HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> Quarantined and deleted successfully. Valeur(s) du Registre infecte(s): (Aucun lment nuisible dtect) Elment(s) de donnes du Registre infect(s): (Aucun lment nuisible dtect) Dossier(s) infect(s): (Aucun lment nuisible dtect) Fichier(s) infect(s): (Aucun lment nuisible dtect) puis Malwarebytes' Anti-Malware 1.33 Version de la base de donnes: 1654 Windows 6.0.6001 Service Pack 1 05/02/2009 09:02:28 mbam-log-2009-02-05 (09-02-28).txt Type de recherche: Examen rapide Elments examins: 60988 Temps coul: 3 minute(s), 6 second(s) Processus mmoire infect(s): 0 Module(s) mmoire infect(s): 0 Cl(s) du Registre infecte(s): 1 Valeur(s) du Registre infecte(s): 0 Elment(s) de donnes du Registre infect(s): 0 Dossier(s) infect(s): 3 Fichier(s) infect(s): 3 Processus mmoire infect(s): (Aucun lment nuisible dtect) Module(s) mmoire infect(s): (Aucun lment nuisible dtect) Cl(s) du Registre infecte(s): HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. Valeur(s) du Registre infecte(s): (Aucun lment nuisible dtect) Elment(s) de donnes du Registre infect(s): (Aucun lment nuisible dtect) Dossier(s) infect(s): C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. Fichier(s) infect(s): C:\Program Files\FunWebProducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully. puis, pour être sûr, Malwarebytes' Anti-Malware 1.33 Version de la base de donnes: 1654 Windows 6.0.6001 Service Pack 1 05/02/2009 13:44:11 mbam-log-2009-02-05 (13-44-11).txt Type de recherche: Examen complet (C:\|) Elments examins: 227933 Temps coul: 53 minute(s), 17 second(s) Processus mmoire infect(s): 0 Module(s) mmoire infect(s): 0 Cl(s) du Registre infecte(s): 0 Valeur(s) du Registre infecte(s): 0 Elment(s) de donnes du Registre infect(s): 0 Dossier(s) infect(s): 0 Fichier(s) infect(s): 0 Processus mmoire infect(s): (Aucun lment nuisible dtect) Module(s) mmoire infect(s): (Aucun lment nuisible dtect) Cl(s) du Registre infecte(s): (Aucun lment nuisible dtect) Valeur(s) du Registre infecte(s): (Aucun lment nuisible dtect) Elment(s) de donnes du Registre infect(s): (Aucun lment nuisible dtect) Dossier(s) infect(s): (Aucun lment nuisible dtect) Fichier(s) infect(s): (Aucun lment nuisible dtect)
-
merci Pear pour ta reactivité, voici les logs, merci d'avance,a+, PABX Logfile of random's system information tool 1.05 (written by random/random) Run by pabx at 2009-02-04 16:51:39 Microsoft Windows Vista Professionnel Service Pack 1 System drive C: has 427 GB (90%) free of 477 GB Total RAM: 3069 MB (66% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:51:41, on 04/02/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Windows\system32\Dwm.exe C:\WINDOWS\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Users\pabx\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft OfficeAncien\Office\OSA.EXE C:\Program Files\Microsoft OfficeAncien\Office\FINDFAST.EXE C:\dev\WinZip\WZQKPICK.EXE C:\Windows\System32\mobsync.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Windows\system32\wbem\unsecapp.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Windows\system32\mdm.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\Program Files\Microsoft OfficeAncien\Office\excel.exe C:\PROGRA~1\MACROM~1\FLASHM~1\Flash.exe C:\Users\PBARBA~1\AppData\Local\Temp\~e5d141.tmp C:\Users\PBARBA~1\AppData\Local\Temp\~e5d141.tmp C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Mail\WinMail.exe C:\dev\maquetteUNRCVIF\cpp\4 pour validation modifs\r1\Debug\r1.exe C:\Program Files\RealVNC\VNC4\vncviewer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\pabx\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\pabx.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=1080620 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/hws/sb/dell-row/fr/si...?channel=fr-smb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/hws/sb/dell-row/fr/si...?channel=fr-smb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=fr&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=fr&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/hws/sb/dell-row/fr/si...?channel=fr-smb R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=1080620 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fentres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fentres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [Google Update] "C:\Users\pabx\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RSEAU') O4 - Global Startup: Dmarrage d'Office.lnk = C:\Program Files\Microsoft OfficeAncien\Office\OSA.EXE O4 - Global Startup: Microsoft Recherche acclre.lnk = C:\Program Files\Microsoft OfficeAncien\Office\FINDFAST.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\dev\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU) O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU) O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\..\{00E877E3-46DF-4091-8FA5-2A6137EA0F77}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{00E877E3-46DF-4091-8FA5-2A6137EA0F77}: NameServer = 192.168.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{00E877E3-46DF-4091-8FA5-2A6137EA0F77}: NameServer = 192.168.0.1 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- End of file - 10541 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Ad-Aware Update (Weekly).job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3923002272-1710693064-464362699-1005.job C:\Windows\tasks\McDefragTask.job C:\Windows\tasks\McQcTask.job C:\Windows\tasks\User_Feed_Synchronization-{DCBD07F4-A06F-4286-8DEE-4CE7A2A96F65}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}] McAfee Phishing Filter - C:\Program Files\McAfee\MSK\mcapbho.dll [2007-09-19 329032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2007-10-24 58688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}] PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-12-15 806912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fentres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288] {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-12-15 806912] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048] "dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384] "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-06-20 29744] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992] "PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-02-26 128296] "RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552] "Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-01-18 506712] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920] "WindowsWelcomeCenter"=C:\WINDOWS\system32\oobefldr.dll [2008-01-21 2153472] "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032] "Google Update"=C:\Users\pabx\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-11 133104] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Dmarrage d'Office.lnk - C:\Program Files\Microsoft OfficeAncien\Office\OSA.EXE Microsoft Recherche acclre.lnk - C:\Program Files\Microsoft OfficeAncien\Office\FINDFAST.EXE WinZip Quick Pick.lnk - C:\dev\WinZip\WZQKPICK.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 "legalnoticecaption"= [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoFileUrl"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program" "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX" "C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program" "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ff1461d-437f-11dd-a9a8-806e6f6e6963}] shell\AutoRun\command - D:\Start.exe ======File associations====== .txt - open - "C:\Program Files\UltraEdit\UEDIT32.EXE" "%1" ======List of files/folders created in the last 1 months====== 2009-02-04 16:51:39 ----D---- C:\rsit 2009-02-04 16:03:44 ----A---- C:\Windows\ntbtlog.txt 2009-02-04 15:03:55 ----D---- C:\Program Files\Trend Micro 2009-02-04 14:36:27 ----A---- C:\Windows\system32\lsdelete.exe 2009-02-04 14:32:08 ----HDC---- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-02-04 14:32:06 ----D---- C:\ProgramData\Lavasoft 2009-02-04 14:32:06 ----D---- C:\Program Files\Lavasoft 2009-02-04 11:58:10 ----D---- C:\Program Files\coolplay 2009-02-04 11:58:06 ----AD---- C:\ProgramData\TEMP 2009-02-04 11:58:01 ----D---- C:\RECYCLER 2009-01-30 15:09:20 ----D---- C:\Program Files\Jmgr.info 2009-01-30 09:52:12 ----A---- C:\Windows\winhlp32.exe 2009-01-30 09:52:12 ----A---- C:\Windows\system32\ftsrch.dll 2009-01-30 09:52:12 ----A---- C:\Windows\system32\ftlx041e.dll 2009-01-30 09:52:12 ----A---- C:\Windows\system32\ftlx0411.dll 2009-01-29 16:17:26 ----A---- C:\Windows\TestSock.INI 2009-01-28 13:31:14 ----D---- C:\mp3 2009-01-28 09:18:10 ----D---- C:\ProgramData\Sony Ericsson 2009-01-28 09:18:10 ----D---- C:\Program Files\Sony Ericsson 2009-01-26 15:45:44 ----A---- C:\Windows\tcashw4.ini 2009-01-20 14:45:38 ----D---- C:\driversHP 2009-01-20 12:32:15 ----D---- C:\Program Files\TeamViewer 2009-01-07 12:12:06 ----A---- C:\Windows\NCUNINST.EXE 2009-01-07 12:08:51 ----A---- C:\Windows\hplj1010.ini 2009-01-07 12:08:43 ----D---- C:\Program Files\Common Files\SWF Studio ======List of files/folders modified in the last 1 months====== 2009-02-04 16:51:31 ----D---- C:\Windows\Temp 2009-02-04 16:24:42 ----D---- C:\Windows\System32 2009-02-04 16:24:42 ----D---- C:\Windows\inf 2009-02-04 16:24:42 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-02-04 16:23:35 ----D---- C:\Program Files\Mozilla Firefox 2009-02-04 16:20:31 ----A---- C:\Windows\UEDIT32.INI 2009-02-04 16:19:11 ----AH---- C:\Windows\system32\FFASTLOG.TXT 2009-02-04 16:19:07 ----D---- C:\Windows 2009-02-04 15:30:10 ----D---- C:\Windows\Prefetch 2009-02-04 15:10:32 ----A---- C:\Windows\SchedLgU.Txt 2009-02-04 15:03:55 ----RD---- C:\Program Files 2009-02-04 14:32:40 ----SD---- C:\Windows\Tasks 2009-02-04 14:32:40 ----D---- C:\Windows\system32\Tasks 2009-02-04 14:32:33 ----DC---- C:\Windows\system32\DRVSTORE 2009-02-04 14:32:33 ----D---- C:\Windows\system32\drivers 2009-02-04 14:32:33 ----D---- C:\Windows\system32\catroot 2009-02-04 14:32:08 ----SHD---- C:\Windows\Installer 2009-02-04 14:32:08 ----HD---- C:\ProgramData 2009-02-04 14:32:04 ----D---- C:\Windows\winsxs 2009-02-04 13:46:31 ----HD---- C:\Program Files\InstallShield Installation Information 2009-02-04 13:46:23 ----SHD---- C:\System Volume Information 2009-02-02 10:24:12 ----D---- C:\projets 2009-02-02 09:21:01 ----D---- C:\Windows\rescache 2009-01-30 15:15:41 ----D---- C:\backup 2009-01-30 14:46:00 ----D---- C:\Users\pabx\AppData\Roaming\dvdcss 2009-01-30 13:55:19 ----A---- C:\Windows\Kheops poste.INI 2009-01-30 11:01:46 ----D---- C:\echange 2009-01-30 09:52:28 ----D---- C:\Windows\system32\fr-FR 2009-01-30 09:52:28 ----D---- C:\Windows\fr-FR 2009-01-30 09:51:24 ----D---- C:\Windows\SoftwareDistribution 2009-01-30 09:41:02 ----D---- C:\mp4 2009-01-29 16:58:14 ----D---- C:\dev 2009-01-29 16:05:08 ----A---- C:\Windows\TCashW.INI 2009-01-28 17:19:03 ----D---- C:\ex mp4 2009-01-28 09:41:37 ----D---- C:\Windows\system32\catroot2 2009-01-27 13:48:58 ----D---- C:\Users\pabx\AppData\Roaming\gtk-2.0 2009-01-21 08:47:07 ----D---- C:\Windows\system32\spool 2009-01-20 16:37:09 ----D---- C:\Users\pabx\AppData\Roaming\TeamViewer 2009-01-20 14:27:15 ----RSD---- C:\Windows\Fonts 2009-01-20 12:32:09 ----D---- C:\Program Files\TeamViewer3 2009-01-07 12:08:43 ----D---- C:\Program Files\Common Files ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-21 350720] R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-07-23 30064] R1 mfehidk;McAfee Inc.; C:\Windows\system32\drivers\mfehidk.sys [2007-07-21 201288] R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-07-13 125728] R2 DLABMFSM;DLABMFSM; C:\Windows\System32\Drivers\DLABMFSM.SYS [2007-07-23 37360] R2 DLABOIOM;DLABOIOM; C:\Windows\System32\Drivers\DLABOIOM.SYS [2007-07-23 32848] R2 DLADResM;DLADResM; C:\Windows\System32\Drivers\DLADResM.SYS [2007-07-23 9136] R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\Drivers\DLAIFS_M.SYS [2007-07-23 108752] R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\Drivers\DLAOPIOM.SYS [2007-07-23 27216] R2 DLAPoolM;DLAPoolM; C:\Windows\System32\Drivers\DLAPoolM.SYS [2007-07-23 16304] R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\Drivers\DLAUDF_M.SYS [2007-07-23 98448] R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\Drivers\DLAUDFAM.SYS [2007-07-23 93552] R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-07-23 52000] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-03 3695104] R3 dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584] R3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384] R3 dot4usb;Filtre Dot4USB Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864] R3 e1express;Pilote de la connexion rseau Intel® PRO/1000 PCI Express; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672] R3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2008-03-13 57536] R3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2008-03-13 72000] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RtkHDAud.sys [2007-06-13 4403712] R3 mfeavfk;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk.sys [2007-07-24 79304] R3 mfebopk;McAfee Inc.; C:\Windows\system32\drivers\mfebopk.sys [2007-07-21 35240] R3 mfesmfk;McAfee Inc.; C:\Windows\system32\drivers\mfesmfk.sys [2007-07-21 40488] R3 mxser;MOXA Smartio/Industio Family Driver; C:\Windows\system32\DRIVERS\mxser.sys [2005-12-16 19712] R3 mxsport;MOXA Smartio/Industio Multiport Board Port Driver; C:\Windows\system32\DRIVERS\mxsport.sys [2005-12-16 88064] S3 drmkaud;Filtre de dcodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 mferkdk;McAfee Inc.; C:\Windows\system32\drivers\mferkdk.sys [2007-07-24 33800] S3 MSKSSRV;Proxy de service de rpartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de rpartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualit de rpartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Convertisseur en T/site--site de rpartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-11-06 34064] S3 Ser2pl;Prolific2 Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2004-09-16 43136] S3 usb_rndisx;Carte RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-21 15872] S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-21 31616] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 abp480n5;abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [2001-08-17 23552] S4 Aha154x;Aha154x; C:\Windows\system32\DRIVERS\aha154x.sys [2001-08-17 12800] S4 aic78u2;aic78u2; C:\Windows\system32\DRIVERS\aic78u2.sys [2001-08-17 55168] S4 amsint;amsint; C:\Windows\system32\DRIVERS\amsint.sys [2001-08-17 12032] S4 asc;asc; C:\Windows\system32\DRIVERS\asc.sys [2001-08-17 26496] S4 asc3350p;asc3350p; C:\Windows\system32\DRIVERS\asc3350p.sys [2001-08-17 22400] S4 asc3550;asc3550; C:\Windows\system32\DRIVERS\asc3550.sys [2001-08-17 14848] S4 cd20xrnt;cd20xrnt; C:\Windows\system32\DRIVERS\cd20xrnt.sys [2001-08-17 7680] S4 Cpqarray;Cpqarray; C:\Windows\system32\DRIVERS\cpqarray.sys [2001-08-17 14976] S4 dac2w2k;dac2w2k; C:\Windows\system32\DRIVERS\dac2w2k.sys [2001-08-17 179584] S4 dac960nt;dac960nt; C:\Windows\system32\DRIVERS\dac960nt.sys [2001-08-17 14720] S4 dpti2o;dpti2o; C:\Windows\system32\DRIVERS\dpti2o.sys [2001-08-17 20192] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 hpn;hpn; C:\Windows\system32\DRIVERS\hpn.sys [2001-08-17 25952] S4 ini910u;ini910u; C:\Windows\system32\DRIVERS\ini910u.sys [2001-08-17 16000] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 ql1080;ql1080; C:\Windows\system32\DRIVERS\ql1080.sys [2001-08-17 40320] S4 Ql10wnt;Ql10wnt; C:\Windows\system32\DRIVERS\ql10wnt.sys [2001-08-17 33152] S4 ql12160;ql12160; C:\Windows\system32\DRIVERS\ql12160.sys [2001-08-17 45312] S4 ql1240;ql1240; C:\Windows\system32\DRIVERS\ql1240.sys [2001-08-17 40448] S4 ql1280;ql1280; C:\Windows\system32\DRIVERS\ql1280.sys [2001-08-17 49024] S4 Sparrow;Sparrow; C:\Windows\system32\DRIVERS\sparrow.sys [2001-08-17 19072] S4 symc810;symc810; C:\Windows\system32\DRIVERS\symc810.sys [2001-08-17 16256] S4 ultra;ultra; C:\Windows\system32\DRIVERS\ultra.sys [2001-08-17 36736] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-06-03 684032] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976] R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [2008-01-25 2458128] R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe [2007-08-15 359248] R2 McShield;McAfee Real-time Scanner; C:\Program Files\McAfee\VirusScan\Mcshield.exe [2007-07-24 144704] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864] R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-08-24 23880] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744] R2 TeamViewer;TeamViewer 3; C:\Program Files\TeamViewer3\TeamViewer_Service.exe [2008-11-17 185640] R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-19 185640] R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504] R3 McSysmon;McAfee SystemGuards; C:\Program Files\McAfee\VirusScan\mcsysmon.exe [2007-07-25 695624] R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640] R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 aspnet_state;Service d'tat ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-21 33800] S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-21 523776] S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-06-20 29744] S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-06-20 29744] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2008-06-27 68096] S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2007-07-25 378184] S3 NtmsSvc;@%SystemRoot%\system32\ntmssvc.dll,-2; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792] S3 SQLWriter;Enregistreur VSS SQL Server; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504] S3 Visual Studio Analyzer RPC bridge;Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [1998-06-05 34036] S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-21 917504] S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272] S4 msvsmon80;Dbogueur distant Visual Studio 2005; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-12-09 2799808] S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320] S4 TlntSvr;@%SystemRoot%\system32\tlntsvr.exe,-119; C:\Windows\System32\tlntsvr.exe [2008-01-21 75776] -----------------EOF----------------- ainsi que info.txt logfile of random's system information tool 1.05 2009-02-04 16:51:42 ======Uninstall list====== -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} Actionaz 2.0.7.3-->"C:\Program Files\Jmgr.info\Actionaz 2\unins000.exe" Ad-Aware-->"C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.0 - Franais-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003} Assistant Publication de sites Web Microsoft 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\Windows\INF\wpie3x86.inf,WebPostUninstall ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" coolplay-->"C:\Program Files\coolplay\Uninstall.exe" Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1} Ethereal 0.10.9-->"C:\Program Files\Ethereal\uninstall.exe" Fichiers de prise en charge de l'installation de Microsoft SQLServer (Franais)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62} FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe" GIMP 2.4.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe" Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HyperTerminal Private Edition v6.3-->C:\Windows\System32\Unwise32.exe /Z C:\PROGRA~1\WINDOW~2\HYPERT~1\Install.log Intel® PRO Network Connections 12.1.8.0-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1 iSiloX-->C:\Program Files\iSilo\iSiloX\IXWSetup.exe /u Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x40c UNINSTALL McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Device Emulator version 1.0 - FRA-->MsiExec.exe /X{F6E08BCD-8411-4943-85B6-C8F79AC613AC} Microsoft Document Explorer 2005 Language Pack - FRA-->MsiExec.exe /X{A0EEDF22-8A8A-45C3-9571-FCCE846ABAED} Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1} Microsoft Office 97 Professional-->C:\Program Files\Microsoft OfficeAncien\Office\Install\Acme.exe /w Off97Pro.STF Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE} Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{480DBB60-F0B6-45F2-B26F-1A2E11197791} Microsoft SQL Server 2005 Mobile [FRA] Developer Tools-->MsiExec.exe /X{8BBF1F9B-846E-412E-A291-D471E5BED251} Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{3F59A7E0-BC01-4435-9E93-C7D7015C21DA} Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove Microsoft SQL Server Management Studio Express-->MsiExec.exe /I{4180886D-723A-42E3-A5AC-55B7AFDD0342} Microsoft SQL Server Native Client-->MsiExec.exe /I{9C7E944F-4502-40B8-A0AB-66B2FA9EE829} Microsoft SQL Server VSS Writer-->MsiExec.exe /I{335EE0D1-CBF2-499A-8830-7DA4ADDD60F8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe Microsoft Visual Studio 2005 Professional - Franais-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - FRA\setup.exe Microsoft Visual Studio 6.0 dition Entreprise (Franais)-->"C:\Program Files\Microsoft Visual Studio\Common\Setup\1036\Setup.exe" Microsoft Works-->MsiExec.exe /I{3B160861-7250-451E-B5EE-8B92BF30A710} Module de compatibilit pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} Module de prise en charge linguistique de Microsoft Document Explorer 2005 - FRA-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005 Language Pack - FRA\install.exe Module de prise en charge linguistique de Microsoft Visual J# 2.0 Redistributable - FRA-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Module de prise en charge linguistique de Microsoft Visual J# 2.0 Redistributable - FRA\install.exe Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSDN Library pour Visual Studio 6.0a (Franais)-->"C:\Program Files\Microsoft Visual Studio\MSDN98\98VSa\1036\Setup\Setup.exe" MSR-->C:\MSR14\Uninstal.exe NeoNet Navigateur-->C:\NeoNet\UNWISE.EXE C:\NeoNet\INSTALL.LOG OpenNETCF Smart Device Framework SP1 2.2-->C:\Program Files\OpenNETCF\Smart Device Framework\2.2\uninst.exe Opera 9.62-->MsiExec.exe /X{D9226EB1-C528-48AC-B423-BD9240E1F60B} PDFCreator Toolbar-->"C:\Windows\PDFCreator_Toolbar_Uninstaller_1660.exe" _?=C:\Program Files\PDFCreator Toolbar PDFCreator-->C:\Program Files\PDFCreator\unins000.exe Permis de construire Expert CAD-->"C:\Program Files\Anuman Interactive\Permis de construire Expert CAD\unins000.exe" PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x40c -cluninstall Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Roxio Activation Module-->MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68} Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82} Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC} Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048} Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87} Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF} Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668} Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB} Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat Smart Device Framework-->"C:\ProgramData\{B92FE74F-651F-4C3A-8C80-24E147592138}\SDFCommunity.exe" REMOVE=TRUE MODIFY=FALSE Smart Device Framework-->C:\ProgramData\{B92FE74F-651F-4C3A-8C80-24E147592138}\SDFCommunity.exe SocketScan RFid Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B67E3A63-C2AF-4681-9AE4-7D6C8E7507E4}\setup.exe" -l0x9 -removeonly SocketScan Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{830B105A-40FA-4D9B-992A-44E4D1BE0D2F}\setup.exe" -l0x9 -removeonly Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B} Sony Noise Reduction Plug-In 2.0e-->MsiExec.exe /X{D533C9D4-ED96-4191-B9C3-279C0DD6BABA} Sony Sound Forge 9.0-->MsiExec.exe /X{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B} TeamViewer 3-->C:\Program Files\TeamViewer3\uninstall.exe TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe VNC Free Edition 4.1.1-->"C:\Program Files\RealVNC\VNC4\unins000.exe" WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5} WinZip Command Line Support Add-On 2.2-->C:\dev\WinZip\wzuninst.exe wzcline C:\dev\WinZip\wzclun.dll Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Toolbar avec bloqueur de fentres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe =====HijackThis Backups===== O17 - HKLM\System\CCS\Services\Tcpip\..\{00E877E3-46DF-4091-8FA5-2A6137EA0F77}: NameServer = 85.255.112.39,85.255.112.40 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40 O17 - HKLM\System\CS2\Services\Tcpip\..\{00E877E3-46DF-4091-8FA5-2A6137EA0F77}: NameServer = 85.255.112.39,85.255.112.40 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40 ======Security center information====== AS: Lavasoft Ad-Watch Live! AS: Windows Defender System event log Computer Name: BIG_DELL Event Code: 7036 Message: Le service Macromedia Licensing Service est entr dans l'tat : arrt. Record Number: 32511 Source Name: Service Control Manager Time Written: 20090204152227.000000-000 Event Type: Information User: Computer Name: BIG_DELL Event Code: 7036 Message: Le service Macromedia Licensing Service est entr dans l'tat : en cours d'excution. Record Number: 32512 Source Name: Service Control Manager Time Written: 20090204152658.000000-000 Event Type: Information User: Computer Name: BIG_DELL Event Code: 7036 Message: Le service Macromedia Licensing Service est entr dans l'tat : arrt. Record Number: 32513 Source Name: Service Control Manager Time Written: 20090204152758.000000-000 Event Type: Information User: Computer Name: BIG_DELL Event Code: 7036 Message: Le service Programme dinstallation de modules Windows est entr dans l'tat : arrt. Record Number: 32514 Source Name: Service Control Manager Time Written: 20090204152855.000000-000 Event Type: Information User: Computer Name: BIG_DELL Event Code: 7036 Message: Le service Service de dcouverte automatique de Proxy Web pour les services HTTP Windows est entr dans l'tat : arrt. Record Number: 32515 Source Name: Service Control Manager Time Written: 20090204153815.000000-000 Event Type: Information User: Application event log Computer Name: BIG_DELL Event Code: 102 Message: WinMail (5632) WindowsMail0: Le moteur de la base de donnes (6.00.6001.0000) a dmarr une nouvelle instance (0). Record Number: 15409 Source Name: ESENT Time Written: 20090204152439.000000-000 Event Type: Information User: Computer Name: BIG_DELL Event Code: 1001 Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont t supprims. Les donnes d'enregistrement contiennent les nouvelles valeurs du dernier compteur systme et les dernires entres du registre d'aide. Record Number: 15410 Source Name: Microsoft-Windows-LoadPerf Time Written: 20090204152442.000000-000 Event Type: Information User: Computer Name: BIG_DELL Event Code: 1000 Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont t chargs. Les donnes d'enregistrement dans la section des donnes contiennent les nouvelles valeurs d'index assignes ce service. Record Number: 15411 Source Name: Microsoft-Windows-LoadPerf Time Written: 20090204152442.000000-000 Event Type: Information User: Computer Name: BIG_DELL Event Code: 103 Message: WinMail (5632) WindowsMail0: Le moteur de la base de donnes a arrt l'instance (0). Record Number: 15412 Source Name: ESENT Time Written: 20090204152645.000000-000 Event Type: Information User: Computer Name: BIG_DELL Event Code: 102 Message: WinMail (4188) WindowsMail0: Le moteur de la base de donnes (6.00.6001.0000) a dmarr une nouvelle instance (0). Record Number: 15413 Source Name: ESENT Time Written: 20090204153614.000000-000 Event Type: Information User: Security event log Computer Name: BIG_DELL Event Code: 1100 Message: Le service denregistrement des vnements a t arrt. Record Number: 345 Source Name: Microsoft-Windows-Eventlog Time Written: 20090204133243.060000-000 Event Type: Succs de l'audit User: Computer Name: BIG_DELL Event Code: 4616 Message: Lheure du systme a t modifie. Sujet: ID de scurit: S-1-5-19 Nom du compte: SERVICE LOCAL Domaine du compte: AUTORITE NT ID douverture de session: 0x3e5 Informations sur le processus: ID du processus: 0x578 Nom: C:\Windows\System32\svchost.exe Heure prcdente: 14:32:42 04/02/2009 Nouvelle heure: 14:32:42 04/02/2009 Cet vnement est gnr lorsque lheure du systme est modifie. Le changement rgulier de lheure du systme est une opration normale de la part du service de temps Windows qui sexcute avec des privilges systme. Mais, dautres modifications de lheure du systme peuvent indiquer des tentatives de falsification de lordinateur. Record Number: 346 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090204133242.904000-000 Event Type: Succs de l'audit User: Computer Name: BIG_DELL Event Code: 1100 Message: Le service denregistrement des vnements a t arrt. Record Number: 347 Source Name: Microsoft-Windows-Eventlog Time Written: 20090204141032.544600-000 Event Type: Succs de l'audit User: Computer Name: BIG_DELL Event Code: 1108 Message: Le service de journalisation des vnements a rencontr une erreur lors du traitement dun vnement entrant publi partir de Microsoft-Windows-Security-Auditing. Record Number: 348 Source Name: Microsoft-Windows-Eventlog Time Written: 20090204141033.246600-000 Event Type: Succs de l'audit User: Computer Name: BIG_DELL Event Code: 1100 Message: Le service denregistrement des vnements a t arrt. Record Number: 349 Source Name: Microsoft-Windows-Eventlog Time Written: 20090204151755.947938-000 Event Type: Succs de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files\Microsoft SQL Server\90\Tools\binn\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\ "VS80COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\ -----------------EOF-----------------
-
bonjour a tous, j'ai installé BETEMENT un decompilateur flash ( avg free ok ) mais depuis j'ai de des pubs porno un peu partout sous IE, je n'ai plus acces à http://www.safer-networking.org/fr/index.html (maj spybot), pourtant accessible sur une autre machine du reseau. bref je suis dans le C*A*C*A. can you help me? merci d'avance. PABX Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:49:53, on 04/02/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\WINDOWS\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Users\pbarbaroux\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft OfficeAncien\Office\OSA.EXE C:\Program Files\Microsoft OfficeAncien\Office\FINDFAST.EXE C:\dev\WinZip\WZQKPICK.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\mdm.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Windows\system32\wbem\unsecapp.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\RealVNC\VNC4\vncviewer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=1080620 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/hws/sb/dell-row/fr/si...?channel=fr-smb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/hws/sb/dell-row/fr/si...?channel=fr-smb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=fr&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=fr&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/hws/sb/dell-row/fr/si...?channel=fr-smb R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=1080620 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [Google Update] "C:\Users\pbarbaroux\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft OfficeAncien\Office\OSA.EXE O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft OfficeAncien\Office\FINDFAST.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\dev\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU) O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU) O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\..\{00E877E3-46DF-4091-8FA5-2A6137EA0F77}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{00E877E3-46DF-4091-8FA5-2A6137EA0F77}: NameServer = 192.168.0.1 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- End of file - 10016 bytes