Aller au contenu

aziouz

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    16

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    Français

aziouz's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. aziouz
    Bonjour, Sur les conseils de Tonton, je poste mon problème ici pour une aide pour désinfecter mon ordi. Précédent post : Problèmes avec Windows 7 après virus - Forums Zebulon.fr Je crois que mon ordinateur (Windosw 7) est infecté et malgré une désinfection apparemment correcte (Avast free) et une récupération du système, j'ai toujours des problèmes. J'ai voulu téléchargé Malwayres Bytes à partir de sites de confiance, il m'est signalé que mbamservices.exe est infecté par un virus !! Je vous joint le rapport généré par ZHPDiag2 http://cjoint.com/?BBfvkUkNAmf Merci pour l'aide
  2. aziouz
    Merci Tonton, je retrouve l'esprit d'entre aide qui anime ce forum. Entre-temps, m'étant un peu livré à moi-même (sic !), j'ai entrepris une récupération à partir de F8 au démarrage. J'ai retrouvé toutes les fonctionnalités de l'OS. Je vais donc relancer ZHPDiag pour un nouveau diagnostic et faire ensuite ce que tu m'as recommandé. Merci et bonne continuation !
  3. aziouz
    Bonjour, Cette remarque sur l'OS installé m'a fait tomber de ma chaise. Mon ordinateur a été acheté en magasin, ce n'est pas un clone. Il s'agit d'un Acer Vériton, avec 4 Go de Ram et un DD de 250 Go payé assez cher d'ailleurs avec Windows 7 Professionnel pré-installé. Maintenant il est vrai que j'ai pu être arnaqué, dois-je encore en payer le prix ? Je comptais tellement sur votre aide que j'en suis littéralement atterré. J'avais déjà eu par le passé des problèmes et votre forum m'avait grandement aidé. Merci
  4. aziouz
    Merci pour ta réponse rapide TOnton ! Je te joins le fichier généré par ZHPDiag à l'adresse : Lien CJoint.com BBeapOjfw1u NB : j'ai posté également le sujet à un autre endroit du forum et je m'en excuse (http://forum.zebulon...us-t191241.html), je demande au Modérateur de le supprimer et ne laisser que ce sujet. Merci
  5. aziouz
    Bonsoir Après vérification par Malwares Bytes (Avast n'a rien vu !), d'un fichier téléchargé détection d'un virus (Worm autorun je crois). Sans avoir lancé le fichier en question le système s'est considérablement ralenti, toutes les icônes ont disparu, celles du bureau, ilne reste que leur description, ainsi que celles de l'explorateur. Le menu démarrer est bloqué. Avast est désactivé et les bases de Malwares Bytes sont corrompues. Après avoir lancé ComboFix et réalisé une récupération système, j'ai toujours les mêmes problèmes. Je viens demander une aide pour éventuellement réparer (trop de données dans le disk !) Merci
  6. aziouz
    Bonjour tout le monde, J'ai utilisé l'outil symantec sur le notebook. Tout à l'air de marcher parfaitement. Donc plus de soucis sur ce plan. Le desktop me semble également bien nettoyé. Plus de lenteur ni de crash. Encore une fois sauvé du formatage auquel je m'étais résolu avant de lancer mon SOS ! Merci à tous et particulièrement à toi Thanos pour ta patience et la régularité de tes réponses ! On ne lance jamais à son médecin : A bientôt ! Mais le coeur y est !
  7. aziouz
    L'installation de nouvelle version Java s'est faite correctement, mais la suppression de l'ancienne version fait cracher JavaRa ! (désinstallation manuelle par Ajout-Suppression de programme de Windows) JavaRa 1.14 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Mon Jun 08 21:54:28 2009 Could not delete: C:\Program Files\Java\jre1.5.0_09 Asking Windows to delete
  8. aziouz
    Hier j'avais désactiver le service de pvmser et de POMZBVVILXRL et pvmser.exe a disparu comme par enchantement du repertoire system32 !! J'ai par ailleurs un fichier etilqs_KeRlLQIVoNZ4mr4hcvQd de 0 octet qui apparait régulièrement dans le répertoire TEMP, sans extension et caché, même après le passage d'OTM. Je le signale à toute fin utile. Rapport d'OTM : ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== Service\Driver mrlgmrye deleted successfully. Service\Driver pascczn deleted successfully. Service\Driver POMZBVVILXRL not found. Service\Driver POMZBVVILXRL not found. Service\Driver POMZBVVILXRL not found. Service\Driver WGDTMUGZL deleted successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05367272-5dd2-11db-8e1a-4d6564696130}\\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17118cd2-99ca-11db-8f1f-4d6564696130}\\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35ddd21d-2ea4-11de-8ca1-00194b88b63b}\\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{622d9d2a-ac00-11dc-b98e-00194b88b63b}\\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cda1393c-8e05-11db-8ef5-4d6564696130}\\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e20195c6-3bf9-11de-8cc5-0016ec52896f}\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer not found. ========== COMMANDS ========== File delete failed. C:\Temp\BCG251.tmp scheduled to be deleted on reboot. File delete failed. C:\Temp\ZLT05b2d.TMP scheduled to be deleted on reboot. File delete failed. C:\Temp\~DF6454.tmp scheduled to be deleted on reboot. File delete failed. C:\Temp\etilqs_AGndhJlSgvw9rAI88GDj scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\Aziz\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Aziz\Local Settings\Temporary Internet Files\Content.IE5\EASIMD04\rectangle_300x250[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Aziz\Local Settings\Temporary Internet Files\Content.IE5\EASIMD04\ads[2].txt scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Aziz\Local Settings\Temporary Internet Files\Content.IE5\TBZ20CWF\AP_ADV_728x90[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Aziz\Local Settings\Temporary Internet Files\Content.IE5\TBZ20CWF\AP_ADV_300x250[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Aziz\Local Settings\Temporary Internet Files\Content.IE5\EKW2AHR6\ban_728x90[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Aziz\Local Settings\Temporary Internet Files\Content.IE5\8E42RGVF\hp[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Aziz\Local Settings\Temporary Internet Files\Content.IE5\8E42RGVF\iframe[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Aziz\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. Network Service Temp folder emptied. File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Network Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Aziz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uct2rih2.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Aziz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uct2rih2.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Aziz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uct2rih2.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Aziz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uct2rih2.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Aziz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uct2rih2.default\Cache\62B742C0d01 scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Aziz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uct2rih2.default\XUL.mfl scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Aziz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uct2rih2.default\urlclassifier3.sqlite scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTM by OldTimer - Version 2.1.0.0 log created on 06082009_165542 Files moved on Reboot... File move failed. C:\Temp\BCG251.tmp scheduled to be moved on reboot. File move failed. C:\Temp\ZLT05b2d.TMP scheduled to be moved on reboot. File move failed. C:\Temp\~DF6454.tmp scheduled to be moved on reboot. File move failed. C:\Temp\etilqs_AGndhJlSgvw9rAI88GDj scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Aziz\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Aziz\Local Settings\Temporary Internet Files\Content.IE5\EASIMD04\rectangle_300x250[1].htm scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Aziz\Local Settings\Temporary Internet Files\Content.IE5\EASIMD04\ads[2].txt scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Aziz\Local Settings\Temporary Internet Files\Content.IE5\TBZ20CWF\AP_ADV_728x90[1].htm scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Aziz\Local Settings\Temporary Internet Files\Content.IE5\TBZ20CWF\AP_ADV_300x250[1].htm scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Aziz\Local Settings\Temporary Internet Files\Content.IE5\EKW2AHR6\ban_728x90[1].htm scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Aziz\Local Settings\Temporary Internet Files\Content.IE5\8E42RGVF\hp[1].htm scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Aziz\Local Settings\Temporary Internet Files\Content.IE5\8E42RGVF\iframe[1].htm scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Aziz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uct2rih2.default\Cache\_CACHE_MAP_ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Aziz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uct2rih2.default\Cache\_CACHE_001_ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Aziz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uct2rih2.default\Cache\_CACHE_002_ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Aziz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uct2rih2.default\Cache\_CACHE_003_ scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Aziz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uct2rih2.default\Cache\62B742C0d01 scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Aziz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uct2rih2.default\XUL.mfl scheduled to be moved on reboot. File move failed. C:\Documents and Settings\Aziz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uct2rih2.default\urlclassifier3.sqlite scheduled to be moved on reboot. Registry entries deleted on Reboot... Rapport de Virus total sur AL2DLL.dll Fichier AL2DLL.dll reçu le 2009.06.08 16:01:55 (UTC) Résultat: 0/40 (0%) AntivirusVersionDernière mise à jour Résultat a-squared4.5.0.182009.06.08- AhnLab-V35.0.0.22009.06.08- AntiVir7.9.0.1802009.06.08- Antiy-AVL2.0.3.12009.06.08- Authentium5.1.2.42009.06.08- Avast4.8.1335.02009.06.07- AVG8.5.0.3392009.06.08- BitDefender7.22009.06.08- CAT-QuickHeal10.002009.06.08- ClamAV0.94.12009.06.08- Comodo12852009.06.08- DrWeb5.0.0.121822009.06.08- eSafe7.0.17.02009.06.07- eTrust-Vet31.6.65472009.06.08- F-Prot4.4.4.562009.06.08- F-Secure8.0.14470.02009.06.08- Fortinet3.117.0.02009.06.08- GData192009.06.08- IkarusT3.1.1.59.02009.06.08- K7AntiVirus7.10.7572009.06.08- Kaspersky7.0.0.1252009.06.08- McAfee56402009.06.08- McAfee+Artemis56402009.06.08- McAfee-GW-Edition6.7.62009.06.08- Microsoft1.47012009.06.08- NOD3241382009.06.08- Norman6.01.092009.06.08- nProtect2009.1.8.02009.06.08- Panda10.0.0.142009.06.07- PCTools4.4.2.02009.06.06- Prevx3.02009.06.08- Rising21.33.03.002009.06.08- Sophos4.42.02009.06.08- Sunbelt3.2.1858.22009.06.07- Symantec1.4.4.122009.06.08- TheHacker6.3.4.3.3422009.06.08- TrendMicro8.950.0.10922009.06.08- VBA323.12.10.62009.06.08- ViRobot2009.6.8.17732009.06.08- VirusBuster4.6.5.02009.06.08- Information additionnelle File size: 249856 bytesMD5...: 92a1abc6b202b895b1f162ed0de09e03SHA1..: f62d525ea53cd0876355164a8015adb6d3979a04SHA256: ae1c5704912749013cf555bf24f01675cee43586c745d62e8838f9283f2af7cbssdeep: - PEiD..: Armadillo v1.xx - v2.xxTrID..: File type identification DirectShow filter (51.8%) Windows OCX File (31.8%) Win32 Executable MS Visual C++ (generic) (9.7%) Windows Screen Saver (3.3%) Win32 Executable Generic (2.1%)PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xfad7 timedatestamp.....: 0x45c01287 (Wed Jan 31 03:52:39 2007) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x130f4 0x14000 6.10 baf1466dbef944a4f5226eb575650e2a .rdata 0x15000 0x18c3 0x2000 4.81 7414fb0349c65ab323b18e87ab616ba1 .data 0x17000 0x9290 0x4000 4.89 73ffd9f94ccec2d024874f429d6fce8d .rsrc 0x21000 0x1fc80 0x20000 6.13 32a15f9587fb50fef47a0614ba3d5900 .reloc 0x41000 0x1890 0x2000 4.16 ee7c4706838011c65d2ef716134a540a ( 8 imports ) > KERNEL32.dll: HeapDestroy, lstrcatA, MapViewOfFile, CreateFileMappingA, GetCurrentThreadId, GetProcAddress, LoadLibraryA, GetSystemDefaultLangID, GetVersion, GetSystemDirectoryA, GetVersionExA, IsDBCSLeadByte, lstrcpynA, lstrcmpiA, LoadLibraryExA, GetLastError, FindResourceA, LoadResource, SizeofResource, FreeLibrary, lstrlenW, MultiByteToWideChar, GetShortPathNameA, InterlockedDecrement, GetTickCount, GetCurrentProcessId, WideCharToMultiByte, InitializeCriticalSection, ReadFile, SetEndOfFile, CreateFileA, SetFilePointer, FlushFileBuffers, SetStdHandle, GetStringTypeW, GetStringTypeA, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, TlsGetValue, SetLastError, TlsFree, TlsAlloc, DisableThreadLibraryCalls, TlsSetValue, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, GetOEMCP, InterlockedIncrement, lstrlenA, GetModuleHandleA, GetPrivateProfileStringA, lstrcpyA, GetPrivateProfileIntA, GetModuleFileNameA, GetCurrentProcess, TerminateProcess, WriteFile, CloseHandle, VirtualAlloc, VirtualFree, GetACP, GetCPInfo, GetCommandLineA, RtlUnwind, HeapAlloc, HeapReAlloc, HeapFree, ExitProcess, HeapCreate, LCMapStringA, LCMapStringW > USER32.dll: GetDC, CreatePopupMenu, MessageBoxA, SendMessageA, IsWindow, SetWindowLongA, CreateWindowExA, GetFocus, EnumChildWindows, RegisterWindowMessageA, wsprintfA, CharNextA, GetClassNameA, ReleaseDC, DestroyMenu, DestroyIcon, PostMessageA, TrackPopupMenu, SetForegroundWindow, AppendMenuA, LoadImageA, IsWindowVisible, GetSysColor, DefWindowProcA, RegisterClassA, FindWindowA, wvsprintfA, FindWindowExW, GetWindowLongA, GetForegroundWindow, DrawIconEx, GetCursorPos, SetTimer, KillTimer > GDI32.dll: EnumFontFamiliesA, DeleteDC, TextOutA, CreateDCA, DeleteObject, GetTextExtentPoint32A, GetTextExtentPoint32W, SelectObject, SetBkColor, SetTextColor, ExtTextOutA, ExtTextOutW, SetBkMode, TextOutW, Rectangle, CreateFontIndirectA > ADVAPI32.dll: RegEnumKeyExA, RegQueryValueExA, RegEnumValueA, RegQueryInfoKeyA, RegCloseKey, RegOpenKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegSetValueExA > ole32.dll: CoGetMalloc, CoTaskMemAlloc, StringFromIID, CoTaskMemFree, CoTaskMemRealloc, CoCreateInstance > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, - > WINMM.dll: PlaySoundA > SHLWAPI.dll: StrToIntA ( 4 exports ) DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer PDFiD.: -RDS...: NSRL Reference Data Set -CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=92a1abc6b202b895b1f162ed0de09e03' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=92a1abc6b202b895b1f162ed0de09e03</a>
  9. aziouz
    Pour regedit.exe, c'est un fichier microsoft certifié copié par moi-même du répertoire windows à un moment où je n'arrivais pas à acceder à la base de registre (?!). Par contre pvmser.exe (Application inconnue), reproduite plusieurs fois dans la base de registre et active en mémoire, m'est totalement inconnue !! Fichier pvmser.exe reçu le 2009.06.08 01:33:13 (UTC) AntivirusVersionDernière mise à jour Résultats a-squared 4.0.0.101 2009.06.04 - AhnLab-V3 5.0.0.2 2009.06.07 - AntiVir 7.9.0.180 2009.06.07 - Antiy-AVL 2.0.3.1 2009.06.05 - Authentium 5.1.2.4 2009.06.08 - Avast 4.8.1335.0 2009.06.07 - AVG 8.5.0.339 2009.06.07 - BitDefender 7.2 2009.06.08 - CAT-QuickHeal 10.00 2009.06.06 - ClamAV 0.94.1 2009.06.08 - Comodo 1281 2009.06.08 - DrWeb 5.0.0.12182 2009.06.08 - eSafe 7.0.17.0 2009.06.07 - eTrust-Vet 31.6.6542 2009.06.05 - F-Prot 4.4.4.56 2009.06.08 - F-Secure 8.0.14470.0 2009.06.08 - Fortinet 3.117.0.0 2009.06.07 - GData 19 2009.06.08 - Ikarus T3.1.1.59.0 2009.06.08 - K7AntiVirus 7.10.754 2009.06.04 - Kaspersky 7.0.0.125 2009.06.08 - McAfee 5639 2009.06.07 - McAfee+Artemis 5639 2009.06.07 - McAfee-GW-Edition 6.7.6 2009.06.07 - Microsoft 1.4701 2009.06.07 - NOD32 4136 2009.06.07 - Norman 6.01.09 2009.06.05 - nProtect 2009.1.8.0 2009.06.07 - Panda 10.0.0.14 2009.06.07 - PCTools 4.4.2.0 2009.06.06 - Prevx 3.0 2009.06.08 - Rising 21.32.62.00 2009.06.07 - Sophos 4.42.0 2009.06.08 - Sunbelt 3.2.1858.2 2009.06.07 - Symantec 1.4.4.12 2009.06.08 - TrendMicro 8.950.0.1092 2009.06.06 - VBA32 3.12.10.6 2009.06.08 - ViRobot 2009.6.5.1771 2009.06.05 - VirusBuster 4.6.5.0 2009.06.07 - Information additionnelle File size: 86016 bytes MD5...: 96a48c8a8d7a3f353dc5d23fb4ff03a5 SHA1..: 48f0cb84a9186e0f751085caf894e23befa46959 SHA256: d3101d07232fa9233cda8b4f4e984d4127ff7d300af9177414396a51d425b779 ssdeep: - PEiD..: - TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x3bc0 timedatestamp.....: 0x467a941e (Thu Jun 21 15:07:10 2007) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xc554 0xd000 6.44 3efb4372bca50d39538ec5814f92a00b .rdata 0xe000 0x3178 0x4000 4.70 cf50e04716191eec91afc3834dc98079 .data 0x12000 0x2f88 0x2000 1.27 d96342c4f3328cdd9a275c0cbb345411 .rsrc 0x15000 0xb0 0x1000 3.05 77ce695c811789dde0a61350084b87ab ( 5 imports ) > pvmservdll.dll: -, -, -, -, - > KERNEL32.dll: GetVersionExA, GetModuleFileNameA, CreateMutexA, SetEndOfFile, Sleep, ReleaseMutex, GetShortPathNameA, GlobalUnlock, GlobalFree, GlobalAlloc, GlobalLock, SetFileAttributesA, GetWindowsDirectoryA, DeviceIoControl, GetVersion, CreateFileA, CloseHandle, GetLastError, HeapSize, ReadFile, GetFileType, GetLocaleInfoA, GetLocalTime, GetCommandLineA, HeapFree, HeapAlloc, GetProcessHeap, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EnterCriticalSection, LeaveCriticalSection, SetHandleCount, GetStdHandle, GetStartupInfoA, DeleteCriticalSection, SetFilePointer, RtlUnwind, GetProcAddress, GetModuleHandleA, ExitProcess, WriteFile, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, VirtualAlloc, HeapReAlloc, SetStdHandle, FlushFileBuffers, InitializeCriticalSection, LoadLibraryA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW > USER32.dll: wsprintfA > ADVAPI32.dll: RegisterServiceCtrlHandlerA, RegEnumValueA, RegDeleteValueA, SetServiceStatus, RegEnumKeyA, RegDeleteKeyA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegOpenKeyExA, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey, OpenSCManagerA, DeleteService, ControlService, OpenServiceA, StartServiceA, CreateServiceA, CloseServiceHandle, StartServiceCtrlDispatcherA > SHELL32.dll: SHGetSpecialFolderPathA ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set
  10. aziouz
    Voilà les deux fichiers (Malwarebytes et RSIT) Malwarebytes' Anti-Malware 1.37 Version de la base de données: 2243 Windows 5.1.2600 Service Pack 3 07/06/2009 22:09:28 mbam-log-2009-06-07 (22-09-28).txt Type de recherche: Examen complet (C:\|E:\|H:\|) Eléments examinés: 531690 Temps écoulé: 1 hour(s), 53 minute(s), 4 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) ------------------------------------------------------------- Logfile of random's system information tool 1.06 (written by random/random) Run by Aziz at 2009-06-07 20:36:22 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 12 GB (25%) free of 49 GB Total RAM: 1023 MB (44% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:37:03, on 07/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\pvmser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\dllhost.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe E:\Program Files\USDownloader\USDownloader.exe C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\FIREFOX.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe E:\Logiciels\Virus\RSIT.exe C:\HijackThis\Aziz.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: Flash and Media Capture Helper - {E8803722-A7F5-45C5-B39A-A8B244486EC2} - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Flash and Media Capture Bar - {650EB965-8A1D-41C9-A941-0578F5CFC569} - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [uSDownloader] "E:\Program Files\USDownloader\USDownloader.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Download with USDownloader - E:\Program Files\USDownloader\Ext\downloadie.html O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL O9 - Extra button: AutoLogin - {D04AA3F7-DEE7-479B-A153-24E6C36300C0} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Save Media files - {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165854171656 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: GEARSecurity - NetSupport Ltd - (no file) O23 - Service: Service Google Update (gupdate1c9e6fe28128e9a) (gupdate1c9e6fe28128e9a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: POMZBVVILXRL - Unknown owner - C:\Temp\POMZBVVILXRL.exe (file missing) O23 - Service: pvmwinser - Unknown owner - C:\WINDOWS\system32\pvmser.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZONELABS\vsmon.exe O23 - Service: WGDTMUGZL - Sysinternals - www.sysinternals.com - C:\Temp\WGDTMUGZL.exe -- End of file - 12790 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job C:\WINDOWS\tasks\Maintenance en 1 clic.job C:\WINDOWS\tasks\Schedule Task Weekly.job C:\WINDOWS\tasks\User_Feed_Synchronization-{8DD952B1-62EE-4584-B29D-4881C063DD6F}.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1547161642-839522115-1003.job C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}] SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-09-22 66888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-06-07 399352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-07-23 1410344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}] C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-02-13 5804872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 434279] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC200356-0864-4F66-8964-5D43A19300F5}] AL2Spy Class - C:\WINDOWS\AUTOLO~1\AL2DLL.dll [2007-08-27 249856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8803722-A7F5-45C5-B39A-A8B244486EC2}] Flash and Media Capture Helper - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll [2007-11-15 1739352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-02-13 5804872] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-09-22 161096] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-06-07 399352] {650EB965-8A1D-41C9-A941-0578F5CFC569} - Flash and Media Capture Bar - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll [2007-11-15 1739352] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "C-Media Mixer"=Mixer.exe /startup [] "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184] "tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2005-11-04 90112] "snpstd3"=C:\WINDOWS\vsnpstd3.exe [2005-09-05 339968] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "USDownloader"=E:\Program Files\USDownloader\USDownloader.exe [2008-09-10 529920] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward] C:\Program Files\Vtune\TBPanel.exe [2006-09-13 2154496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [2008-02-28 570664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe [2009-01-05 336896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza] C:\Program Files\Shareaza\Shareaza.exe [2008-10-01 5723136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-09-18 185896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe [2007-08-02 95504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Action Manager 32.lnk] C:\PROGRA~1\ScannerU\AM32.exe [2002-06-28 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EmEditor.lnk] C:\PROGRA~1\EmEditor\emedtray.exe [2007-12-16 90768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk] C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-07-07 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Aziz^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk.disabled] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Aziz^Menu Démarrer^Programmes^Démarrage^Outil de notification Live Search.lnk] C:\DOCUME~1\Aziz\APPLIC~1\MICROS~1\LIVESE~1\NOTIFI~1.EXE [2008-12-20 143360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SandraTheSrv"=3 "SandraDataSrv"=3 "ose"=3 "Macromedia Licensing Service"=3 "idsvc"=3 "FLEXnet Licensing Service"=3 "TUWinStylerThemeSvc"=2 "rpcapd"=3 "WMPNetworkSvc"=3 "odserv"=3 "NVSvc"=2 "NMIndexingService"=3 "NBService"=3 "gusvc"=3 "PSI_SVC_2"=2 "ProtexisLicensing"=2 "usnjsvc"=3 "TuneUp.Defrag"=3 "Nero BackItUp Scheduler 3"=2 "WLSetupSvc"=3 "Microsoft Office Groove Audit Service"=3 "SandraAgentSrv"=3 "PLFlash DeviceIoControl Service"=2 "maconfservice"=3 "LEC TranslateDotNet Server"=3 "Bonjour Service"=2 "Second Backup Service"=3 "gupdate1c9b70973ff494e"=2 "fsssvc"=3 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage SnagIt 9.lnk - C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 190464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] "{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"=C:\WINDOWS\qvphook.dll [2007-12-27 57344] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\client32] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskmgr"=0 "DisableChangePassword"=0 "DisableLockWorkstation"=0 "NoDispSettingsPage"=0 "NoDispAppearancePage"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 "NoFolderOptions"=0 "NoFileUrl"=0 "NoRun"=0 "NoUpdateCheck"=0 "NoLogoff"=0 "NoClose"=0 "NoSetFolders"=0 "NoFind"=0 "NoDrives"=0 "NoDesktop"=0 "DisallowRun"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\System32\dpnsvr.exe"="C:\WINDOWS\System32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza" "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare" "C:\Program Files\IBP 10\IBP.exe"="C:\Program Files\IBP 10\IBP.exe:*:Enabled:Internet Business Promoter (IBP)" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\e-Campaign\eCampaign.exe"="C:\Program Files\e-Campaign\eCampaign.exe:*:Enabled:e-Campaign" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05367272-5dd2-11db-8e1a-4d6564696130}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17118cd2-99ca-11db-8f1f-4d6564696130}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35ddd21d-2ea4-11de-8ca1-00194b88b63b}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{622d9d2a-ac00-11dc-b98e-00194b88b63b}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cda1393c-8e05-11db-8ef5-4d6564696130}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e20195c6-3bf9-11de-8cc5-0016ec52896f}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg ======File associations====== .inf - open - .ini - open - notepad.exe %1 .js - edit - .js - open - .reg - edit - .txt - open - notepad.exe %1 .vbs - edit - ======List of files/folders created in the last 1 months====== 2009-06-07 15:50:09 ----D---- C:\WINDOWS\LastGood 2009-06-07 03:25:20 ----A---- C:\WINDOWS\IE4 Error Log.txt 2009-06-07 00:25:55 ----D---- C:\Program Files\Google 2009-06-06 23:52:33 ----D---- C:\rsit 2009-06-06 22:59:16 ----A---- C:\lopR.txt 2009-06-06 22:57:47 ----D---- C:\Lop SD 2009-06-06 09:12:34 ----A---- C:\WINDOWS\ntbtlog.txt 2009-06-05 15:50:57 ----D---- C:\HijackThis 2009-06-05 00:01:23 ----A---- C:\WINDOWS\wininit.ini 2009-06-04 23:23:00 ----D---- C:\Program Files\Avira GmbH 2009-05-29 19:36:14 ----D---- C:\Documents and Settings\Aziz\Application Data\Broad Intelligence 2009-05-29 19:36:06 ----D---- C:\Program Files\MediaCoder Mobile Phone Edition 2009-05-28 21:47:56 ----A---- C:\WINDOWS\system32\TweakUI.exe 2009-05-23 08:19:23 ----A---- C:\process.txt 2009-05-23 00:29:13 ----D---- C:\Program Files\VirusSecureLab 2009-05-22 19:02:04 ----A---- C:\WINDOWS\system32\regedit.exe 2009-05-18 12:13:15 ----D---- C:\Program Files\Avira 2009-05-18 12:13:15 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-05-10 22:06:27 ----D---- C:\Program Files\Second Backup ======List of files/folders modified in the last 1 months====== 2009-06-07 15:47:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-06-03 21:47:46 ----A---- C:\Documents and Settings\Aziz\Application Data\ispro3_0.tmp 2009-06-01 00:24:54 ----A---- C:\WINDOWS\NeroDigital.ini 2009-05-26 13:50:16 ----A---- C:\WINDOWS\win.ini 2009-05-26 13:50:16 ----A---- C:\WINDOWS\SYSTEM.INI 2009-05-26 13:50:16 ----A---- C:\BOOT.INI 2009-05-23 01:19:22 ----A---- C:\WINDOWS\wincmd.ini 2009-05-10 22:06:10 ----A---- C:\WINDOWS\iun6002.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840] R1 cdrblock;cdrblock; C:\WINDOWS\system32\DRIVERS\cdrblock.sys [2005-06-14 10368] R1 cdrport;cdrport; C:\WINDOWS\system32\DRIVERS\cdrport.sys [2005-03-11 4608] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 PCISys;PCISys; C:\WINDOWS\system32\drivers\pcisys.sys [2008-10-09 39520] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-15 353672] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-02 12032] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640] R2 DLPortIO;DriverLINX Port I/O Driver; \??\C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS [] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152] R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys [] R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2002-07-27 5306] R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520] R3 gdihook5;gdihook5; C:\WINDOWS\system32\DRIVERS\gdihook5.sys [2008-10-09 31328] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408] R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-03-13 47360] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-11-09 10368] R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2005-11-07 8718848] R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912] R3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912] R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [] S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [] S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [] S2 HF30Sys;HF30Sys; C:\WINDOWS\system32\drivers\HF30Sys.sys [] S3 adiusbae;USB ADSL LAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbae.sys [] S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [] S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; C:\WINDOWS\system32\drivers\Ad-Watch Connect Filter.sys [] S3 Bcfilter;Jetico Personal Firewall Network Monitor; C:\WINDOWS\system32\DRIVERS\bcfilter.sys [] S3 BcfilterMP;BcfilterMP; C:\WINDOWS\system32\DRIVERS\bcfilter.sys [] S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [] S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [] S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [] S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 46944] S3 CoachVc;Coach Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 44256] S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder Mobile Phone Edition\SysInfo.sys [] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2008-09-22 43520] S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 gwiopm;gwiopm; C:\WINDOWS\system32\drivers\gwiopm.sys [] S3 HF30Kbd;HF30Kbd; C:\WINDOWS\system32\drivers\HF30Kbd.sys [] S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-01-21 26248] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [] S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 mrlgmrye;mrlgmrye; \??\C:\WINDOWS\system32\0248.tmp [] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000] S3 pascczn;pascczn; \??\C:\WINDOWS\system32\0590.tmp [] S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-02 5888] S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\WNt500x86\Sandra.sys [] S3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [] S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [] S3 viafilter;VIA USB Filter; C:\WINDOWS\System32\Drivers\viausb1.sys [2001-09-19 9728] S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2006-02-09 248704] S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [] S3 vncmirror;vncmirror; C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2008-06-12 4608] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 ZSMC0305;VIMICRO USB PC Camera V; C:\WINDOWS\System32\Drivers\usbVM305.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089] R2 InstallShield Licensing Service;InstallShield Licensing Service; C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe [2009-01-15 85184] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812] R2 pvmwinser;pvmwinser; C:\WINDOWS\system32\pvmser.exe [2007-06-21 86016] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZONELABS\vsmon.exe [2009-02-15 2402184] S2 gupdate1c9e6fe28128e9a;Service Google Update (gupdate1c9e6fe28128e9a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-07 133104] S2 zqlcsz.REN;Support Universal; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 LPDSVC;Serveur d'impression TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-02 19456] S3 POMZBVVILXRL;POMZBVVILXRL; C:\Temp\POMZBVVILXRL.exe [] S3 W3SVC;Publication World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872] S3 WGDTMUGZL;WGDTMUGZL; C:\Temp\WGDTMUGZL.exe [2009-06-06 478080] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-02 655624] S4 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [] S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S4 IISADMIN;Administration IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872] S4 maconfservice;maconfservice; C:\Program Files\ma-config.com\maconfservice.exe [2008-05-14 576680] S4 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe [] S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464] S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2008-02-28 529704] S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S4 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S4 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656] S4 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048] S4 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2009-01-05 52224] S4 Second Backup Service;Second Backup Service; C:\Program Files\Second Backup\SecondBackup.exe [2009-01-20 1744896] S4 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872] S4 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-12-05 362240] S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2008-12-05 603904] S4 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] -----------------EOF-----------------
  11. aziouz
    L'opération a été exécutée à la lettre sans passage par la case mode sans échec. Mon ordi est redevenu "normal". Je me croyais à jour des maj windowsupdate : il en manquait une !! Merci Thanos pour toute l'aide prodiguée et merci au forum Zebulon Je double mes précautions doréanavant. Rapport de l'outil Symantec : Symantec W32.Downadup Removal Tool 1.1.0.7 ERROR: Can't change ACL/permissions for file C:\pagefile.sys; file not scanned C:\Program Files\Flash Menu Labs Pro v2\FlashMenuLabs.exe: failed in scanning. C:\WINDOWS\system32\ylwvoghj.vir: W32.Downadup.B (unrepairable) (deleted) ERROR: Can't change ACL/permissions for file C:\WINDOWS\system32\zllictbl.dat; file not scanned C:\System Volume Information\_restore{D2091FDC-462D-439B-8A10-86EDA1E22E67}\RP1\A0000055.DLL: W32.Downadup.B (unrepairable) (deleted) ERROR: Can't change ACL/permissions for file E:\pagefile.sys; file not scanned registry: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets: dl (value deleted) registry: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets: ds (value deleted) registry: HKLM\system\CurrentControlSet\Services\BITS: Start (value set to 0x00000003 (3)) W32.Downadup has been successfully removed from your computer! Here is the report: The total number of the scanned files: 622723 The number of deleted threat files: 2 The number of threat processes terminated: 0 The number of threat threads terminated: 0 The number of registry entries fixed: 3
  12. aziouz
    Bonjour à tous Une dernière analyse anti-virale me fait détecter Confiker W32.Downadup !!!!! Avec quelques acrobaties puisque les sites éditeurs m'étaient interdits, j'ai pu télécharger l'outil de désinfection de Symantec. Cet outils me semble efficace sur mon notebook, le virus est détecté et éliminé. Ma navigation redevient normale, les fichiers cachés sont enfin visibles. Sur mon ordi de bureau (objet de ce post), c'est plus laborieux (350 Go !). Une première désinfection me semble incomplète malgré la découverte de plusieurs clés du registre infectées. Ma clé USB se réinfecte à chaque fois avec un fichier autorun.inf et un répertoire Recycled cachés. Je vais retenter une désinfection ce soir. Ce forum que je consulte souvent est une source intarissable d'informations et de bonnes idées ! Bravo pour vos aides. Le post est toujours ouvert, mon problème principal n'étant pas résolu.
  13. aziouz
    Voilà le contenu des deux fichiers : Log.txt : Logfile of random's system information tool 1.06 (written by random/random) Run by Aziz at 2009-06-06 23:52:33 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 11 GB (23%) free of 49 GB Total RAM: 1023 MB (31% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:52:56, on 06/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\pvmser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\dllhost.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe E:\Program Files\USDownloader\USDownloader.exe C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe C:\Program Files\Mozilla Firefox\FIREFOX.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\System32\svchost.exe E:\Downloads\RSIT.exe C:\HijackThis\Aziz.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: Flash and Media Capture Helper - {E8803722-A7F5-45C5-B39A-A8B244486EC2} - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Flash and Media Capture Bar - {650EB965-8A1D-41C9-A941-0578F5CFC569} - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [uSDownloader] "E:\Program Files\USDownloader\USDownloader.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Download with USDownloader - E:\Program Files\USDownloader\Ext\downloadie.html O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL O9 - Extra button: AutoLogin - {D04AA3F7-DEE7-479B-A153-24E6C36300C0} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Save Media files - {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165854171656 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: GEARSecurity - NetSupport Ltd - (no file) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: POMZBVVILXRL - Unknown owner - C:\Temp\POMZBVVILXRL.exe (file missing) O23 - Service: pvmwinser - Unknown owner - C:\WINDOWS\system32\pvmser.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZONELABS\vsmon.exe O23 - Service: WGDTMUGZL - Sysinternals - www.sysinternals.com - C:\Temp\WGDTMUGZL.exe -- End of file - 12525 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job C:\WINDOWS\tasks\Maintenance en 1 clic.job C:\WINDOWS\tasks\Schedule Task Weekly.job C:\WINDOWS\tasks\User_Feed_Synchronization-{8DD952B1-62EE-4584-B29D-4881C063DD6F}.job C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1547161642-839522115-1003.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}] SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-09-22 66888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-06-07 399352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-07-23 1410344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}] C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-02-13 5804872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 434279] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC200356-0864-4F66-8964-5D43A19300F5}] AL2Spy Class - C:\WINDOWS\AUTOLO~1\AL2DLL.dll [2007-08-27 249856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8803722-A7F5-45C5-B39A-A8B244486EC2}] Flash and Media Capture Helper - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll [2007-11-15 1739352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-02-13 5804872] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-09-22 161096] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-06-07 399352] {650EB965-8A1D-41C9-A941-0578F5CFC569} - Flash and Media Capture Bar - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll [2007-11-15 1739352] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "C-Media Mixer"=Mixer.exe /startup [] "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184] "tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2005-11-04 90112] "snpstd3"=C:\WINDOWS\vsnpstd3.exe [2005-09-05 339968] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "USDownloader"=E:\Program Files\USDownloader\USDownloader.exe [2008-09-10 529920] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward] C:\Program Files\Vtune\TBPanel.exe [2006-09-13 2154496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [2008-02-28 570664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe [2009-01-05 336896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza] C:\Program Files\Shareaza\Shareaza.exe [2008-10-01 5723136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-09-18 185896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe [2007-08-02 95504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Action Manager 32.lnk] C:\PROGRA~1\ScannerU\AM32.exe [2002-06-28 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EmEditor.lnk] C:\PROGRA~1\EmEditor\emedtray.exe [2007-12-16 90768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk] C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-07-07 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Aziz^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk.disabled] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Aziz^Menu Démarrer^Programmes^Démarrage^Outil de notification Live Search.lnk] C:\DOCUME~1\Aziz\APPLIC~1\MICROS~1\LIVESE~1\NOTIFI~1.EXE [2008-12-20 143360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SandraTheSrv"=3 "SandraDataSrv"=3 "ose"=3 "Macromedia Licensing Service"=3 "idsvc"=3 "FLEXnet Licensing Service"=3 "TUWinStylerThemeSvc"=2 "rpcapd"=3 "WMPNetworkSvc"=3 "odserv"=3 "NVSvc"=2 "NMIndexingService"=3 "NBService"=3 "gusvc"=3 "PSI_SVC_2"=2 "ProtexisLicensing"=2 "usnjsvc"=3 "TuneUp.Defrag"=3 "Nero BackItUp Scheduler 3"=2 "WLSetupSvc"=3 "Microsoft Office Groove Audit Service"=3 "SandraAgentSrv"=3 "PLFlash DeviceIoControl Service"=2 "maconfservice"=3 "LEC TranslateDotNet Server"=3 "Bonjour Service"=2 "Second Backup Service"=3 "gupdate1c9b70973ff494e"=2 "fsssvc"=3 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage SnagIt 9.lnk - C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 190464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] "{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"=C:\WINDOWS\qvphook.dll [2007-12-27 57344] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\client32] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskmgr"=0 "DisableChangePassword"=0 "DisableLockWorkstation"=0 "NoDispSettingsPage"=0 "NoDispAppearancePage"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=149 "NoFolderOptions"=0 "NoFileUrl"=0 "NoRun"=0 "NoUpdateCheck"=0 "NoLogoff"=0 "NoClose"=0 "NoSetFolders"=0 "NoFind"=0 "NoDrives"=0 "NoDesktop"=0 "DisallowRun"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\System32\dpnsvr.exe"="C:\WINDOWS\System32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza" "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare" "C:\Program Files\IBP 10\IBP.exe"="C:\Program Files\IBP 10\IBP.exe:*:Enabled:Internet Business Promoter (IBP)" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\e-Campaign\eCampaign.exe"="C:\Program Files\e-Campaign\eCampaign.exe:*:Enabled:e-Campaign" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05367272-5dd2-11db-8e1a-4d6564696130}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17118cd2-99ca-11db-8f1f-4d6564696130}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{622d9d2a-ac00-11dc-b98e-00194b88b63b}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b85817b0-549a-11dc-90df-00604c3ac173}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cda1393c-8e05-11db-8ef5-4d6564696130}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e20195c6-3bf9-11de-8cc5-0016ec52896f}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg ======File associations====== .inf - open - .ini - open - notepad.exe %1 .js - edit - .js - open - .reg - edit - .txt - open - notepad.exe %1 .vbs - edit - ======List of files/folders created in the last 1 months====== 2009-06-06 23:52:33 ----D---- C:\rsit 2009-06-06 22:59:16 ----A---- C:\lopR.txt 2009-06-06 22:57:47 ----D---- C:\Lop SD 2009-06-06 09:12:34 ----A---- C:\WINDOWS\ntbtlog.txt 2009-06-05 15:50:57 ----D---- C:\HijackThis 2009-06-05 00:01:23 ----A---- C:\WINDOWS\wininit.ini 2009-06-04 23:23:00 ----D---- C:\Program Files\Avira GmbH 2009-05-29 19:36:14 ----D---- C:\Documents and Settings\Aziz\Application Data\Broad Intelligence 2009-05-29 19:36:06 ----D---- C:\Program Files\MediaCoder Mobile Phone Edition 2009-05-28 21:47:56 ----A---- C:\WINDOWS\system32\TweakUI.exe 2009-05-23 08:19:23 ----A---- C:\process.txt 2009-05-23 00:29:13 ----D---- C:\Program Files\VirusSecureLab 2009-05-22 19:02:04 ----A---- C:\WINDOWS\system32\regedit.exe 2009-05-18 12:13:15 ----D---- C:\Program Files\Avira 2009-05-18 12:13:15 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-05-10 22:06:27 ----D---- C:\Program Files\Second Backup ======List of files/folders modified in the last 1 months====== 2009-06-06 23:44:06 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-06-03 21:47:46 ----A---- C:\Documents and Settings\Aziz\Application Data\ispro3_0.tmp 2009-06-01 00:24:54 ----A---- C:\WINDOWS\NeroDigital.ini 2009-05-26 13:50:16 ----A---- C:\WINDOWS\win.ini 2009-05-26 13:50:16 ----A---- C:\WINDOWS\SYSTEM.INI 2009-05-26 13:50:16 ----A---- C:\BOOT.INI 2009-05-23 01:19:22 ----A---- C:\WINDOWS\wincmd.ini 2009-05-10 22:06:10 ----A---- C:\WINDOWS\iun6002.exe 2009-05-07 08:16:30 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840] R1 cdrblock;cdrblock; C:\WINDOWS\system32\DRIVERS\cdrblock.sys [2005-06-14 10368] R1 cdrport;cdrport; C:\WINDOWS\system32\DRIVERS\cdrport.sys [2005-03-11 4608] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 PCISys;PCISys; C:\WINDOWS\system32\drivers\pcisys.sys [2008-10-09 39520] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-15 353672] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-02 12032] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640] R2 DLPortIO;DriverLINX Port I/O Driver; \??\C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS [] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152] R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys [] R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2002-07-27 5306] R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520] R3 gdihook5;gdihook5; C:\WINDOWS\system32\DRIVERS\gdihook5.sys [2008-10-09 31328] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408] R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-03-13 47360] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-11-09 10368] R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2005-11-07 8718848] R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912] R3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912] R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [] S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [] S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [] S2 HF30Sys;HF30Sys; C:\WINDOWS\system32\drivers\HF30Sys.sys [] S3 adiusbae;USB ADSL LAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbae.sys [] S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [] S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; C:\WINDOWS\system32\drivers\Ad-Watch Connect Filter.sys [] S3 Bcfilter;Jetico Personal Firewall Network Monitor; C:\WINDOWS\system32\DRIVERS\bcfilter.sys [] S3 BcfilterMP;BcfilterMP; C:\WINDOWS\system32\DRIVERS\bcfilter.sys [] S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [] S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [] S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [] S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 46944] S3 CoachVc;Coach Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 44256] S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder Mobile Phone Edition\SysInfo.sys [] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2008-09-22 43520] S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 gwiopm;gwiopm; C:\WINDOWS\system32\drivers\gwiopm.sys [] S3 HF30Kbd;HF30Kbd; C:\WINDOWS\system32\drivers\HF30Kbd.sys [] S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-01-21 26248] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [] S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 mrlgmrye;mrlgmrye; \??\C:\WINDOWS\system32\0248.tmp [] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000] S3 pascczn;pascczn; \??\C:\WINDOWS\system32\0590.tmp [] S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-02 5888] S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\WNt500x86\Sandra.sys [] S3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [] S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [] S3 viafilter;VIA USB Filter; C:\WINDOWS\System32\Drivers\viausb1.sys [2001-09-19 9728] S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2006-02-09 248704] S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [] S3 vncmirror;vncmirror; C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2008-06-12 4608] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 ZSMC0305;VIMICRO USB PC Camera V; C:\WINDOWS\System32\Drivers\usbVM305.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089] R2 InstallShield Licensing Service;InstallShield Licensing Service; C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe [2009-01-15 85184] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812] R2 pvmwinser;pvmwinser; C:\WINDOWS\system32\pvmser.exe [2007-06-21 86016] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZONELABS\vsmon.exe [2009-02-15 2402184] S2 zqlcsz.REN;Support Universal; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 LPDSVC;Serveur d'impression TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-02 19456] S3 POMZBVVILXRL;POMZBVVILXRL; C:\Temp\POMZBVVILXRL.exe [] S3 W3SVC;Publication World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872] S3 WGDTMUGZL;WGDTMUGZL; C:\Temp\WGDTMUGZL.exe [2009-06-06 478080] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-02 655624] S4 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S4 gupdate1c9b70973ff494e;Google Update Service (gupdate1c9b70973ff494e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-06 133104] S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-09 138168] S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S4 IISADMIN;Administration IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872] S4 maconfservice;maconfservice; C:\Program Files\ma-config.com\maconfservice.exe [2008-05-14 576680] S4 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe [] S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464] S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2008-02-28 529704] S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S4 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S4 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656] S4 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048] S4 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2009-01-05 52224] S4 Second Backup Service;Second Backup Service; C:\Program Files\Second Backup\SecondBackup.exe [2009-01-20 1744896] S4 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872] S4 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-12-05 362240] S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2008-12-05 603904] S4 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] -----------------EOF----------------- Contenu d'infos.txt : info.txt logfile of random's system information tool 1.06 2009-06-06 23:53:00 ======Uninstall list====== Site Map Maker 1.4-->C:\WINDOWS\system32\ss2uinst.exe "C:\Program Files\Site Map Maker\ss2uinst.dat" -->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Program Files\ProgDVB\uninstall.exe -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} A1 Keyword Research-->"C:\Program Files\Micro-Sys Software\Keyword\unins000.exe" A1 Sitemap Generator-->"C:\Program Files\Sitemap\unins000.exe" AAA Logo 2008 2.10-->"C:\Program Files\AAALOGO2008\unins000.exe" ABBYY FineReader 8.0 Professional Edition-->MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07} ACDSee Pro 2.5-->MsiExec.exe /I{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4} Ad-Aware SE Personal-->C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG Adult Online TV Player 2009 1.00-->C:\Program Files\Adult Online TV Player 2009\Uninstall.exe Advanced eLearning Builder 3.6.4-->"C:\Program Files\Advanced eLearning Builder\unins000.exe" Agama Web Buttons-->"C:\Program Files\Agama Web Buttons\unins000.exe" Agama Web Menus-->"C:\Program Files\Agama Web Menus\unins000.exe" AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe" Aleo Flash Intro Banner Maker 2.6.106-->"C:\Program Files\Aleo Software\Flash Intro and Banner Maker\unins000.exe" Alligator Flash Designer 7 (7.0.7) Trial-->C:\PROGRA~1\Selteco\ALLIGA~1\Setup.exe /remove Allok Video to FLV Converter 4.7.1202-->"C:\Program Files\Allok Video to FLV Converter\unins000.exe" AMS Photo Effects 1.67-->"C:\Program Files\AMS Photo Effects\unins000.exe" ANTONOV AN-26 FSX-->E:\Jeux\FSX\Désinstaller ANTONOV AN-26 FSX.exe Ap PDF to HTML-->"C:\Program Files\PDF to HTML\unins000.exe" Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Applet Effects Factory-->C:\APPLET~1\UNWISE.EXE C:\APPLET~1\INSTALL.LOG Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml" Arles Image Web Page Creator 7.1-->"C:\Program Files\Arles Image Web Page Creator\unins000.exe" ASF-AVI-RM-WMV Repair 1.82-->"C:\Program Files\ASF-AVI-RM-WMV Repair\unins000.exe" Astro-->C:\Program Files\Astro\astrouninst.exe AutoRun Pro version 3.0-->"C:\Program Files\Longtion\AutoRunPro\unins000.exe" Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0009 -removeonly AVI/MPEG/RM/WMV Joiner 4.82-->"C:\Program Files\AVI MPEG RM WMV Joiner\unins000.exe" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" AVS Video Tools 5.3-->"C:\Program Files\AVSMedia\VideoTools\unins000.exe" Banner Maker Pro Version 7-->"C:\Program Files\Banner Maker Pro 7\unins000.exe" Belarc Advisor 7.2-->C:\PROGRA~1\BELARC\ADVISOR\Uninstall.exe C:\PROGRA~1\BELARC\ADVISOR\INSTALL.LOG bioVirtual 3DMeNow-->"C:\Program Files\bioVirtual\3DMeNow\unins000.exe" Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} BusinessCardsMX 3.92-->"C:\Program Files\BusinessCardsMX3\unins000.exe" Camtasia Studio 6-->MsiExec.exe /I{49253DE2-FC99-4BE3-99A4-DAB01A8E6088} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} ChangeMoney-->MsiExec.exe /I{7B386C98-6FA4-4498-8E00-D19B2A42B7CF} Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Classic Menu 3.9x for Office 2007-->"C:\Program Files\Classic Menu for Office\unins000.exe" Cleanerzoomer 3.7-->"C:\Program Files\Cleanerzoomer\Uninstall.exe" "C:\Program Files\Cleanerzoomer\install.log" CloneDVD 3.9-->"C:\Program Files\CloneDVD\unins000.exe" CodecInstaller 2.6.2-->C:\Program Files\CodecInstaller\uninst.exe CoffeeCup Flash Menu Builder-->C:\PROGRA~1\COFFEE~1\COFFEE~4\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~4\INSTALL.LOG CoffeeCup Flash Photo Gallery - Registered-->C:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOG CoffeeCup GIF Animator-->C:\PROGRA~1\COFFEE~1\GIFANI~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\GIFANI~1\GAinst.LOG CoffeeCup Google SiteMapper-->C:\PROGRA~1\COFFEE~1\COF6DF~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COF6DF~1\SITEMA~1.LOG CoffeeCup Visual Site Designer-->C:\WINDOWS\CoffeeCup Visual Site Designer Uninstaller.exe CoffeeCup Web Calendar-->C:\PROGRA~1\COFFEE~1\CO7336~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO7336~1\INSTALL.LOG CoffeeCup Web Form Builder - Registered-->C:\PROGRA~1\COFFEE~1\CO4208~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO4208~1\INSTALL.LOG CoffeeCup Web Video Player - Registered-->C:\PROGRA~1\COFFEE~1\COAEA2~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COAEA2~1\INSTALL.LOG CoffeeCup WebCam 3.5-->C:\PROGRA~1\COFFEE~1\WEBCAM~1.5\UNWISE.EXE C:\PROGRA~1\COFFEE~1\WEBCAM~1.5\INSTALL.LOG CommentCaMarche 2.0.6-->"C:\Program Files\CommentCaMarche\unins000.exe" ConvertHelper 2.1-->"C:\Program Files\ConvertHelper\unins000.exe" Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3} Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" CVitae 2.1.1-->"C:\Program Files\CVitae\uninstall.exe" CyD WEB Calendar Creator-->C:\Program Files\WEB Calendar Creator\Install.exe u Debugging Tools for Windows-->MsiExec.exe /I{5C741A01-05D6-4306-BA6A-DC8401285AE8} DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER DivX Player-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Player\uninstal.log DivXLand Media Subtitler-->C:\WINDOWS\unvise32.exe C:\Program Files\DivXLand\Media Subtitler\uninstal.log DMi 1.6.9-->"C:\Program Files\DMi\unins000.exe" Double Drive-->"C:\Program Files\Double Driver\unins000.exe" Drive Rescue 1.9-->"C:\Program Files\Drive Rescue\unins000.exe" Driver Magician 3.32-->"C:\Program Files\Driver Magician\unins000.exe" DriverAgent by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove Easy Website Pro 4-->C:\Program Files\Easy Website Pro 4\Uninstall.exe EasyPHP 1.8-->"C:\Program Files\EasyPHP1-8\unins000.exe" e-Campaign-->C:\PROGRA~1\E-CAMP~1\UNWISE.EXE C:\PROGRA~1\E-CAMP~1\INSTALL.LOG eComm PRO-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TRELLIAN\eComm PRO\Uninst.isu" Egyptoid-->"C:\Program Files\Egyptoid\unins000.exe" EmEditor Professional (English)-->MsiExec.exe /I{102DE03E-CFCE-47F5-A1CC-C9F5F4CBA888} eMule-->"C:\Program Files\eMule\Uninstall.exe" encodeur Real Video Producer-->C:\Program Files\Ripp-it_AM\PRODUCER_Uninstal.exe ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6} ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A} ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A} ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765} ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34} ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589} essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F} EVEREST Home Edition v2.20-->"C:\Program Files\Everest\unins000.exe" EximiousSoft GIF Creator V5.60-->"C:\Program Files\GifCreator\unins000.exe" EzGenerator Trial 2.8-->C:\Program Files\EzGenerator28\uninst.exe ffdshow [rev 2676] [2009-02-11]-->"C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.exe" FileZilla Client 3.2.4.1-->C:\Program Files\FileZilla Client\uninstall.exe Flash Effect Maker Pro v4.0 Full (578 Templates/Unicode UTF8)-->"C:\Program Files\Flash Effect Maker\unins000.exe" Flash Menu Factory-->"C:\WINDOWS\Flash Menu Factory\uninstall.exe" "/U:C:\Program Files\Flash Menu Factory\Uninstall\uninstall.xml" Flash Menu Labs Pro v2-->"C:\Program Files\Flash Menu Labs Pro v2\unins000.exe" Flash Optimizer 2-->"C:\Program Files\Flash Optimizer 2\unins000.exe" FLV Player-->C:\Program Files\FLV Player2\uninstall.exe FlvRecorder-->"C:\Program Files\FlvRecorder\unins000.exe" Focus Photoeditor 5-->"C:\Program Files\NWSoftware\Focus Photoeditor 5\unins000.exe" Folderico 3.7.2-->C:\Program Files\Folderico\uninst.exe Foxit PDF Editor-->C:\Program Files\Foxit Software\PDF Editor\uninstall.exe Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe Free Folder Hider 10.7-->"C:\Program Files\FreeFolderHider\unins000.exe" Free Video Dub version 1.4-->"C:\Program Files\Free Video Dub\unins000.exe" French language for ABBYY FineReader 8.0 Professional Edition-->MsiExec.exe /X{93F25E80-52AA-4B91-BE8A-56F940D8B7F8} FreshUI-->"C:\Program Files\FreshDevices\FreshUI\unins000.exe" Frotv-->MsiExec.exe /I{64C87E9E-824E-4030-96B4-486237984D00} FSNavigator-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F76FF6D-B992-4FD9-8686-F09F868B2C58}\Setup.exe" -l0x9 Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF} GMail Drive Shell Extension-->rundll32.exe C:\WINDOWS\system32\ShellExt\GMailFS.dll,Uninstall C:\WINDOWS\system32\ShellExt\GMailFS.inf GoodSync-->"C:\Program Files\Siber Systems\GoodSync\uninstall.exe" Google Earth Pro-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x9 -removeonly Google Talk Plugin-->MsiExec.exe /I{5012BC0C-7E1A-329A-8F02-B6846070C5F8} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} GreenBox 1.0-->"C:\Program Files\Studio V5\GreenBox\unins000.exe" GSpot 2.21 Fr-->"C:\Program Files\GSpot221\unins000.exe" Helexis Site Publisher-->"C:\Program Files\Site Publisher v2\uninstall.exe" Help & Manual 4.5-->"C:\Program Files\HelpandManual4\unins000.exe" Help Workshop-->C:\Program Files\Help Workshop\_instpgm.exe /U Hex Workshop v5.1-->MsiExec.exe /I{54A55DF7-BCC0-4C98-84AB-01CDA57687C7} Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF} HijackThis 2.0.2-->"C:\Program Files\HijackThis\HijackThis.exe" /uninstall HoverIP v1.0 beta-->"C:\Program Files\HoverIP\unins000.exe" HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9 HTML Code Library 1.6.0.48-->"C:\Program Files\HTML Code Library\unins000.exe" HTML Email Creator 2.1 build 659-->C:\Program Files\HTML Email Creator\uninst.exe HTML Help Workshop-->C:\Program Files\HTML Help Workshop\setup.exe Uninstall HTML Password Lock 3.4-->"C:\Program Files\HTML Password Lock\unins000.exe" Html To Image 2.0-->"C:\Program Files\Html To Image\unins000.exe" Htpasswd Generator 3.0-->"C:\Program Files\Htpasswd Generator\unins000.exe" IBP 10.0.3-->"C:\Program Files\IBP 10\unins000.exe" Image Grabber II-->"C:\Program Files\Image Grabber II\uninstall.exe" Infiltrations MG-->C:\Program Files\InfiltrationsMG\Uninstal.exe Install Creator Pro-->C:\Program Files\Install Creator Pro\Uninstal.exe Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D} Instant Photo Artist 2.0-->C:\Program Files\Instant Photo Artist 2\Uninstall.exe IP Changer 2.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IP Changer 2.0\Uninst.isu" IsoBuster 1.9.1-->"C:\Program Files\IsoBuster\Uninst\unins000.exe" iSpring Pro 3.1.0-->"C:\Program Files\iSpring Pro 3\unins000.exe" J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} kBilling Invoicing Software-->"C:\Program Files\kBilling\unins000.exe" KeyEditor-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\KeyEditor\Uninst.isu" Kill Process 5.0.0.5 (désinstaller seulement)-->"C:\Program Files\Kill Process\uninstall.exe" K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" L&H TTS3000 British English-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf Language pack for Ad-Aware SE-->C:\PROGRA~1\LAVASOFT\AD-AWA~1\PLUGINS\LANGS\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\PLUGINS\LANGS\INSTALL.LOG Lara Croft Tomb Raider : L’Ange des Ténèbres-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{93656878-FF8B-4935-99BB-F3F260037C57} Lauyan TOWeb-->"C:\Program Files\Lauyan\TOWeb V1\unins000.exe" Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Life Photo Maker-->"C:\Program Files\LifePhotoMaker\Uninstall.exe" Likno Web Button Maker-->C:\PROGRA~1\LIKNOW~1\UNWISE.EXE C:\PROGRA~1\LIKNOW~1\INSTALL.LOG LimeWire 4.14.10-->"C:\Program Files\LimeWire\uninstall.exe" LingvoSoft Talking Dictionary 2006 (French<->Arabic) for Windows-->C:\PROGRA~1\LINGVO~1\LINGVO~1\UNWISE.EXE C:\PROGRA~1\LINGVO~1\LINGVO~1\INSTALL.LOG Lizardtech DjVu Control-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x40c Lynx 2.8.5rel.1-->"C:\Program Files\lynx\unins000.exe" Ma-Config.com-->MsiExec.exe /X{35CB235F-6E2B-4F20-9739-51E0ED3D8093} Magic Image Resizer 1.5 (remove only)-->"C:\Program Files\Magic Image Resizer\uninst.exe" Magic Morph 1.95b-->"C:\Program Files\Magic Morph\unins000.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA} MediaCoder Mobile Phone Edition-->C:\Program Files\MediaCoder Mobile Phone Edition\uninst.exe Memory Release Master v5.0.0.1-->"C:\Program Files\Memory Release Master\unins000.exe" Meracl ImageMap Generator v3.5.3-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\ImageMap Generator\ST6UNST.LOG" MetaProducts Flash and Media Capture 1.3-->MsiExec.exe /X{045F98F0-C980-4B32-BA23-529843557B2B} Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940} Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft Expression Web MUI (English)-->MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE} Microsoft Expression Web Service Pack 1 (SP1)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {9037FDA8-8383-4B6F-859D-D49C3C625225} Microsoft Expression Web Service Pack 1 (SP1)-->msiexec /package {90120000-0026-0409-0000-0000000FF1CE} /uninstall {DA3B8FC6-8B1D-447A-A5EE-B226DCC10662} Microsoft Expression Web-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL Microsoft Expression Web-->MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE} Microsoft Flight Simulator X-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server Compact 3.5 Design Tools FRA-->MsiExec.exe /X{043ECF7B-4724-4F7B-8A9D-BC22719E95F7} Microsoft SQL Server Database Publishing Wizard 1.1-->MsiExec.exe /X{8C6EE0B4-650F-452E-B9C2-882A72227B19} Microsoft SQL Server Native Client-->MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Visual Basic 2008 Express - Français-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - FRA\setup.exe Microsoft Visual Basic 2008 Express Edition - FRA-->MsiExec.exe /X{ACC61C04-48C5-3F6F-977B-AD33E94E5F40} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{AB47EEE8-507B-331F-AA28-B7C7257F014C} Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06} MightyFax-->C:\PROGRA~1\MIGHTY~1\UNWISE.EXE C:\PROGRA~1\MIGHTY~1\INSTALL.LOG Minilyrics(remove only)-->"C:\Program Files\Minilyrics\uninst-ml.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" MKVtoolnix 2.1.0-->C:\Program Files\MKVtoolnix\uninst.exe Module linguistique Microsoft .NET Framework 3.5 - fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe Momindum Studio - version 1.2.1r349-->"C:\Program Files\Momindum Studio\unins000.exe" MorphBuster-->MsiExec.exe /I{79EB9E06-7239-42B2-A638-1F21E5DDF08C} Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mpeg2Decoder 1.3-->"C:\Program Files\Mpeg2Decoder\unins000.exe" MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} My Life Poster Maker-->C:\Program Files\MyLifePosterMaker\uninstal.exe myFMbutler DoScript-->MsiExec.exe /I{34E0A308-C4F6-4091-B87E-CAC06727CE12} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1} Neuro-Programmer Professional 2.4.2-->"C:\Program Files\Neuro-Programmer 2 Professional\unins000.exe" nLite 1.4.9-->"C:\Program Files\nLite\unins001.exe" Nullsoft Install System-->"C:\Program Files\NSIS\uninst-nsis.exe" Numedia CD-DVD writing as non-admin user-->MsiExec.exe /X{94056AE8-EF0F-45E4-A1B4-D754115F8A28} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45} OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U OpenDNS Updater 1.3.0.180-->"C:\Program Files\OpenDNS Updater\Uninstall.exe" OpenSSL 0.9.8e Light-->"C:\Program Files\OpenSSL\unins000.exe" Ophta 2006-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E29710E-710C-4FAB-95DA-7290FAF0E937}\setup.exe" -l0x40c -removeonly OpticPro ST12-->C:\PROGRA~1\ScannerU\UNINSTAL\SETUP.EXE Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Pack PSP - Ri4m - v1.0a-->C:\Program Files\Ripp-it_AM\dlls\Uninstal.exe Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf Panorado 3.3-->"C:\Program Files\Panorado\Panorado.exe" -UnregServer -UI Partition Suite-->MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0} Pass4Side FM0-303 Ver Demo-->C:\Program Files\Pass4Side\FM0-303\uninst.exe Passware Kit Enterprise 8.3-->C:\Program Files\Passware\un-kit_ent.exe PayPal Shop Builder 1.5.1-->C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\PAYPALSB15.LOG PC Sync Manager-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\PC Sync Manager\Uninst.isu" PCI Audio Driver-->cmuninst.exe PDF Creator Plus 4.0-->MsiExec.exe /I{49D56762-52DA-4350-9420-97BACA9D7D62} PDF Image Extraction Wizard 1.2-->"C:\Program Files\PDF Image Extraction Wizard 1.2\unins000.exe" PhotoImpact X3-->C:\Program Files\InstallShield Installation Information\{15803703-25FA-4C01-A062-3F4A59937E87}\setup.exe -runfromtemp -l0x0409 Picture Merge Genius 2.2-->"C:\Program Files\Picture Merge Genius\unins000.exe" Portrait Professional Max 6.3-->"C:\Program Files\Portrait Professional Max 6\unins000.exe" Power Video Converter 1.5.47-->"C:\Program Files\Power Video Converter\unins000.exe" PowerISO-->"C:\Program Files\PowerISO\uninstall.exe" PPTminimizer-->"C:\Program Files\PPTminimizer\unins000.exe" Private Pix -->C:\Program Files\Privp\privp.exe /u Product Key Explorer 2.0.2-->"C:\Program Files\ProductKeyExplorer\unins000.exe" Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727} ProxyShell Hide IP 2.2.0-->"C:\Program Files\ProxyShell\ProxyShell Hide IP\unins000.exe" PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe" PureImage NR 1.7-->"C:\Program Files\PureImage\unins000.exe" Quick View Plus-->C:\WINDOWS\UNINSQVP.EXE QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328} RAR Password Recovery v1.1 RC16 (remove only)-->C:\Program Files\Rar Password Recovery\uninstall.exe RealDraw Pro v4.0.17.1-->"C:\Program Files\RealDrawPRO4\Uninstall\unins000.exe" RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Registry Easy v4.8-->"C:\Program Files\Registry Easy\unins000.exe" Ri4m v5.0.1d-->C:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe Ripp-It Codec Pack v 4.2.6-->C:\Program Files\Ripp-It Codec Pack\uninst.exe Riva FLV Encoder 2.0-->"C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe" RoadRash-->C:\WINDOWS\unin040c.exe -fe:\jeux\roadrash\DeIsL1.isu SAGEM F@st 3302-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4A975AC1-1E5B-43B7-B42B-6E617B39C936}\setup.exe" -l0x40c Sandboxie 3.34-->"C:\WINDOWS\Installer\SandboxieInstall.exe" /remove Sarmsoft Resume Builder-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{748D56F4-F3B5-4A9C-BCEF-5D4CD33C87E5} /l1036 Second Backup 9.8.15-->C:\WINDOWS\iun6002.exe "C:\Program Files\Second Backup\irunin.ini" Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Serials 2000 8.1 SR-2 by Kostolomac.TK-->MsiExec.exe /X{07B3E0EC-E746-4D97-A7A5-65CB10592E8D} Shareaza 2.4.0.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe" SHARM 2.4-->"C:\Program Files\SHARM 2.4\unins000.exe" SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237} ShopFactory V7 Gold-->"C:\Program Files\ShopFactory V7\unins000.exe" Simple VIVO Player-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Vivoplayer\ST6UNST.LOG" Site Studio-->MsiExec.exe /X{53145EBA-86F8-4FAE-A9CB-43EA6633A116} skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210} Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SnagIt 9-->MsiExec.exe /I{ADDD6985-3A28-44D0-A1BA-FDD19A820491} SolSuite 2007 v7.7-->"E:\Jeux\SolSuite\unins000.exe" Sothink DHTML Menu 8-->"C:\Program Files\SourceTec\Sothink DHTML Menu 8\unins000.exe" Source Code Library 1.8.5.314-->"C:\Program Files\Source Code Library\unins000.exe" Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins001.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe" Sqirlz Water Reflections-->C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2} Stereogram magician (V3.21)-->"C:\Program Files\Stereogram magician\unins000.exe" StudioLine Web-->C:\Program Files\StudioLine Web\SLUninst.exe SubMagic V0.65-->"C:\Program Files\SubMagic\unins000.exe" Supaplex 3000-->"E:\Jeux\Supaplex 3000\unins000.exe" Super Video Splitter 5.7.4-->"C:\Program Files\Super Video Splitter\unins000.exe" Sweet Home 3D version 1.4-->"C:\Program Files\Sweet Home 3D\unins000.exe" SWF & FLV Toolbox 3.5 (build 3.5.22.310)-->"C:\Program Files\Eltima Software\SWF & FLV Toolbox\unins000.exe" SWF Decompiler Magic 5.0.1.3557-->"C:\Program Files\SWF Decompiler Magic\unins000.exe" SWFMenu-->C:\PROGRA~1\SWFMENU\UNWISE.EXE C:\PROGRA~1\SWFMENU\INSTALL.LOG SWiSH Max2-->C:\WINDOWS\unvise32.exe C:\Program Files\SWiSH Max2\uninstal.log System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe The Flash Ad Creator v2.5-->C:\WINDOWS\unvise32.exe C:\Program Files\uninstal.log The Flash Ad Creator-->C:\WINDOWS\unvise32.exe C:\Program Files\The Flash Ad Creator\uninstal.log Tom A330-200 FSX-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{8E326~1\Setup.exe /remove /q0 Tomb Raider - The Last Revelation-->C:\WINDOWS\IsUninst.exe -f"e:\jeux\Tomb Raider - The Last Revelation\Uninst.isu" Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe TreeSize Professional 5.1.2-->"C:\Program Files\TreeSize Professional\Uninstall\unins000.exe" TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357} Turbo ZIP Cracker v. 1.3-->"C:\Program Files\FDRLab\Turbo ZIP Cracker\unins000.exe" TVUPlayer 2.3.5.4-->C:\Program Files\TVUPlayer\uninst.exe Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta" Ulead GIF Animator 5 ESD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe" Ultra PPT To HTML Converter 2.0-->"C:\Program Files\Ultra PPT To HTML Converter\unins000.exe" Ultra Video Joiner 4.8.0411-->"C:\Program Files\Ultra Video Joiner\unins000.exe" Uninstall 1.0.0.1-->"C:\Program Files\Fichiers communs\DVDVideoSoft\unins000.exe" Uninstall Website Layout Maker-->"C:\Program Files\Website Layout Maker\uninstall.exe" Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D} VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE} VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6} VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VIA Platform Device Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA VIA/S3G Display Driver 6.14.10.0331-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns VIA/S3G Display Driver-->C:\PROGRA~1\VIA\UChromeP\s3minset.exe /u C:\PROGRA~1\VIA\UChromeP\UChromeP.uns Video Converter 3-->C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe Video Edit Magic 4.3-->"C:\Program Files\Deskshare\Video Edit Magic 4.3\unins000.exe" Video Snapshots Genius 2.3.1-->"C:\Program Files\Video Snapshots Genius\unins000.exe" VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe Virtual Plastic Surgery Software - VPSS v1.0-->"C:\Program Files\VPSS\unins000.exe" Virus Effect Remover 2.8-->C:\Program Files\VirusSecureLab\Virus Effect Remover\Uninstall.exe VisualSubSync (remove only)-->"C:\Program Files\VisualSubSync\VisualSubSync-uninstall.exe" VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370} VSO Image Resizer 1.3.4-->"C:\Program Files\VSO\Image Resizer\unins000.exe" Vtune 4.6-->"C:\Program Files\Vtune\unins000.exe" Weather Clock 3.1-->"C:\Program Files\Weather Clock\unins000.exe" Web Gallery Builder version 1.87-->"C:\Program Files\Web Gallery Builder\unins000.exe" Web Gallery Wizard PRO 1.5.3113.1-->"C:\Program Files\Web Gallery Wizard PRO\unins000.exe" Web Page Maker V2.5-->"C:\Program Files\Web Page Maker V2\unins000.exe" Web Page Maker V3.12-->"C:\Program Files\Web Page Maker\unins000.exe" Web Palette Pro-->MsiExec.exe /I{8B9806E6-BBB6-40B4-A5B6-848C132E3460} Webcam Video Capture 1.9.41-->"C:\Program Files\Webcam Video Capture\unins000.exe" Website Submitter 2.2-->"C:\Program Files\Submit Suite\Website Submitter\unins000.exe" WhoCrashed 1.01-->"C:\Program Files\WhoCrashed\unins000.exe" Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52} Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657} Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C} Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E} Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D} Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinFuture xp-Iso-Builder 3.0.7-->"C:\Program Files\xp-Iso-Builder\unins000.exe" WinPcap 4.0-->C:\Program Files\WinPcap\uninstall.exe WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe WinUHA 2.0 RC1 (2005.02.27)-->"C:\Program Files\WinUHA\unins000.exe" WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall Wondershare Flash Slideshow Builder Giveaway Edition (4.6.0)-->"C:\Program Files\Wondershare\Flash Slideshow Builder\unins000.exe" WYSIWYG Web Builder 5.0 -->C:\WINDOWS\iun6002.exe "C:\Program Files\WYSIWYG Web Builder 5\irunin.ini" Xenu's Link Sleuth-->"C:\Program Files\Xenu\unins000.exe" XP Repair Pro 2007-->MsiExec.exe /X{7D5EDF94-4A58-4C53-A07A-1E4B535307D5} XTNDConnect PC-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D6ACBBB-A640-4715-BA0F-42D1EA05F23A}\Setup.exe" UNINSTALL yBook-->"C:\Program Files\yBook\unins000.exe" yWriter2-->"C:\Program Files\yWriter2\unins000.exe" ZoneAlarm Pro-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe =====HijackThis Backups===== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= wellcome khaled-3hp =~-. [2009-06-05] O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) [2009-06-05] O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [2009-06-05] O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll [2009-06-05] O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Aziz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [2009-06-06] ======Hosts File====== 127.0.0.1 localhost ======Security center information====== AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic (disabled) AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic (disabled) AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: AntiVir Desktop (disabled) AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic (disabled) AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic (disabled) AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic AV: Avira AntiVir PersonalEdition Classic FW: ZoneAlarm Pro Firewall ======System event log====== Computer Name: XXXXXX Event Code: 1003 Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 00194B88B63B. Il s'est produit l'erreur suivante : L'opération a été annulée par l'utilisateur. . Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP). Record Number: 81406 Source Name: Dhcp Time Written: 20090523080400.000000+060 Event Type: warning User: Computer Name: XXXXXX Event Code: 7026 Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : StarOpen Record Number: 81405 Source Name: Service Control Manager Time Written: 20090523080400.000000+060 Event Type: error User: Computer Name: XXXXXX Event Code: 7000 Message: Le service HF30Sys n'a pas pu démarrer en raison de l'erreur : Le fichier spécifié est introuvable. Record Number: 81404 Source Name: Service Control Manager Time Written: 20090523080356.000000+060 Event Type: error User: Computer Name: XXXXXX Event Code: 7000 Message: Le service General Purpose USB Driver (adildr.sys) n'a pas pu démarrer en raison de l'erreur : Le fichier spécifié est introuvable. Record Number: 81403 Source Name: Service Control Manager Time Written: 20090523080356.000000+060 Event Type: error User: Computer Name: XXXXXX Event Code: 10005 Message: DCOM a reçu l'erreur "%1058" lors de la mise en route du service upnphost avec les arguments "" pour démarrer le serveur : {204810B9-73B2-11D4-BF42-00B0D0118B56} Record Number: 81372 Source Name: DCOM Time Written: 20090523030011.000000+060 Event Type: error User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: XXXXXX Event Code: 20 Message: Record Number: 7590 Source Name: Google Update Time Written: 20090516142702.000000+060 Event Type: error User: AUTORITE NT\SYSTEM Computer Name: XXXXXX Event Code: 20 Message: Record Number: 7589 Source Name: Google Update Time Written: 20090516132703.000000+060 Event Type: error User: AUTORITE NT\SYSTEM Computer Name: XXXXXX Event Code: 20 Message: Record Number: 7588 Source Name: Google Update Time Written: 20090516122702.000000+060 Event Type: error User: AUTORITE NT\SYSTEM Computer Name: XXXXXX Event Code: 20 Message: Record Number: 7587 Source Name: Google Update Time Written: 20090516112704.000000+060 Event Type: error User: AUTORITE NT\SYSTEM Computer Name: XXXXXX Event Code: 4691 Message: L'environnement d'exécution n'a pas pu initialiser les transactions nécessaires pour la gestion des composants transactionnels. Assurez-vous que MS-DTC est en cours d'exécution. (DtcGetTransactionManagerEx(): hr = 0x8004d01b) Record Number: 7585 Source Name: COM+ Time Written: 20090516111601.000000+060 Event Type: error User: ======Environment variables====== ".NET_Framework"=C:\Windows\Microsoft.NET\Framework\v2.0.50727 "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "MOMINDUM_STUDIO_ALL_USERS_PROFILE"=C:\Documents and Settings\All Users\Application Data\Momindum Studio "MOMINDUM_STUDIO_HOME"=C:\Program Files\Momindum Studio "NUMBER_OF_PROCESSORS"=2 "OPENSSL_CONF"=C:\Program Files\OpenSSL\bin\openssl.cnf "OS"=Windows_NT "Path"=C:\Program Files\FileMaker\FileMaker Server\Web Publishing\publishing-engine\php;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ESTsoft\ALZip\;C:\Program Files\DataDirect\slodbc54\;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel "PROCESSOR_LEVEL"=15 "PROCESSOR_REVISION"=0401 "TEMP"=C:\TEMP "TMP"=C:\TEMP "windir"=%SystemRoot% "tvdumpflags"=8 -----------------EOF----------------- Merci Apollo pour le lien, çà marche !!
  14. aziouz
    Je ne peux malheureusement pas télécharger RSIT car 'malwareremoval.com' est également désactivé !!!! J'ai l'impression que tous les noms de sites avec, dans le nom de domaine virus, malwares, etc... sont désactivés. En plus de microsoft, avira, etc.. Merci pour l'aide.
  15. aziouz
    Bonsoir à tous, Depuis quelques jours j'ai un problème de crash fréquents (freeze de l'écran) nécessitant un reset et l'impossibilité d'acceder à windows update, à microsoft.com et aux sites éditeurs d'antivirus (avira, symantec, sophos, etc...). Le fichier hosts semble normal, je l'ai reconstitué quand même avec Hoster. Impossible de mettre à jour Malwarebytes (dernière maj 22/5/09). J'ai détecté hier et éliminé TR/Rootkit.Gen ainsi que WORM/IrcBot.6996727 mais les problèmes restent entiers. Comme Firewall, j'ai ZoneAlarm Pro. Cause probable de l'infection : une clé USB Merci pour l'aide
×
×
  • Créer...